1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News WannaCry malware downs systems worldwide

Discussion in 'Article Discussion' started by Gareth Halfacree, 15 May 2017.

  1. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    10,133
    Likes Received:
    616
  2. Pookie

    Pookie So this is permanence, love's shattered pride.

    Joined:
    4 May 2010
    Posts:
    3,455
    Likes Received:
    116
    I'm sorry but the buck stops with Microsoft, they built the OS and it's their job to insure that it's secure. Maybe they need to invest in more time researching vulnerabilities rather than messing about with crappy stuff like Cortana.
     
  3. Mr_Mistoffelees

    Mr_Mistoffelees Nebuchadnezzar's fixit man.

    Joined:
    26 Aug 2014
    Posts:
    1,253
    Likes Received:
    61
    No it doesn't, Microsoft have made secure (against this vulnerability) OS software available to everyone who wants it. It is the end user's responsibility to update. It is not Microsoft's fault that much of the NHS and many other organisations, are still running a 16 year old OS.
     
  4. Broadwater06

    Broadwater06 Member

    Joined:
    10 Apr 2016
    Posts:
    199
    Likes Received:
    3
    But why should they keep supporting XP, they told us very clearly when the support end, they even extended the support more than any other Windows.
     
  5. tonyd223

    tonyd223 king of nothing

    Joined:
    12 Nov 2009
    Posts:
    388
    Likes Received:
    2
    Why didn't the NSA tell Microsoft? Because it was using the vulnerabilities for itself?
     
  6. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    10,133
    Likes Received:
    616
    Yes, exactly that. Which, incidentally, goes directly against the Vulnerability Equities Process (VEP) introduced by the Obama administration which requires all government agencies to share discovered vulnerabilities with vendors unless they can successfully argue for a temporary stay (such as "we're actively using this in an ongoing investigation which is due to wrap up on the 15th of November," rather than "we might need this in the future so we're keeping it to ourselves.")
     
  7. fix-the-spade

    fix-the-spade Well-Known Member

    Joined:
    4 Jul 2011
    Posts:
    2,814
    Likes Received:
    105
    So if Microsoft is officially blaming the NSA both for discovering the vulnerability, withholding knowledge from Microsoft of it and for failing to keep the information secure, where does this leave the rest of the world legally?

    I can see lawyers round the world rubbing their hands with glee at the thought of suing the US government. Hoarding security flaws to carry out (presumably) surveillance without warrants and/or outside of their jurisdiction and then allowing those security flaws to fall into the hands of organised crime. That could be quite the damages claim.
     
  8. MLyons

    MLyons Half dev, Half doge. Staff Administrator Super Moderator Moderator

    Joined:
    3 Mar 2017
    Posts:
    1,594
    Likes Received:
    351
    I'm curious who the blame would legally fall on if a death had been the result of this. Does it go to the person that started the attack, the NHS, the NSA or Microsoft. It also seems like the person(s) behind this didn't get that much of a pay day based on the amount seen going into the wallets.
     
  9. Corky42

    Corky42 What did walle eat for breakfast?

    Joined:
    30 Oct 2012
    Posts:
    8,237
    Likes Received:
    170
    INAL so I'm probably wrong but I'd say it lies with the NSA as they're the ones who discovered the vulnerability and did nothing to strengthen the worlds defenses against it.

    Frankly i find it ridiculous that when it comes to chemical, biological, radiological and nuclear weapons we have a plethora of international agreements governing there use but when it comes to 'cyber space' the rules seem so lax.

    We wouldn't allow a government agency to use anthrax or ebola for anything other than researching ways to defend against them but when it comes to vulnerabilities in software it seems fine to weaponise those.
     
  10. RedFlames

    RedFlames ...is not a Belgian football team

    Joined:
    23 Apr 2009
    Posts:
    9,009
    Likes Received:
    592
    And people wonder why MS forced automatic updates on everyone.
     
  11. N17 dizzi

    N17 dizzi Well-Known Member

    Joined:
    23 Mar 2011
    Posts:
    2,949
    Likes Received:
    273
    What repercussions will the NSA face? My guess would be none, except measures to keep the vulnerabilities the staff are employed to find more secure.
     
  12. Chicken76

    Chicken76 Member

    Joined:
    10 Nov 2009
    Posts:
    845
    Likes Received:
    20
    Is there a tool I can point at my machines to see which are vulnerable through the network?
     
  13. wolfticket

    wolfticket Downwind from the bloodhounds

    Joined:
    19 Apr 2008
    Posts:
    2,659
    Likes Received:
    120
    Air gap your backups people.
     
  14. DriftCarl

    DriftCarl Member

    Joined:
    2 Nov 2004
    Posts:
    589
    Likes Received:
    4
    Well the good news is I freed up loads of room on my virtual image backup server, since I could argue that it would be a pain to patch them all up and we dont really need them anymore, so they are deleted and I have now freed up a few TB of space :)
     
  15. Corky42

    Corky42 What did walle eat for breakfast?

    Joined:
    30 Oct 2012
    Posts:
    8,237
    Likes Received:
    170
    Not everyone, only home users really as most other versions allow the deference of updates.

    Oddly enough it seems home users were the least effected or probably the least reported.
     
  16. N17 dizzi

    N17 dizzi Well-Known Member

    Joined:
    23 Mar 2011
    Posts:
    2,949
    Likes Received:
    273
    You mean backups that are isolated from your system, or levitate them using high powered fans? I do both anyway, who doesn't.
     
  17. MLyons

    MLyons Half dev, Half doge. Staff Administrator Super Moderator Moderator

    Joined:
    3 Mar 2017
    Posts:
    1,594
    Likes Received:
    351
    I believe there is a script for nmap and a module for metasploit.
     
  18. MLyons

    MLyons Half dev, Half doge. Staff Administrator Super Moderator Moderator

    Joined:
    3 Mar 2017
    Posts:
    1,594
    Likes Received:
    351
    :worried:
     
  19. Anfield

    Anfield Well-Known Member

    Joined:
    15 Jan 2010
    Posts:
    3,381
    Likes Received:
    124
    http://www.nextpowerup.com/news/36028/the-shadow-brokers-claim-more-leaks-are-coming/
     
  20. supermuchurios

    supermuchurios Well-Known Member

    Joined:
    27 Dec 2013
    Posts:
    1,262
    Likes Received:
    26
    But Linux is a ballache to use and is not compatible with Planet Earth.
     

Share This Page