SoylentNews is people
SoylentNews
After learning that one of its most prized hacking tools was stolen by a mysterious group calling itself the Shadow Brokers, National Security Agency officials warned Microsoft of the critical Windows vulnerability the tool exploited, according to a report published Tuesday by The Washington Post. The private disclosure led to a patch that was issued in March.
Those same NSA officials, according to Tuesday's report, failed to communicate the severity of the vulnerability to the outside world. A month after Microsoft released the patch, the Shadow Brokers published the attack code, code-named EternalBlue, that exploited the critical Windows vulnerability. A month after that, attackers used a modified version of EternalBlue to infect computers around the world with malware that blocked access to data. Within hours of the outbreak of the ransomware worm dubbed WCry, infected hospitals turned away patients; banks, telecommunications companies, and government agencies shut down computers.
"NSA identified a risk and communicated it to Microsoft, who put out an immediate patch," Mike McNerney, a former Pentagon cybersecurity official and a fellow at the Truman National Security Project, told The Washington Post. The problem, he said, is that no senior official took the step of shouting to the world: "This one is very serious, and we need to protect ourselves."
Source: ArsTechnica
(Score: 5, Insightful) by Runaway1956 on Sunday May 21 2017, @08:14PM (2 children)
NSA identifies a risk, and keeps it secret, until it's stolen, THEN they communicate the risk. Mikey makes it sound like they were being good citizens. Fuck you Mikey!!
(Score: 4, Insightful) by Lagg on Sunday May 21 2017, @09:37PM
Keep in mind that even the WP and Arse Technica aren't buying it. This is rather important and unusual compared to previous coverage of the NSA not all that long ago. Also I'm pretty sure people are having more trouble than they usually do with politicians' integrity these days. Too bad his cult isn't the elephant worshipping one. They'd take his attempt to PR even less seriously.
Right after his quote they still made it clear it was dangerous. One thing I take issue with though: It being treated as an NSA security issue rather than an ethical one for responsible reporting - that they simply need to "secure" the exploits more.
I also am getting very fucking tired of their constant comparisons to weapons. People are surely seeing what they're doing here by now. They need to knock it off.
http://lagg.me [lagg.me] 🗿
(Score: 2) by butthurt on Sunday May 21 2017, @10:19PM
> THEN they communicate the risk.
As Mr. McNerney says, the NSA told Microsoft but they didn't tell the public. As far as I know, the agency hasn't publicly acknowledged that the EternalBlue exploit, or anything released by the Shadow Brokers, was stolen from the NSA.