Stories
Slash Boxes
Comments

SoylentNews is people

posted by on Monday April 17 2017, @04:01AM   Printer-friendly [Skip to comment(s)]
from the security-through-no-one-getting-fired dept.

[UPDATED 2017-04-17] Ars Technica reports that Mysterious Microsoft patch killed 0days released by NSA-leaking Shadow Brokers — Microsoft fixed critical vulnerabilities in uncredited update released in March.:

Contrary to what Ars and the rest of the world reported Friday, none of the published exploits stolen from the National Security Agency work against currently supported Microsoft products. This is according to a Microsoft blog post published late Friday night.

That's because the critical vulnerabilities for four exploits previously believed to be zerodays were patched in March, exactly one month before a group called Shadow Brokers published Friday's latest installment of weapons-grade attacks. Those updates—which Microsoft indexes as MS17-010, CVE-2017-0146, and CVE-2017-0147—make no mention of the person or group who reported the vulnerabilities to Microsoft. The lack of credit isn't unprecedented, but it's uncommon, and it's generating speculation that the reporters were tied to the NSA. In a vaguely worded statement issued Friday, Microsoft seemed to say it had had no contact with NSA officials concerning any of the exploits contained in Friday's leak.

Original story follows:

The "Shadow Brokers" released files that purport to expose vulnerabilities in Windows and especially in Windows Server.

Numerous Windows hacking tools are also among the new batch of files the Shadow Brokers dumped Friday. In recent months, the mysterious group has been releasing hacking tools allegedly taken from the NSA, and security researchers say they actually work.

According to PCWorld, but there are plenty of other venues reporting on this.

The group behind the leak, the Shadow Brokers, didn't clearly explain why they dumped the files. But in addition to the documents, the hackers also released what appears to be an arsenal of Windows-based hacking tools -- some of which target previously unknown vulnerabilities.
"This isn't a data dump, this is a damn Microsoft apocalypse," tweeted a security researcher who goes by the name Hacker Fantastic.

Leaked NSA Malware Threatens Windows Users Around the World from the Intercept.

Ars Technica

El Reg And why are they "el Reg" They are Brexit, not Spanish?

And Network World, with a very nice picture of the Puzzle Palace.

I have always wondered what it would take. Maybe if Microsoft forcibly dragged a user off of it's platform. After this, however, that may not be necessary.


Original Submission

Related Stories

"Biggest Ransomware Attack in History" Hits Around 100 Countries, Disrupts UK's NHS 88 comments

NSA-created cyber tool spawns global ransomware attacks

From Politico via Edward Snowden via Vinay Gupta:

Leaked alleged NSA hacking tools appear to be behind a massive cyberattack disrupting hospitals and companies across Europe, Asia and the U.S., with Russia among the hardest-hit countries.

The unique malware causing the attacks - which has spread to tens of thousands of companies in 99 countries, according to the cyber firm Avast - have forced some hospitals to stop admitting new patients with serious medical conditions and driven other companies to shut down their networks, leaving valuable files unavailable.

The source of the world-wide digital assault seems to be a version of an apparent NSA-created hacking tool that was dumped online in April by a group calling itself the Shadow Brokers. The tool, a type of ransomware, locks up a company's networks and holds files and data hostage until a fee is paid. Researchers said the malware is exploiting a Microsoft software flaw.

Thoughts on a similar scenario were published by the Harvard Business Review two days before this incident.

One or more anti-virus companies may have been hacked prior to WannaCrypt infecting 75000 Microsoft Windows computers in 99 countries. First, anti-virus software like Avast fails to make HTTP connections. Second, five million of ransomware emails are rapidly sent. Although many centralized email servers were able to stem the onslaught, many instances of anti-virus software had outdated virus definitions and were defenseless against the attack. Indeed, successful attacks were above 1%. Of these, more than 1% have already paid the ransom. Although various governments have rules (or laws) against paying ransom, it is possible that ransoms have been paid to regain access to some systems.

Also, file scrambling ransomware has similarities to REAMDE by Neal Stephenson. Although the book is extremely badly written, its scenarios (offline and online) seem to come true with forceful regularity.

Further sources: BBC (and here), Russia Today, DailyFail, Telegraph, Guardian.

Telefónica reportedly affected. NHS failed to patch computers which affected US hospitals in 2016. 16 divisions of the UK's NHS taken offline with aid of NSA Fuzzbunch exploit. The fun of a public blockchain is that ransom payments of £415,000 have been confirmed. Cancellation of heart surgery confirmed. Doctors unable to check allergies or prescribe medication. Patient access to emergency treatment denied in part due to hospital telephone exchange being offline.

It also appears that one of the affected parties refused to answer a Freedom of Information request in Nov 2016 about cyber-security due to impact on crime detection. Similar parties provided responses to the same request.

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 0) by Anonymous Coward on Monday April 17 2017, @04:04AM (1 child)

    by Anonymous Coward on Monday April 17 2017, @04:04AM (#495095)

    I know Microsoft tried to dub it the Common Internet File System (CIFS), but nobody actually runs SMB over the public internet, right? SMB is best used as a LAN protocol behind a firewall.

    • (Score: 4, Interesting) by nobu_the_bard on Monday April 17 2017, @02:52PM

      by nobu_the_bard (6373) on Monday April 17 2017, @02:52PM (#495269)

      Go to https://www.shodan.io/ [shodan.io] and do a search for like "Canon Imagerunner"...

      People just throw everything.

      But a lot of the SMB stuff lately, has not been only on incoming connections, but also on outgoing. Needs careful firewalling both ways. Lot of people don't bother on the outgoing; it is more complicated to do too if you have multiple subnets.

  • (Score: 3, Informative) by Nerdfest on Monday April 17 2017, @04:14AM (7 children)

    by Nerdfest (80) on Monday April 17 2017, @04:14AM (#495098)

    I saw another story come in over my RSS feed Microsoft claims all of the exploits outed here have already been patched. Not sure I believe it, but there it is.

    • (Score: 3, Informative) by frojack on Monday April 17 2017, @04:34AM (5 children)

      by frojack (1554) Subscriber Badge on Monday April 17 2017, @04:34AM (#495104) Journal
      --
      No, you are mistaken. I've always had this sig.
      • (Score: 2) by aristarchus on Monday April 17 2017, @08:58AM (4 children)

        by aristarchus (2645) on Monday April 17 2017, @08:58AM (#495169) Journal

        Yep, froj, saw the same immediately after submitting, and considered submitting an update. But the Ars article raises more serious questions, like that the Shadow Brokers only released these 0day vulnerabilities because they were aware that Microsolft was aware, and had already patched? But this suggests that someone, aware of the holes, but not the Shadow Brokers, tipped Microsoft off about its holes? Well, obviously, since Micro$oft could never detect security flaws in it's own operating system. So, who, then?

        • (Score: 4, Insightful) by kaszz on Monday April 17 2017, @09:32AM (3 children)

          by kaszz (4211) on Monday April 17 2017, @09:32AM (#495185) Journal

          Could not detect bugs? The correct answer is that they don't give a shit because A) NSA pays them to keep them in place B) too cheap to ask their H1-B army to even bother.

          How does one train and drill big corporations to jump hoops? Hurt their income, hurt it hard.
          The only language fully understood.

          • (Score: 0) by Anonymous Coward on Monday April 17 2017, @11:35PM (2 children)

            by Anonymous Coward on Monday April 17 2017, @11:35PM (#495602)

            How does one train and drill big corporations to jump hoops? Hurt their income, hurt it hard.
            The only language fully understood.

            Sadly the usual response is that they just spend more $ on advertising, and even more sadly it usually works.

            • (Score: 2) by kaszz on Tuesday April 18 2017, @12:12AM (1 child)

              by kaszz (4211) on Tuesday April 18 2017, @12:12AM (#495615) Journal

              So you squeeze their profits even more. A large corporation needs a lot to flow smoothly to work.
              And of course one can always go nasty if needed.

              • (Score: 0) by Anonymous Coward on Tuesday April 18 2017, @06:51AM

                by Anonymous Coward on Tuesday April 18 2017, @06:51AM (#495722)

                I like your thinking and I wish it worked that way. Who is going to squeeze their profits? GoDaddy comes to mind... AFAIK they're doing well. They spend far far more $ on advertising than tech and tech workers. Horrible systems, admin, and code. Sadly often the $ decision makers are not the truly tech-savvy, but rather "business-types" who like to feel all cool and powerful and hip and snazzy keen and show their friends how they made these big decisions.

    • (Score: 3, Insightful) by kaszz on Monday April 17 2017, @04:59AM

      by kaszz (4211) on Monday April 17 2017, @04:59AM (#495117) Journal

      Just wait until all those embedded Windows meet the exploits. All too often implemented in expensive lab equipment needing a PC with a special Windows version. To top it of some of this stuff runs in hospitals.

  • (Score: 2, Touché) by Anonymous Coward on Monday April 17 2017, @04:23AM (2 children)

    by Anonymous Coward on Monday April 17 2017, @04:23AM (#495100)

    And why are the "el Reg" They are Brexit, not Spanish?

    You might as well ask why they're Vulture Central since they're not associated with the desert.

    • (Score: -1, Troll) by Ethanol-fueled on Monday April 17 2017, @04:29AM (1 child)

      by Ethanol-fueled (2792) on Monday April 17 2017, @04:29AM (#495102) Homepage

      You know what else is relevant? Blacks fighting in a Waffle House. [liveleak.com]

      • (Score: 0) by Anonymous Coward on Monday April 17 2017, @05:11AM

        by Anonymous Coward on Monday April 17 2017, @05:11AM (#495121)

        More like Pakistanis fighting in a curry house. The Register was ahead of its time when it adopted the image of the vulture biting the hand of IT since now the hand is dead and everything IT has been outsourced to India.

  • (Score: 5, Interesting) by edIII on Monday April 17 2017, @04:59AM (1 child)

    by edIII (791) on Monday April 17 2017, @04:59AM (#495118)

    Windows Servers have *always* been at risk. Always. Their locks are as good as the ignorance of their users about how their systems really work.

    I had a small business utterly terrified when their previous sysadmin when insane and locked them out before being fired. Owner was beside themselves thinking it would be impossible to get back in and their business was ruined. They were even more frightened when I unlocked it in less than 5 minutes and said I would send him the bill before heading off to dinner :) (SAM is so secure /s)

    My lessons came early on when I connected up a Windows NT server to the Internet and then watched how easily people could get into it, and just why a firewall was absolutely required. This was just about 20 years ago. Today a server could be owned before you're finished provisioning it if you don't have it protected.

    "Windows Servers At Risk"

    Bwahahahahahahahhhahahah *wipes away tears*, you don't say!

    --
    Technically, lunchtime is at any moment. It's just a wave function.
    • (Score: 3, Insightful) by epitaxial on Monday April 17 2017, @12:54PM

      by epitaxial (3165) on Monday April 17 2017, @12:54PM (#495223)

      What? You had physical access to the machine. Your statement applies to any OS. Let's not forget that like UNIX, Linux used to ship with tons of inetd services running. Finally OpenBSD killed that trend and Linux followed.

  • (Score: 2) by kaszz on Monday April 17 2017, @05:25AM (2 children)

    by kaszz (4211) on Monday April 17 2017, @05:25AM (#495126) Journal

    Once you install the Microsoft virus well.. what to expect?
    It's junk.

    • (Score: -1, Flamebait) by Anonymous Coward on Monday April 17 2017, @06:02AM (1 child)

      by Anonymous Coward on Monday April 17 2017, @06:02AM (#495133)

      I'll stick with Linux. Because I'm good enough, I'm smart enough, and dang it, the 1990s gonna last forever and ever. Linux is leet and always will be, mainstream never!

  • (Score: 1, Interesting) by Anonymous Coward on Monday April 17 2017, @03:40PM

    by Anonymous Coward on Monday April 17 2017, @03:40PM (#495295)

    What's worse than broken, unpatched Windows OS? "Fixes" of dubious origin and suspicious timing.

(1)