Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 16 submissions in the queue.
posted by on Monday April 17 2017, @04:01AM   Printer-friendly
from the security-through-no-one-getting-fired dept.

[UPDATED 2017-04-17] Ars Technica reports that Mysterious Microsoft patch killed 0days released by NSA-leaking Shadow Brokers — Microsoft fixed critical vulnerabilities in uncredited update released in March.:

Contrary to what Ars and the rest of the world reported Friday, none of the published exploits stolen from the National Security Agency work against currently supported Microsoft products. This is according to a Microsoft blog post published late Friday night.

That's because the critical vulnerabilities for four exploits previously believed to be zerodays were patched in March, exactly one month before a group called Shadow Brokers published Friday's latest installment of weapons-grade attacks. Those updates—which Microsoft indexes as MS17-010, CVE-2017-0146, and CVE-2017-0147—make no mention of the person or group who reported the vulnerabilities to Microsoft. The lack of credit isn't unprecedented, but it's uncommon, and it's generating speculation that the reporters were tied to the NSA. In a vaguely worded statement issued Friday, Microsoft seemed to say it had had no contact with NSA officials concerning any of the exploits contained in Friday's leak.

Original story follows:

The "Shadow Brokers" released files that purport to expose vulnerabilities in Windows and especially in Windows Server.

Numerous Windows hacking tools are also among the new batch of files the Shadow Brokers dumped Friday. In recent months, the mysterious group has been releasing hacking tools allegedly taken from the NSA, and security researchers say they actually work.

According to PCWorld, but there are plenty of other venues reporting on this.

The group behind the leak, the Shadow Brokers, didn't clearly explain why they dumped the files. But in addition to the documents, the hackers also released what appears to be an arsenal of Windows-based hacking tools -- some of which target previously unknown vulnerabilities.
"This isn't a data dump, this is a damn Microsoft apocalypse," tweeted a security researcher who goes by the name Hacker Fantastic.

Leaked NSA Malware Threatens Windows Users Around the World from the Intercept.

Ars Technica

El Reg And why are they "el Reg" They are Brexit, not Spanish?

And Network World, with a very nice picture of the Puzzle Palace.

I have always wondered what it would take. Maybe if Microsoft forcibly dragged a user off of it's platform. After this, however, that may not be necessary.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Insightful) by kaszz on Monday April 17 2017, @09:32AM (3 children)

    by kaszz (4211) on Monday April 17 2017, @09:32AM (#495185) Journal

    Could not detect bugs? The correct answer is that they don't give a shit because A) NSA pays them to keep them in place B) too cheap to ask their H1-B army to even bother.

    How does one train and drill big corporations to jump hoops? Hurt their income, hurt it hard.
    The only language fully understood.

    Starting Score:    1  point
    Moderation   +2  
       Insightful=1, Interesting=1, Total=2
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4  
  • (Score: 0) by Anonymous Coward on Monday April 17 2017, @11:35PM (2 children)

    by Anonymous Coward on Monday April 17 2017, @11:35PM (#495602)

    How does one train and drill big corporations to jump hoops? Hurt their income, hurt it hard.
    The only language fully understood.

    Sadly the usual response is that they just spend more $ on advertising, and even more sadly it usually works.

    • (Score: 2) by kaszz on Tuesday April 18 2017, @12:12AM (1 child)

      by kaszz (4211) on Tuesday April 18 2017, @12:12AM (#495615) Journal

      So you squeeze their profits even more. A large corporation needs a lot to flow smoothly to work.
      And of course one can always go nasty if needed.

      • (Score: 0) by Anonymous Coward on Tuesday April 18 2017, @06:51AM

        by Anonymous Coward on Tuesday April 18 2017, @06:51AM (#495722)

        I like your thinking and I wish it worked that way. Who is going to squeeze their profits? GoDaddy comes to mind... AFAIK they're doing well. They spend far far more $ on advertising than tech and tech workers. Horrible systems, admin, and code. Sadly often the $ decision makers are not the truly tech-savvy, but rather "business-types" who like to feel all cool and powerful and hip and snazzy keen and show their friends how they made these big decisions.