SoylentNews is people
SoylentNews
After learning that one of its most prized hacking tools was stolen by a mysterious group calling itself the Shadow Brokers, National Security Agency officials warned Microsoft of the critical Windows vulnerability the tool exploited, according to a report published Tuesday by The Washington Post. The private disclosure led to a patch that was issued in March.
Those same NSA officials, according to Tuesday's report, failed to communicate the severity of the vulnerability to the outside world. A month after Microsoft released the patch, the Shadow Brokers published the attack code, code-named EternalBlue, that exploited the critical Windows vulnerability. A month after that, attackers used a modified version of EternalBlue to infect computers around the world with malware that blocked access to data. Within hours of the outbreak of the ransomware worm dubbed WCry, infected hospitals turned away patients; banks, telecommunications companies, and government agencies shut down computers.
"NSA identified a risk and communicated it to Microsoft, who put out an immediate patch," Mike McNerney, a former Pentagon cybersecurity official and a fellow at the Truman National Security Project, told The Washington Post. The problem, he said, is that no senior official took the step of shouting to the world: "This one is very serious, and we need to protect ourselves."
Source: ArsTechnica
(Score: 5, Insightful) by Runaway1956 on Sunday May 21 2017, @08:14PM (2 children)
NSA identifies a risk, and keeps it secret, until it's stolen, THEN they communicate the risk. Mikey makes it sound like they were being good citizens. Fuck you Mikey!!
(Score: 4, Insightful) by Lagg on Sunday May 21 2017, @09:37PM
Keep in mind that even the WP and Arse Technica aren't buying it. This is rather important and unusual compared to previous coverage of the NSA not all that long ago. Also I'm pretty sure people are having more trouble than they usually do with politicians' integrity these days. Too bad his cult isn't the elephant worshipping one. They'd take his attempt to PR even less seriously.
Right after his quote they still made it clear it was dangerous. One thing I take issue with though: It being treated as an NSA security issue rather than an ethical one for responsible reporting - that they simply need to "secure" the exploits more.
I also am getting very fucking tired of their constant comparisons to weapons. People are surely seeing what they're doing here by now. They need to knock it off.
http://lagg.me [lagg.me] 🗿
(Score: 2) by butthurt on Sunday May 21 2017, @10:19PM
> THEN they communicate the risk.
As Mr. McNerney says, the NSA told Microsoft but they didn't tell the public. As far as I know, the agency hasn't publicly acknowledged that the EternalBlue exploit, or anything released by the Shadow Brokers, was stolen from the NSA.
(Score: 1) by Demena on Sunday May 21 2017, @11:19PM (11 children)
The prime responsibility for all the crap goes to there NSA not the Shadow brokers. They are both guilty as sin of unethical shit but the NSA made the door the Shadow Brokers used.
The NSA should be forking out to repair the worldwide damage. It isn't that they are no better than criminals it is simply that they are criminals.
(Score: 0) by Anonymous Coward on Sunday May 21 2017, @11:59PM (4 children)
No no, you see... imagine if there was a terrorist and a suitcase nuke and the terrorist locked his iPhone and demands a lawyer but there's a timer and we can't wait and it's New Year's Eve. You see?
(Score: 1) by Demena on Monday May 22 2017, @12:07AM (3 children)
No. I do not see.
(Score: 1) by khallow on Monday May 22 2017, @02:55AM (2 children)
(Score: 0) by Anonymous Coward on Monday May 22 2017, @04:09AM (1 child)
And they're rebooting that shit, pretty sure the protagonist is a woman this time. Gotta get the diversity in there, can't let a silly thing like feminism stop the police state.
(Score: 2) by DECbot on Monday May 22 2017, @04:22PM
Technically , in the US, a male is a minority*. So you should still be able to cast a man. LGBTBBQLOLBRBWTF man if you're still trying to fill the diversity quota.
*You'll have first trust Wikipedia, then second trust the 2012 CIA World Factbook, and third add up the numbers yourself.
https://en.wikipedia.org/wiki/Demography_of_the_United_States#Ages [wikipedia.org]
cats~$ sudo chown -R us /home/base
(Score: 0) by Anonymous Coward on Monday May 22 2017, @01:14AM (5 children)
The prime responsibility for all the crap is Micro$oft for releasing a shitty operating system.
(Score: 1, Informative) by Anonymous Coward on Monday May 22 2017, @02:04AM (3 children)
Look up ping of death as applicable to lunix. Yeah, RCE via ping, now sod off.
(Score: 0) by Anonymous Coward on Monday May 22 2017, @02:12AM (1 child)
My router will block that before it gets to my LAN... try again.
(Score: 1, Touché) by Anonymous Coward on Monday May 22 2017, @06:58AM
No need to try again, because the same applies to this M$ asploit.
(Score: 3, Informative) by Chromium_One on Monday May 22 2017, @06:13AM
Seriously, people need to quit referring to Linux as Lunix. They really don't have much in common, though the 7-node clustering capabilities were kind of neat considering the hardware.
https://en.wikipedia.org/wiki/LUnix [wikipedia.org]
When you live in a sick society, everything you do is wrong.
(Score: 1) by anubi on Monday May 22 2017, @06:15AM
My feeling is Microsoft deliberately inserts backdoors presented to them by the TLA's in order to be a "team player" in exchange for adoption of Microsoft by government contractors, and favorable law regarding "hold harmless" clauses.
I have no proof of this, but having so many backdoors constantly being found and replaced sure leads me to speculate.
Seems like in any other industry, this far along, we would have had this whole thing nailed by now. We should at least have a trustworthy computational foundation by now. No, we still have stuff that falls apart.
Every successive version of Windows seems to be even more full of holes than the one it replaces.
Especially with our own government allowing "hold harmless" clauses to be OK, but not letting anyone else off nearly that easy.
The adoption of Microsoft by governments damn near mandates the adoption of the same by the citizens, so as to be able to talk to the governments. Just like we are forced to use the dollar as currency, as taxes are paid in it.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 4, Interesting) by Snotnose on Monday May 22 2017, @02:14AM (2 children)
Presidential Medal of Freedom sounds appropriate. These assholes (NSA et all) find vulnerabilities that make us all insecure and hoard them for their own use. Never mind the Chinese, Russians, and random hacker groups find the same vulnerabilities.
This "leak" has made everyfuckingone of us a hell of a lot safer in the long run.
When the dust settled America realized it was saved by a porn star.
(Score: 2, Interesting) by anubi on Monday May 22 2017, @05:59AM (1 child)
That was the first thing that came to my mind, too. You beat me to it.
Now, I am finally beginning to understand why my cries about computer security went ridiculed when I worked in the lower levels ( engineering ) of the aerospace industry.
I now sincerely believe that at the same time I was expressing security concerns about Microsoft and the motherboard manufacturers, at the upper levels of the Military-Industrial Complex, hands were already shaking and pens were signing, implementing the very things I was concerned about.
Its the only plausible explanation I can think of as to why my concerns fell on such deaf ears.
I am now concerned with how much longer we will be able to buy hardware that will run linux, or will running linux one day be illegal?
I see the day coming where only things like Raspberry PI's may be known to be trustworthy.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by pkrasimirov on Monday May 22 2017, @04:08PM
> Its the only plausible explanation I can think of as to why my concerns fell on such deaf ears.
You underestimate the human laziness and corporate comfort zones.
(Score: 3, Interesting) by meustrus on Monday May 22 2017, @02:13PM
This disclosure is great! Props to Shadow Brokers for making us all safer from the NSA.
Now let's close all the holes the Russians, Chinese, N. Korean, and other hostile foreign powers have. While we're at it let's eliminate the hacks that criminal organizations use to competently extort money and steal corporate secrets. And can we please fix the design vulnerabilities in HTML and other interfaces that allow our new tech overlords to track us and establish Orwellian profiles of our behavior for uses still not entirely decided upon?
There isn't just one NSA-shaped boogeyman. The enemy to our personal liberty is found in all such large concentrations of power.
If there isn't at least one reference or primary source, it's not +1 Informative. Maybe the underused +1 Interesting?