After learning that one of its most prized hacking tools was stolen by a mysterious group calling itself the Shadow Brokers, National Security Agency officials warned Microsoft of the critical Windows vulnerability the tool exploited, according to a report published Tuesday by The Washington Post. The private disclosure led to a patch that was issued in March.
Those same NSA officials, according to Tuesday's report, failed to communicate the severity of the vulnerability to the outside world. A month after Microsoft released the patch, the Shadow Brokers published the attack code, code-named EternalBlue, that exploited the critical Windows vulnerability. A month after that, attackers used a modified version of EternalBlue to infect computers around the world with malware that blocked access to data. Within hours of the outbreak of the ransomware worm dubbed WCry, infected hospitals turned away patients; banks, telecommunications companies, and government agencies shut down computers.
"NSA identified a risk and communicated it to Microsoft, who put out an immediate patch," Mike McNerney, a former Pentagon cybersecurity official and a fellow at the Truman National Security Project, told The Washington Post. The problem, he said, is that no senior official took the step of shouting to the world: "This one is very serious, and we need to protect ourselves."
Source: ArsTechnica
(Score: 4, Insightful) by Lagg on Sunday May 21 2017, @09:37PM
Keep in mind that even the WP and Arse Technica aren't buying it. This is rather important and unusual compared to previous coverage of the NSA not all that long ago. Also I'm pretty sure people are having more trouble than they usually do with politicians' integrity these days. Too bad his cult isn't the elephant worshipping one. They'd take his attempt to PR even less seriously.
Right after his quote they still made it clear it was dangerous. One thing I take issue with though: It being treated as an NSA security issue rather than an ethical one for responsible reporting - that they simply need to "secure" the exploits more.
I also am getting very fucking tired of their constant comparisons to weapons. People are surely seeing what they're doing here by now. They need to knock it off.
http://lagg.me [lagg.me] 🗿