Stories
Slash Boxes
Comments

SoylentNews is people

posted by on Sunday May 21 2017, @08:07PM   Printer-friendly
from the better-late-than-never dept.

After learning that one of its most prized hacking tools was stolen by a mysterious group calling itself the Shadow Brokers, National Security Agency officials warned Microsoft of the critical Windows vulnerability the tool exploited, according to a report published Tuesday by The Washington Post. The private disclosure led to a patch that was issued in March.

Those same NSA officials, according to Tuesday's report, failed to communicate the severity of the vulnerability to the outside world. A month after Microsoft released the patch, the Shadow Brokers published the attack code, code-named EternalBlue, that exploited the critical Windows vulnerability. A month after that, attackers used a modified version of EternalBlue to infect computers around the world with malware that blocked access to data. Within hours of the outbreak of the ransomware worm dubbed WCry, infected hospitals turned away patients; banks, telecommunications companies, and government agencies shut down computers.

"NSA identified a risk and communicated it to Microsoft, who put out an immediate patch," Mike McNerney, a former Pentagon cybersecurity official and a fellow at the Truman National Security Project, told The Washington Post. The problem, he said, is that no senior official took the step of shouting to the world: "This one is very serious, and we need to protect ourselves."

Source: ArsTechnica


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1) by anubi on Monday May 22 2017, @06:15AM

    by anubi (2828) on Monday May 22 2017, @06:15AM (#513350) Journal

    My feeling is Microsoft deliberately inserts backdoors presented to them by the TLA's in order to be a "team player" in exchange for adoption of Microsoft by government contractors, and favorable law regarding "hold harmless" clauses.

    I have no proof of this, but having so many backdoors constantly being found and replaced sure leads me to speculate.

    Seems like in any other industry, this far along, we would have had this whole thing nailed by now. We should at least have a trustworthy computational foundation by now. No, we still have stuff that falls apart.

    Every successive version of Windows seems to be even more full of holes than the one it replaces.

    Especially with our own government allowing "hold harmless" clauses to be OK, but not letting anyone else off nearly that easy.

    The adoption of Microsoft by governments damn near mandates the adoption of the same by the citizens, so as to be able to talk to the governments. Just like we are forced to use the dollar as currency, as taxes are paid in it.

    --
    "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]