MESSAGE
DATE | 2017-05-15 |
FROM | Ruben Safir
|
SUBJECT | Re: [Hangout of NYLXS] Death of Microsoft
|
From hangout-bounces-at-nylxs.com Mon May 15 09:22:18 2017 Return-Path: X-Original-To: archive-at-nylxs.com Delivered-To: archive-at-nylxs.com Received: from www.mrbrklyn.com (www.mrbrklyn.com [96.57.23.82]) by mrbrklyn.com (Postfix) with ESMTP id E5E17161312; Mon, 15 May 2017 09:22:17 -0400 (EDT) X-Original-To: hangout-at-nylxs.com Delivered-To: hangout-at-nylxs.com Received: from [10.0.0.62] (flatbush.mrbrklyn.com [10.0.0.62]) by mrbrklyn.com (Postfix) with ESMTP id B2899160E77 for ; Mon, 15 May 2017 09:22:15 -0400 (EDT) To: hangout-at-nylxs.com References: <789b4251-58a6-9599-90f0-cd4edc07980f-at-mrbrklyn.com> <1608175.rRMWUxKrTF-at-glsector2814> <929b7dfd-5ca4-5339-0a45-ea2e179f64f1-at-mrbrklyn.com> <4263099.QAU8IHmhjn-at-glsector2814> From: Ruben Safir Message-ID: <9e6cdd13-dd76-ff67-da53-3aed7908f5f9-at-mrbrklyn.com> Date: Mon, 15 May 2017 09:22:15 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.0 MIME-Version: 1.0 In-Reply-To: <4263099.QAU8IHmhjn-at-glsector2814> Content-Language: en-US Subject: Re: [Hangout of NYLXS] Death of Microsoft X-BeenThere: hangout-at-nylxs.com X-Mailman-Version: 2.1.17 Precedence: list List-Id: NYLXS Tech Talk and Politics List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: quoted-printable Errors-To: hangout-bounces-at-nylxs.com Sender: "Hangout"
On 05/15/2017 09:15 AM, FarSight Data Systems wrote: > On Monday, May 15, 2017 09:07:28 AM Ruben Safir wrote: >> On 05/15/2017 08:57 AM, FarSight Data Systems wrote: >>> Much as I might like to see it, too many systems around the wold are us= ing >>> it, and sheer inertia will keep people and companies using it. >>> >>> A sad commentary. I expect there'll be a rush to fix the problem. >>> >>> Until the next one >>> >>> and the next >>> >>> and the next ... >> >> This one seems like the one to break the camels back. Look at the MS >> reaction. They are blaming the Feds. > =
> Why would it be the Feds fault? They didn't create the software. Classi= c deflection. I =
> wonder if they think the companies will drink that kool aid. I expect a = lot of people will, but =
> the companies? I don't think so. > =
http://www.pcworld.com/article/3196523/security/microsoft-blames-us-stockpi= led-vulnerability-for-ransomware-attack.html
Microsoft blames U.S. stockpiled vulnerability after WannaCry ransomware attack The stockpiling of vulnerabilities by governments is a big problem, the company said.
By John Ribeiro
Bangalore Correspondent, IDG News Service | May 15, 2017 5:20 AM PT nsa aerial Credit: NSA More like this
img 20170512 095943 A ransomware attack is spreading worldwide, using alleged NSA exploit img 20170512 095943 Old Windows PCs can stop WannaCry ransomware with new Microsoft patch cia Did the CIA hack you? Wikileaks leak may allow antivirus vendors to tell Video Why You Lost Your Windows 10 Product Key
Microsoft on Sunday said a software vulnerability stolen from the U.S. National Security Agency has affected customers around the world, and described the spread of the WannaCry/WannaCrypt ransomware on Friday in many countries as yet another example of the problems caused by the stockpiling of vulnerabilities by governments.
Referring to the attack as a =93wake-up call,=94 Microsoft=92s President and Chief Legal Officer, Brad Smith wrote in a blog post that governments have =93to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.=94
The ransomware, also called WannaCry or Wana Decryptor, works by exploiting a vulnerability in some older versions of Windows. It has been suspected for some time now that the malware came from a cache of hacking tools reportedly stolen by hacking group Shadow Brokers from the NSA and leaked on the internet. WannaCry is said to take advantage of a NSA hacking tool, called EternalBlue, that can make it easy to hijack unpatched older Windows machines. [ Further reading: How the new age of antivirus software will protect your PC ]
Microsoft is now confirming that the WannaCrypt exploits used in the attack on Friday were drawn from the trove of exploits stolen from the NSA. =93Until this weekend=92s attack, Microsoft declined to officially confirm this, as US Gov refused to confirm or deny this was their exploit,=94 wrote NSA whistleblower Edward Snowden in a tweet.
On March 14, the company had released a security update to patch the vulnerability. =93While this protected newer Windows systems and computers that had enabled Windows Update to apply this latest update, many computers remained unpatched globally,=94 Smith wrote. =93As a result, hospitals, businesses, governments, and computers at homes were affected.= =94
On Friday a number of agencies and businesses around the globe, including the U.K.=92s National Health Service, were disrupted by the malware, which is estimated to have hit over 100,000 organizations in 150 countries, Rob Wainwright, executive director of Europol, the European law enforcement agency, told ITV.
Microsoft rolled out over the weekend a patch for Windows XP, Windows Server 2003 and Windows 8, which are operating systems for which it no longer provides mainstream support.
There are apprehensions that a second wave of the attack may arrive Monday as employees return and switch on affected computers. The attackers could also hit back with a variant of the malware that does not have a provision for the =93kill switch=94 found by a researcher to stem the first round of attacks. =93Version 1 of WannaCrypt was stoppable but version 2.0 will likely remove the flaw. You=92re only safe if you patch ASAP,=94 wrote the researcher on Twitter.
Microsoft called in February for a =93Digital Geneva Convention=94 laying down the rules for the protection of users from state cyber attacks, including a requirement for governments to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them. =93We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world,=94 Smith wrote.
Exploits in the hands of governments have repeatedly leaked into the public domain and caused widespread damage, wrote Smith, who compared the leaks of CIA and NSA vulnerabilities to the U.S. military having some of its Tomahawk missiles stolen. =93This most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today =96 nation-state action and organized criminal action,=94 he added.
> Mark > =
>> >>> Mark >>> >>> On Monday, May 15, 2017 02:42:15 AM ruben wrote: >>>> So, this looks like it is it. MS has created the catastrophy we all >>>> feared and predicted they would and looks like this might well be the >>>> end of them >>>> _______________________________________________ >>>> Hangout mailing list >>>> Hangout-at-nylxs.com >>>> http://www.nylxs.com/mailman/listinfo/hangout >>> >>> _______________________________________________ >>> Hangout mailing list >>> Hangout-at-nylxs.com >>> http://www.nylxs.com/mailman/listinfo/hangout > =
> =
> =
> _______________________________________________ > Hangout mailing list > Hangout-at-nylxs.com > http://www.nylxs.com/mailman/listinfo/hangout > =
-- =
So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com
DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com
Being so tracked is for FARM ANIMALS and and extermination camps, but incompatible with living as a free human being. -RI Safir 2013 _______________________________________________ Hangout mailing list Hangout-at-nylxs.com http://www.nylxs.com/mailman/listinfo/hangout
|
|