The wiki should now be spam-free. All revisions made by spambots have been deleted, including a few spam edits from years ago that were missed at the time.
0 Members and 1 Guest are viewing this topic.
Finally, this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action.
The WannaCry ransomware attacks demonstrate that patching large, legacy systems is hard. For many kinds of systems, the existence of patches for a vulnerability is no guarantee that they will make their way to the affected devices in a timely manner. For example, many Internet of Things devices are unpatchable, a fact that was exploited by the Mirai Botnet. Additionally, the majority of Android devices are no longer supported by Google or the device manufacturers, leaving them open to exploitation by a "toxic hellstew" of known vulnerabilities. Even for systems that can be patched, applying patches to large enterprise or government systems in a timely manner is notoriously difficult. Enterprise and government systems can rarely afford the potential downtime that goes along with a software patch or upgrade. As one researcher put it, "enterprises often face a stark choice with security patches: take the risk of being knocked of the air by hackers, or take the risk of knocking yourself off the air."
Plenty of fault lies with the NSA for developing the exploit software in the first place
Apparently the Bitcoin address they're using has only received about $50k in payments, which is pretty lol
Reflexively blaming people for not patching their systems is too easy and simplistic. Plenty of fault lies with the NSA for developing the exploit software in the first place
See that is one thing about this that screams the hackers weren't smart. If your ransomware just locks down the computer, what stops someone from popping in the windows disk, reinstalling and uploading a backup from a cloud server or hard drive?
Quote from: Goober5000 on May 16, 2017, 10:17:27 pmReflexively blaming people for not patching their systems is too easy and simplistic. Plenty of fault lies with the NSA for developing the exploit software in the first placeWhile not understating the fact that the NSA discovered and sat on the vulnerability, that doesn't excuse the fact that they eventually revealed the exploit and the **** has only hit the fan with WannaCry in the days long after a patch was deployed. So I think its perfectly reasonable to blame individuals and systems administrators who have intentionally deployed and maintained obsolete operating systems without sufficient hardening against high-threat-level attacks. E.g. running XP, which is THREE YEARS out of security patches, in an enterprise environment is pure reckless stupidity - and the individuals who intentionally run it at home to this day because they don't like 7/8/10 are beyond saving.
Copyright © 2001-2018 Hard Light ProductionsAll Rights Reserved
SMF 2.0.15 |
SMF © 2017, Simple Machines
Page created in 0.039 seconds with 32 queries.