Microsoft Is PISSED OFF At The NSA Over WannaCry Attack
#1
So, for about a day, Microsoft followed the usual course of action concerning the WannaCry malware that made the rounds last week. As we noted, this ransomware/attackware was built off some leaked NSA exploit code utilizing a vulnerability in Microsoft Windows... that the NSA failed to tell Microsoft about. Microsoft had actually patched it a few weeks prior to the code leaking online via Shadow Brokers, but, still... the NSA is supposed to disclose most of these vulnerabilities, rather than hold them for offensive use (that's the theory, at least).



Microsoft did its standard "no comment" bit for a day or so, but then on Sunday, its President and Chief Legal Officer let loose on the NSA for its failures that resulted in all of this happening. First, it officially confirmed what people were saying about the code being built off of leaked NSA code:

Quote:

The WannaCrypt exploits used in the attack were drawn from the exploits stolen from the National Security Agency, or NSA, in the United States.


The post does a good job discussing what Microsoft is doing about this and what it means, but then has this:

Quote:

Finally, this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action.



The governments of the world should treat this attack as a wake-up call. They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world. We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits. This is one reason we called in February for a new “Digital Geneva Convention” to govern these issues, including a new requirement for governments to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them. And it’s why we’ve pledged our support for defending every customer everywhere in the face of cyberattacks, regardless of their nationality. This weekend, whether it’s in London, New York, Moscow, Delhi, Sao Paulo, or Beijing, we’re putting this principle into action and working with customers around the world.


Whatever you might think of Microsoft and privacy and such, in the last few years (in part thanks to Smith's focus on this), it has been really good about pushing back on government surveillance and interference. This blog post seems to be the next step in that effort. I'm sure that plenty of readers here have a reflexive dislike of Microsoft (no need to express it in the comments, we know already), but the company has been taking a strong stand against excessive surveillance and other efforts to weaken the public's security. Calling out the failures of the intelligence community in not disclosing these kinds of vulnerabilities is another good step, and it's good to see Microsoft make such a clear statement on it.



Permalink | Comments | Email This Story
[Image: feed?i=FQo2IeNDS9E:-90wWYH3FMk:D7DqB2pKExk][Image: feed?d=c-S6u7MTCTE]
[Image: FQo2IeNDS9E]

Originally Published: Tue, 16 May 2017 03:23:00 PDT
source
Reply
#2
Read this quickly, so pardon if there is a point I've missed.  Isn't it still Microsoft's original fault for having vulnerabilities in their code?? The NSA was just making an observation.

Microsoft should just STFU, fix their crap and the NSA won't be able to say anything about the codes...

I love MS , but they look like jerks by bitching and not fixing right away, IMHO .
Reply
#3
Yea, you really should read the articles.

Yes, Microsoft had some bugs.

NSA knew about them, but didn't tell anyone so they could exploit the bugs for their own purposes.

NSA could have told Microsoft, and Microsoft would have patched it a lot sooner without anyone knowing about it.

Instead the NSA bug list got leaked, and someone took advantage of the fact that a large portion of Windows users are running old or unpatched systems.
Reply
#4
My point stands... MIcrosoft would not be mad if that had their shit tight in the first place.

I didn't say the NSA wasn't a bunch of douches... Microsoft would save themselves a lot by getting it right the first time.

Aren't a lot of companies still running XP... I loved XP, but MS no longer provides support... MS's fault, not the NSA...
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  If You're Pissed About Facebook's Privacy Abuses, You Should Be Four Times As ... Mike 16 32,991 Jun 16, 2024, 02:53 am
Last Post: stts2
  Trump signs bill renewing NSA's internet surveillance program nygeek 15 34,768 Jun 14, 2024, 23:51 pm
Last Post: stts2
  TRUMP...what a bum...HOPE OVER HATE Lipex 51 66,040 Jun 06, 2024, 17:33 pm
Last Post: stts2
  US grants immunity to Saudi's MBS over Khashoggi killing Resurgence 0 6,763 Nov 18, 2022, 14:33 pm
Last Post: Resurgence
  Africa slams West over asking the continent to pay $2.8 trillion for pollution Resurgence 0 6,497 Nov 16, 2022, 14:05 pm
Last Post: Resurgence



Users browsing this thread: 1 Guest(s)