back to article Ransomware scum have already unleashed kill-switch-free WannaCry‬pt‪ variant

Miscreants have launched a ransomware worm variant that abuses the same vulnerability as ‪the infamous WannaCry‬pt‪ malware. Danish firm Heimdal Security warned on Sunday that the new Uiwix strain doesn't include a kill-switch domain, like the one that proved instrumental in minimising the harm caused by WannaCrypt last week, …

  1. Martijn Otto

    Inevitable

    This was - of course - inevitable and it only shows how effective the NSA is at undermining everyones security.

    1. Pascal Monett Silver badge
      Flame

      Re: Inevitable

      And, of course, there isn't a single politician that will derive any parallel with backdoored encryption. Can't be, it's backdoored for The Good Guys (TM) !

      1. tfb Silver badge

        Re: Inevitable

        And the good guys have such good security that none of the backdoor keys will ever leak. Nothing has ever leaked from the NSA for inst... oh, wait.

      2. Anonymous Coward
        Anonymous Coward

        Re: Inevitable

        Oh c'mon...it will be spun as

        "If we have back doors we can prevent this sort of thing happening by getting into the system and blocking it"

        1. Anonymous Coward
          Anonymous Coward

          Re: Inevitable

          If back doors ever become a reality and the key is ever stolen (it will be), there will be no need for "ransomware". The crims will simply help themselves to your bank account or whatever else they want. You won't have to open a dodgy email or click a bad link. Best yet it won't matter what OS you use. And then, goat farming in the hills begins to look attractive.

          1. tom dial Silver badge

            Re: Inevitable

            The present"back door" would be through compromise of Apple's (or Microsoft's) code signing key(s) or use of the keys to sign bogus software. Is there really reason to suppose that their security protections are fundamentally superior to those at the NSA? Would they not be subject in a similar way to vulnerability from disloyal or planted employees or accidents that expose them in environments less protected than planned.

      3. Trigonoceps occipitalis

        Re: Inevitable

        Yes, but if the crypto is back doored all I need to do is ring NSA/GCHQ, problem solved!

    2. The Man Who Fell To Earth Silver badge
      FAIL

      Re: Inevitable

      Oh yea. Because the likes of the FSB & PLA must be too stupid to have also discovered these types of vulnerabilities.

      1. Ken Hagan Gold badge

        Re: Inevitable

        "Because the likes of the FSB & PLA must be too stupid to have also discovered these types of vulnerabilities."

        If they knew about them, they didn't do a very good job of protecting their own gear from them.

        1. John Brown (no body) Silver badge

          Re: Inevitable

          "If they knew about them,"

          You mean like the NSAUSA did such a good job

      2. Ropewash

        Re: Inevitable

        FSB & PLA

        I can't be the only one who wondered what the frontside bus or a programmable logic array had to do with this story.

    3. Version 1.0 Silver badge

      Re: Inevitable

      Don't blame the NSA - anyone could have discovered this issue and weaponized it. Certainly the NSA should have reported it to Microsoft but they apparently didn't ... who knows.

      The real issue here is that Microsoft stopped has patching XP and Vista systems in an attempt to force users to upgrade - that's where the real money is in these vulnerabilities. So who's going to make out like a bandit from WannaCry et al? Expect Microsoft Win 10 share to increase over the next few months - they are the real winners here.

      1. Anonymous Coward
        Anonymous Coward

        Re: Inevitable

        So you're blaming a commercial company for not patching a 13 year old OS?

        Really?

        1. Anonymous Coward
          Anonymous Coward

          Re: Inevitable

          Yes. If they're selling their operating system to clients for use in everything from medical equipment to warships and that equipment has an expected lifetime of decades, then the operating system should be supported for that lifetime.

          Microsoft have made billions upon billions from the taxpayers. Supporting the stuff they have sold isn't much to ask. No-one is asking for new features or upgrades, only critical security updates.

          1. Donn Bly
            Mushroom

            Re: If they're selling their operating system to clients for use in everything

            Debian derivatives are used in dozens of pieces of equipment around my office -- when there is a flaw who is the one responsible for getting all of the that equipment updated? Should Public Interest be blamed for a unpatched hole in a 10 year old router and expected to fix it -- even when newer versions that fixed the flaw have already been shipped? Of course not.

            So why should Microsoft be blamed for the same situation? They sold operating system, but they aren't the one putting it in medical equipment. That was done by the manufacturer of the equipment, which, by the way, as an OEM assumed all ongoing support. The end-of-life date on the OS was well known before it was installed. It is the equipment manufacturer that screwed you over, not Microsoft.

            The systems integrator that put Windows on Warships is the one who made the claim of fitness for purpose, not Microsoft. THEY are the one who should be held accountable. If that integrator needs to go back and pay Microsoft for ongoing support that's their problem -- they made the choice to integrate Microsoft and they have the live with the results of their decisions.

            1. Wayland Bronze badge

              Re: If they're selling their operating system to clients for use in everything

              Don Bly, The Ian bloke from the name Deb-Ian died. Apparently committed suicide. That's how spooks die. Don't be so sure they don't have a backdoor into Linux. The FreeBSD people think Linux is not hardcore enough which is why it's not very popular. If you want cool things in Linux it's going to have backdoors.

        2. Version 1.0 Silver badge

          Re: Inevitable

          Sure, I'm blaming them - I know that the way of the world here is that when you buy stuff these days it's actually supported for a year or so ... and then it's junk?

          The next time you take a journey, check the age of the aircraft, train, car, bike etc. - if it's 13 years old then maybe it will crash and the manufacturer will tell you that it's your fault?

          The fact is that Microsoft actually had a fix for this vulnerability but they were only releasing it if you had a continuing support contract - sure, Windows isn't very secure but why? Because it's not built for security, it's built to be cheap and disposable.

          It's designed to be required to be replaced because that's where the money is - and this applies to whatever ever of Windows you are running today - it's going to be vulnerable tomorrow.

        3. TheVogon Silver badge

          Re: Inevitable

          "So you're blaming a commercial company for not patching a 13 year old OS?"

          Windows XP is nearly 16 years old now...

          1. Pompous Git Silver badge

            Re: Inevitable

            "Windows XP is nearly 16 years old now..."
            Almost legal then :-)

        4. Michael Habel Silver badge

          Re: Inevitable

          Implying that Windows (H)8, and Windows X are better than an unmaintained Windows XP SP3 Installation. Which can still do it's job. Probably better than those other Two numbskull OSs. Assuming Microsoft were kind enough to continue supporting it. But, alas that way only madness lay. As XP does not contain Tracker's, and (Cr)App Stores to take your Moneyz.

        5. Scorchio!!

          Re: Inevitable

          Last night on BBC Radio 4 news I head that the NHS IT organisation warned trusts of the risks if they did not deploy the patch to protect them against this very thing; they were arned, but why the hell are people still opening attachments and clicking on links? My mother made this mistake once, in 1998, and has not done so since. If someone of her age can be immune so can NHS staff.

        6. Jess

          Re: So you're blaming a commercial company for not patching a 13 year old OS?

          When said OS is used with systems that cannot be upgraded, yes.

          (because it would make expensive hardware unusable.)

          But also the people who made and OKed the decision to purchase such unsuitable systems should be held to account.

          Why would anyone buy a jack of all trades system, with a life of a decade or so to run expensive equipment meant to last thirty years with a specific requirement?

          1. Pompous Git Silver badge

            Re: So you're blaming a commercial company for not patching a 13 year old OS?

            "Why would anyone buy a jack of all trades system, with a life of a decade or so to run expensive equipment meant to last thirty years with a specific requirement?"
            No alternative. Hospitals use hundreds of devices "monitoring equipment, alarms, compounders, radiology, things of those nature" that were designed to specifically run with XP. There are zero or close to zero that run on other OSs. You can't purchase what doesn't exist.

            1. Charles 9 Silver badge

              Re: So you're blaming a commercial company for not patching a 13 year old OS?

              But I wonder if it's possible to MAKE it exist with something like, "This 8-figure contract will go to the first company that's makes their equipment X, Y, and Z completely."

          2. Wayland Bronze badge

            Re: So you're blaming a commercial company for not patching a 13 year old OS?

            In my experience with embedded systems there is nothing particularly fancy about the way the PC talks to the special hardware. There is nothing that says it can't be upgraded to say 32 bit Windows 7 or even rewritten for Linux. Much of the code is written in C or Delphi. It would take a bit of work but not impossible.

            The problem is that like Microsoft the manufacturers have moved on. They are playing with their next big thing and have forgotten about that old stuff.

            What is needed is a commitment from the manufacturers to either support the gear for 30 years or share the code and the schematics. Obviously a consideration would be required from the buyer, I don't see why they should do that for free.

            The easiest thing would be to keep XP going and Microsoft will do that if you pay them. The next thing would be to fit each XP system with a hardware firewall. Don't expect XP to protect itself, put a packet sniffing firewall in between.

            1. TheSkunkyMonk

              Re: So you're blaming a commercial company for not patching a 13 year old OS?

              Thanks for my morning giggle, just the thought of manufacturers making stuff that lasts really got me going! https://www.youtube.com/watch?v=zdh7_PA8GZU

            2. Roland6 Silver badge

              Re: So you're blaming a commercial company for not patching a 13 year old OS?

              The easiest thing would be to keep XP going and Microsoft will do that if you pay them. The next thing would be to fit each XP system with a hardware firewall. Don't expect XP to protect itself, put a packet sniffing firewall in between.

              Firstly, from the way MS behaved around the time of XP's EOL, it was clear they had zero intention of keeping XP going - MS wanted to make a break with the past, even if that break could hurt them commercially. Additionally, given the size of payments they received from user organisations, such as the UK government, for the extended support service MS reluctantly did offer, I suspect given MS were already committed to maintaining XP POS until 2019, it received sufficient monies to more than cover the costs of maintaining the XP support team for 10 years; extending XP's EOL to 2024; yet they haven't.

              Secondly, how would a hardware packet sniffing firewall given any protection against WannaCrypt, given the initial infection vector was believed to have been a poisoned email attachment and if you were running SMB the relevant ports would be open.

        7. inmypjs Silver badge

          Re: Inevitable

          "blaming a commercial company for not patching a 13 year"

          I think blaming and criticising a company that sold you buggy vulnerable crap and refuses to fix bugs because someone else didn't find and advise them of them soon enough is entirely justified.

          I have some compilers from a company with a policy that finding a bug in an obsolete unsupported version of the compiler entitles you to a free upgrade to a current supported version. That would be the policy of a decent company (which Microsoft clearly isn't). Of course Microsoft's current supported version being a piece of shit that no one wants would stymie such a policy.

      2. Anonymous Coward
        Anonymous Coward

        Re: Inevitable

        @Version 1.0

        I wouldn't be so sure. My phone has been off the hook all day with people asking if certain software will work under Ubuntu. Totally unsolicited.

        I think people are legit pissed at MS this time and are finally fed up with a dash of genuine concern.

      3. Mage Silver badge

        Re: The real issue here is that Microsoft stopped has patching XP

        Actually technically they haven't stopped. (Vista yes).

        BUT THE PATCHING IS NEARLY IRRELEVANT!

        Like most other spam borne "attacks" this would be totally mitigated by

        1) User training and common sense.

        2) Better configured systems.

        XP use by NHS is a red herring.

        Even if EVERYONE used Linux* and it was updated daily, it will NOT stop this until the USERs are better trained and use email properly.

        [*Because all the spam based attacks would be aimed at Linux]

        1. Version 1.0 Silver badge

          @mage "User training and common sense"

          That will only protect you against the obvious - you're still toast whenever the NSA and their ilk want access.

          1. veti Silver badge

            Re: @mage "User training and common sense"

            @Version 1.0:

            If the NSA/GCHQ/etc. really want to read what's on your computer, they will. Don't kid yourself otherwise. This has been the case since you got that first 33.6 kbps dialup modem.

            But they're unlikely to encrypt the contents and demand bitcoin from you. That's not their MO. Far too revealing, for one thing.

        2. Scorchio!!

          Re: The real issue here is that Microsoft stopped has patching XP

          Thank you Mage; user training and impulse control. I've never fallen for this kind of crap, and I don't let my guard down.

      4. Infernoz Bronze badge
        FAIL

        Re: Inevitable

        * Microsoft realised that the security in XP was grossly inadequate, so recruited crackers and other experienced security staff for a new OS, re-built for security, thus the poor 1st attempt in Vista, and the usable 2nd attempt in Windows 7.

        * The version of SMB (Windows Networking) supported by XP has pathetic security, especially with increasing computer processing power, and I was shocked to see the pathetic default Samba client levels in Mint and no GUI to fix this easily!!!

        * Microsoft provided ample advance warning of EOL for XP/2003, and only offered escalating cost post-EOL support as a _temporary_ stop-gap, because XP is not worth supporting for security reasons, so organisations have no excuses to still be using it, especially on the Internet!

        * Yes, the NSA is criminal for making these immoral and unlawful cyber weapons, but crackers were already attacking the inadequately secured XP.

        * The public leak of these cyber weapons at least makes most of the threats publicly known so that they can be combated en-mass now, including by Microsoft, rather than the much harder work to identify/combat hidden black hat criminal uses.

        * Organisation and other users of XP, and suppliers of equipment requiring XP which have not already implemented/provided an upgrade to at least Window 7 are frankly negligent and should be humiliated/sued; they don't deserve any sympathy.

        The Swift (inter-bank payments service) must also be heavily-pressured/humiliated/sued to get its act together, because it reportedly still requires the only slightly less dated Vista version of Windows to run their client software in banks, which is probably one reason why several Swift client banks have been virtually bank robbed! Swift should really be using a secure *BSD OS for this, let-alone any version of Windows!

        1. M.

          Re: Inevitable

          Your Comment: "Yes, the NSA is criminal for making these immoral and unlawful cyber weapons..."

          Unlawful? By what law, specifically? (NOTE: Title 10 and Title 50 authorities directly - and legally - trump certain US laws.) As an analogy - It's not "illegal" for a policeman to speed to catch up to a criminal. It's not "illegal" for the NSA to create tools to compromise computers.

          You can argue all day as to whether it is illegal to DEPLOY tools, once created, against CERTAIN computers, but I don't think you have a leg to stand on calling the fact that NSA *creates* such a tool - if they even did create one themselves - in any way an illegal act.

          1. Anonymous Coward
            Anonymous Coward

            Re: Inevitable

            Well in the UK, the police (and,bulance/fire tenders) can be prosecuted for their actions while speeding. It does not happen very often but not unknown. As to GCHQ, much of what they have done has been shown to be unlawful it is just that successive government have not pursued them (simply hangs legislation and given retrospective blessings.

      5. DuncanLarge Bronze badge

        Re: Inevitable

        "Don't blame the NSA - anyone could have discovered this issue and weaponized it. Certainly the NSA should have reported it to Microsoft but they apparently didn't ... who knows."

        It's clear the NSA intended to not inform Microsoft at all as this was part or their arsenal, a secret tool on their version of a Bat Belt. We must blame the NSA as they developed it, hoarded it and then lost control of it when it got out. This should be an example of how such organisations should not be using such methods.

        The only way Microsoft knew about this and patched this was because the NSA lost control of the code to ShadowBrokers who then reported it to Microsoft giving them enough time to roll out a patch before a public release.

        As you correctly say, anyone could have developed code that exploits the flaw. But who detected that flaw first? So who should have the social responsibility to improve the "cyber" defense of at least their own nation by disclosing such a flaw?

        The NSA found it. Kept it secret, then lost the code due to real humans making mistakes or breaking in who discover a pot of "hacker gold" runnable and mature from the fist double click.

        For this very reason Apple, correctly, refused to create a version of iOS that could be installed on an iphone to weaken the pin entry screen to allow the FBI entry. Apple knew they could not simply trust that this hacked version of iOS could be kept under control.

        1. tom dial Silver badge

          Re: Inevitable

          Microsoft became aware of the particular vulnerability soon enough to develop and issue a remedial patch for the vulnerability more than five weeks before its first reported use in malware. The notion that ShadowBrokers reported the vulnerabilty to them is much less plausible than the more common presumption that the NSA did so. The patch was marked "critical" and that should have informed anyone paying attention of the need for prompt action. US DoD rules require deployment of these items within 10 days of availability, and while they do not always meet that, those who do not have to report often and in detail on the deployment until it is complete.

          The firmware the FBI wanted from apple, contrary to repeated claims, was not installable on "an iphone" in the general sense. The order required it to be specific to the iPhone described in detail in the court order and required that it not be usable for other iPhones. That is something that Apple certainly could have ensured since the code would need to be signed by them. Apple certainly would have been ordered to provide similar firmware in other cases. However, if the cryptographic implementation was secure and Apple continued to control the signing process, release of any or all copies of such firmware would not have been able to compromise untargeted iPhones.

  2. Dr Who

    You could look at an event such as that of the last few days as the Internet's version of a wildfire. In the short run some damage is done but in the long run the fire's job is to clear out dead wood and enable the regrowth of a stronger, healthier ecosystem. Short term pain for long term gain.

    1. Anonymous Coward
      Unhappy

      And in a few years it will all be forgotten.

      Nachi / Blaster anyone?

    2. John Smith 19 Gold badge
      Unhappy

      "the last few days as the Internet's version of a wildfire. "

      "Wildfire" is also the name of the lab in "The Andromeda Strain."

      Let's hope this situation can be contained with less drastic measures.

    3. katrinab Silver badge

      Not really.

      "We've installed the MS security patch, we've restored from back-up. Everything's OK now".

      Papworth NHS Trust has had something like 16 of these ransomware attacks in the last 12 months, and hasn't done anything. It is going to take a lot more than this to change management attitudes.

      1. AlbertH

        Papworth NHS Trust has had something like 16 of these ransomware attacks in the last 12 months, and hasn't done anything. It is going to take a lot more than this to change management attitudes.

        That's particularly scary - for me - since I'm one of their patients!

    4. Mage Silver badge

      Internet's version of a wildfire.

      No, because very few organisations and users will learn the real lessons.

      Patching and AV inevitably often is bolting the stable door after horses gone for the first hit. Yet proper user training and proper IT configuration mitigates against almost all zero day exploits. I struggle to think of any since 1991.

      Firewalls, routers, internal email servers (block anything doubtful), all superfluous services and applications removed, no adhoc sharing. users not administrators, and PROPER training of users.

    5. Anonymous Coward
      Anonymous Coward

      In the short run some damage is done but in the long run the fire's job is to clear out dead wood

      I wish! The idiots who think it's fine to run XP are paid ten times more than me and they'll still be in the same role this time next year. They'll be no getting rid of dead wood, just more winging it and forcing underpaid Techies to work more weekends after more screw ups.

  3. Pen-y-gors Silver badge

    Oh what fun...

    I've been watching the malwaretech live infection map (https://intel.malwaretech.com/pewpew.html) - it's absolutely addictive!

    But just noticed that someone in Nigeria has been hit with wcrypt. Tee-hee!

    1. wyatt

      Re: Oh what fun...

      There are some really useful (and fun) websites out there.. remembering where they all are is a nightmare (or remembering they're there to use rather).

    2. GrumpyOldBloke
      Trollface

      Re: Oh what fun...

      > someone in Nigeria has been hit

      Yes, my uncle. A Nigerian Prince desperately trying to get his money out of the country. With his computer out he is now looking for an honest soul who can help him for a 10% cut of the funds. Due to the nature of his finances the money can only be moved to a credit card account. If someone would be so kind as to send him theirs...

    3. Stuart 22

      Is it just me?

      Its surely incredible that a lone pizza stuffed actor could get immediate access to the worm and spend a night before he spotted the 'call home' vector? Is that really that hard? And beat the best resourced detection agencies worldwide?

      Surely every IT detective agency including GCHQ would have sandboxed it on first sight, thrown their best at it if only to beat their friends across the pond, to save Jeremy Hunt & Mother Theresa's bacon just ahead of a new funding opportunity (aka new government).

      It all smells not only of pizza but planted news. And if it is genuine what on earth are we paying this organisation and every anti-virus firm for?

      1. Version 1.0 Silver badge

        Re: Is it just me?

        Not that surprising, I've been deleting WannaCry and it's ilk from the mail-server quarantine forever and in my younger days (at his age) all we had to disassemble were things like CP/M, BDS C, and Wordstar ... and I did it for fun. He sounds genuine to me - I can see myself in his shoes at that age.

    4. allthecoolshortnamesweretaken Silver badge

      Re: Oh what fun...

      Kinda reminds me of this...

    5. Hollerithevo Silver badge

      Re: Oh what fun...

      Let's hope it's not a Nigerian hospital.

    6. Ben1892
      Joke

      Re: Oh what fun...

      I've been watching that all morning too, then I realised it's an animated .gif designed to give the impression of a live feed ;)

  4. Anonymous Coward
    Anonymous Coward

    Experts all giving advice how how to stay secure

    None of them are brave enough to suggest not running Windows. It seems they are all still scared of Microsoft, despite Microsoft's irrelevance in 2017.

    1. Jim Willsher

      Re: Experts all giving advice how how to stay secure

      Yeah completely irrelevant. No-one uses any Microsoft products anywhere. Windows, Office, SQL. Yeah all dead, no-one uses them.

    2. Anonymous Coward
      WTF?

      Re: Experts all giving advice how how to stay secure

      and every other unpatched OS in the world is safe to use.

      1. Anonymous Coward
        Anonymous Coward

        Re: Experts all giving advice how how to stay secure

        A Chromebook is infinitely more secure​ than with Windows, much cheaper too.

    3. Andy Non
      Flame

      Re: Experts all giving advice how how to stay secure

      Went to the doctor's surgery this morning. All the computers were down. I queried if they'd been hit with the malware, but apparently it was as a preventative measure as their main NHS trust has been badly hit, so couldn't bring up any records or even know what the wife's blood test was supposed to be for. Next I'm expecting the wife's hospital appt to be canceled due to the chaos it is causing.

      I wonder if we can get a go-fund-me page set up to hire someone to track down this hacker scum and take out a hit on them? A bullet to the brain may give other scumbags something to think about.

      1. GingerOne

        Re: Experts all giving advice how how to stay secure

        @Andy Non

        "I wonder if we can get a go-fund-me page set up to hire someone to track down this hacker scum and take out a hit on them? A bullet to the brain may give other scumbags something to think about."

        Michael S. Rogers is the current head of the NSA, https://www.google.co.uk/search?q=head+of+nsa

      2. Richard Jones 1
        Thumb Up

        Re: Experts all giving advice how how to stay secure

        I went to mine as well, except that their system is less than 12 months old and was fine. The local NHS trust is saying the same about their systems.

        The old system that the GP used, (mandated by the relevant authority) was a real bag of nails, it had longer outages than working periods and the support package appears to have been provided by a corpse on Prozac. The Lead GP threatened to wall up the next support person who failed to fix it after a two day and counting outage . So far so good with the new one.

      3. salerio61

        Re: Experts all giving advice how how to stay secure

        Assassination Politics. If ever there was a more worthy cause I've yet to meet one

    4. Voyna i Mor Silver badge

      Re: Experts all giving advice how how to stay secure

      The answer is not to avoid Windows. It's for our so-called security agencies to get to understand that they are not supposed to be a dirty tricks department collecting weapons for use against others, but that they are supposed to work on our national security - which includes public and private services and businesses as well as the Civil Service.

      The fact that May and Rudd seem totally unable to get what could go wrong post-Snowden suggests that when one of them became PM, a school somewhere missed the bullet of a particularly anal retentive geography teacher.

    5. roblightbody

      Re: Experts all giving advice how how to stay secure

      Windows 10 is unaffected.

      Also there was a lot of criticism of Microsoft forcing updates on users with Windows 10 - will that criticism now end? Users need protected from themselves. We all know people who ignore all the updates their computer or device is asking to install.

      1. Anonymous Coward
        Anonymous Coward

        Re: Experts all giving advice how how to stay secure

        Actually Windows 10 was effected, but because it patches more aggressively the March fix was already applied to must unless they had different WSUS settings in a business/edu environment.

        1. roblightbody

          Re: Experts all giving advice how how to stay secure

          From https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

          "Customers running Windows 10 were not targeted by the attack today."

          1. Roland6 Silver badge

            Re: Experts all giving advice how how to stay secure

            "Customers running Windows 10 were not targeted by the attack today."

            Interesting statement/conclusion given the attack vector was an email attachment and the vulnerability being exploited was in SMBv1 that is also present in Windows 10 and my understanding is that if you hadn't applied the March updates it was vulnerable.

            Perhaps MS are assuming all Win10 systems will have been patched in March and so an attack in May would have failed against these systems and thus we can conclude Win10 wasn't a target...

        2. Maty
          Headmaster

          Re: Experts all giving advice how how to stay secure

          'Windows 10 was effected'

          It was affected. To effect is to put something into operation - as in 'effective'. To affect is to change or influence someting.

          Pedantic, I know. But it's one of those errors that actually hurts when I read it.

      2. Ferry Michael

        Re: Experts all giving advice how how to stay secure

        Windows 10 STILL has SMBv1 needlessly enabled by default. Should either be disabled by default or removed all together. Wonder when someone will find another exploitable weakness. Staying secure means turning off protocols you don't need.

        I have a dual boot laptop that has not booted to Windows since before March - I need to review what services it has enabled to make it a bit more secure before I connect it to the Internet to download latest patches.

        Patching and anti-virus software take time to apply after a vulnerability has been discovered. That can be too late.

        1. Chemist

          Re: Experts all giving advice how how to stay secure

          "I need to review what services it has enabled to make it a bit more secure before I connect it to the Internet to download latest patches."

          Are you suggesting that the "internet" can get to your laptop's open ports - have you no router/firewall etc ?

          1. Anonymous Coward
            Anonymous Coward

            Re: Experts all giving advice how how to stay secure

            >Are you suggesting that the "internet" can get to your laptop's open ports - have you no router/firewall etc ?

            A lot of people (including myself) use their laptops in various locations. I prefer the "only enable services and applications that you need" approach. If there's a vulnerability in a service, you use that service, and that service is therefore enabled, then a firewall won't help you.

            It's certainly worth considering enabling services only at the point where you need them. But it won' solve everything.

            1. Chemist

              Re: Experts all giving advice how how to stay secure

              "A lot of people (including myself) use their laptops in various locations. I prefer the "only enable services and applications that you need" "

              I prefer the both approach

      3. Michael Habel Silver badge

        Re: Experts all giving advice how how to stay secure

        And, in you World everyone's a dolt that refuses to run Windows Update... (Assuming you can get it to work!,) Once a Month is just that great of a burden then? Well it wouldn't be if the damned thing would just work.... Looking at you Windows 7.

    6. roblightbody

      Re: Experts all giving advice how how to stay secure

      Everyone is brave enough to suggest not running an old version of Windows without any updates.

      In this case, anyone with a current OS with current updates, was completely safe.

    7. Version 1.0 Silver badge

      Re: Experts all giving advice how how to stay secure

      Linux? Might be next ... there is no certainty because we don't know what else has been found and "saved" for a rainy day by the NSA

    8. Voland's right hand Silver badge

      Re: Experts all giving advice how how to stay secure

      Some people do not have any choice. When the X-ray machines in the affected hospital trusts were bought using Windows XP (or even 2001) imaging software, that was state of the art. The issue is that the life of a piece of equipment like this vastly exceeds the lifespan of the OS that was used for the control system. On top of that, quite often these cannot be patched as the software is written so badly that it will work only with a specific patch-level of the core OS.

      That CAN and SHOULD be mitigated by:

      0. Considering each and every one of those a Typhoid Mary in potentia

      1. Isolating such the Typhoid Mary in-potentia on a separate subnet

      2. Preventing any communication except essential management and authentication/authorization going out

      3. Providing a single controlled channel to ship out results to a location which we CAN maintain and keep up to date.

      Instead of that, criminally stupid idots at NHS IT in the affected trusts as well as other enterprises which were hit:

      1. Put these unpatchable and unmaintainable machines in the same flat broadcast domain with desktop equipment. There was no attempt at isolation and segmentation whatsoever.

      2. In some cases allowed use of unrelated desktop applications (at ridiculously ancient patch-levels) such as Outlook or even Outlook Express.

      3. Opened file sharing on the machines in question.

      Each of these should be a sackable offense for the IT staff in question.

      1. mcpharm

        Re: Experts all giving advice how how to stay secure

        It's more than incompetent IT people and way worse and virtually impossible to fix.

        There is a lot of niche or specialist custom software used in the nhs that can only work on XP and ie 6 period. Most of the people who wrote are dead or retired etc

        Systems vendors to the nhs are borderline criminal. In pharmacy, there are only 1 of 4 mandated systems vendors you can choose. The 3 desktop based ones have so much legacy crap etc that they still only work on windows 7. They also insist on bundling in a machine to just a stupid high cost to a tech illiterate customer base - generally a cut down crappier version of something you could by uin argos for 300 quid they will charge over a grand for. Their upgrade cycles are a f**king joke and their business model makes their customers very reluctant to do so as they have fork out silly money

        for a new shit machine just cos their vendors tells they have to .. our superdupa crap shit fuck software will only work on a machine we provide. Emis/proscript have alot to answer for ..

        Lots of the staff and their employers are basically proud of being a digital numbskull. "I am healthcare professional, why should i have to know anything about this" and the drones are so poorly paid / bitched at incessantly about everything they just have an" i dunno i just work here, that's not my job attitude" I have to screenshare to train people how to use our websites .. this means i have to get them stick a url into their browser, that's it ... you have no idea how many can't do that .. then get all offended when i ask them what browser they are using .. "i don;t know, why should i know that, i just use google" is always the response .. when half the nhs work force doesn't know what a f**king browser is and peversely proud of the fact they can't type a url into a brower address bar, how on earth are we ever going to hav any sunnvbnf0ijgogjrnb;vzjnav;kjnnf;kqgfnjv;jnf;jjvn;w

        Data Security has turned into one of these tick box things, everyone has dire warning, you will be fined loads of money for doing something wrong that you don't understand and actively don't want to understand so no one gives a f**k as long as they can say they ticked the right boxes.

        1. D@v3

          Re: @ mcpharm

          I know this is going to get lost in a sea of 'replies' to the ongoing post, but, I can't agree with you enough.

          I work in IT in healthcare, not the NHS, but close by.

          So many of our users seem proud of the fact that they can barely switch on a computer without assistance, it's scary. But of course, like you say, their comeback is, 'but I'm a healthcare professional, i cant be expected to know about this'.

          While I do understand to an extent, because I can't be expected to provide end of life care to our patients, but, I am a first aider. There has to be give and take on both sides.

          I keep hoping that the younger generation of HCP's that have grown up around and using computers will be better, but it doesn't seem to be the case, it's all, 'oh, at home we have a mac' or 'my partner works in IT, he said it would be fine'.

    9. gerritv

      Re: Experts all giving advice how how to stay secure

      Yep because other OS are safe, not: https://www.theregister.co.uk/2017/05/15/qnap_malware/

      Sadly there is a predilection for people who believe a false 'truth' to not be swayed by actual facts to the contrary, it actually entrenches their incorrect beliefs. Even though *nix has lots of fixes each month for vulnerabilities it remains perfect in the eyes of its believers. Apple has its share as well so really there is no safe OS.

      1. Infernoz Bronze badge
        Facepalm

        Re: Experts all giving advice how how to stay secure

        Off-the-shelf NAS are a rip-off for decent capacity, are under-powered (ARM or crappy Atom), and I'd guess a lot of NAS run proprietary Linux dist.s, so have poorer patching.

        A FreeNAS box is much better value for decent capacities; it uses commodity, parity RAM, x86 64bit hardware, and uses packaged recent versions of designed-to-be-secure FreeBSD, with easy to apply OS and component updates, and regular ZFS snapshots allow selective or complete roll-back protection against unwanted NAS file modification by Samba clients e.g. an infected Windows box, or user mistake.

    10. Anonymous Coward
      Anonymous Coward

      Re: Experts all giving advice how how to stay secure

      @OP Maybe you need to call them up and let then know about this magical OS your are using which has zero vulnerabilities in it.

      Do you know what's more dangerous than running an OS that you know most likely has vulnerabilities in it? Running one that you believe has none!

    11. HAL-9000

      Re: Experts all giving advice how how to stay secure

      The best one I see was Herb Lin on BBC news 24 telling people to update their PC's before switching them on? How the Fsck ... Chicken and egg or headless chicken

  5. Anonymous Coward
    Anonymous Coward

    (_*_) <--- this is a backdoor

    Wcrypt <--- a worm with access to backdoor functions

    NSA <--- derp

  6. Doctor Syntax Silver badge

    If they're within reach or Russian special forces it's not their S/W being killed they should worry about.

  7. Anonymous Coward
    Anonymous Coward

    A dish best served cold

    Now, I would *hate* to start an internet rumour... but didn't the USA promise a retaliation? :-)

    https://www.theguardian.com/us-news/2016/dec/16/obama-retaliation-russia-hacking-us-election

    http://www.bbc.com/news/world-39919249

    Yupp, there was some collateral damage amongst their allies, but thats the new normal.

    Anon because I might be right ;-)

    1. Doctor Syntax Silver badge

      Re: A dish best served cold

      "collateral damage amongst their allies, but that's the new normal."

      When the Germans open fire the British duck

      When the British open fire the Germans duck

      When the Americans open fire everybody ducks.

    2. Naselus

      Re: A dish best served cold

      "Anon because I might be right"

      You aren't.

      Firstly, a state actor attack would be far better targeted. Stuxnet, for example, actually checked the serial numbers of the centrifuges it targeted to ensure that it only hit ones created in the right date span to impact only those bought by Iran. The vector on this attack, on the other hand, literally just spammed itself out to every available IP address that had port 445 open.

      Second, US retaliation would almost certainly involve using a few zero-days. If you want to prove that you have vastly more power than your opponent, then you want to do something that literally resembles friggin' magic from his point of view. You want to show him that he can do nothing whatsoever to defend his critical infrastructure from your attacks. This did not; nothing in this hadn't already been discovered and patched. If the best thing the US can throw at Russia could be taken out by just switching on your WSUS server in the past three months, then there's no point even doing it because it would make them look weak, not strong.

      Thirdly, and most importantly, most of the original bits of this were actually quite shittily written. Oh sure, there was a genuine bit of high-tech NSA code in there from the shadow broker leak... but there was also a fair load of primitive crap there too. It's a bit like an 16 year old came into possession of an F-16; it was destructive as hell but he didn't really know how to fly it.

      I've just finished in a webinar on the incident, and there's literally 5 different layers of my SMB's security that blocked this (patching, permissions, firewall, commercial AV, VLANs). And we're not exactly cutting-edge - just running best practice.

      In short, if this was state-backed, then the state in question would have to be somewhere like Honduras, not one of the big-league infosec powers.

      1. Charles 9 Silver badge

        Re: A dish best served cold

        In other words, if this REALLY were a State attack, they'd be going for the jugular: using as as an inroad to permanently borking all the hardware in the machines to make them nuke-proof.

        And THEN they'd let them lay low. Perhaps remove the original vector to make things look all hunky-dory.

        And then, after a while, start having the borked hardware exfiltrate useful stuff, a bit at a time, encrypted, hidden in actual traffic. Perhaps even to legitimate destinations that have been secretly subverted so they can sniff the packets out in transit or whatever.

        IOW, a State attack is one you wouldn't even know it ever happened.

  8. Anonymous Coward
    Anonymous Coward

    On the topic of NSA exploits being used by WannaCry, was the DOUBLEPULSAR exploit patched with MS17-010?

  9. Doctor Syntax Silver badge

    I can't help thinking that announcing the discovery of the kill switch might not have been a good idea.

    1. Commswonk Silver badge

      I can't help thinking that announcing the discovery of the kill switch might not have been a good idea.

      And you should see the number of downvotes I got in another thread for suggesting exactly that.

      Another commentator stated (if I understood him correctly) that the "public announcement" was more or less irrelevant because security experts' chatter on blogs would have given the game away anyway.

      In turn that made me think along the lines of "FFS what sort of security experts swap notes on blogs that may be / almost certainly are open to being read by the hackers"

      I think I despair... if the above is true then there is simply no hope.

      1. Roland6 Silver badge

        "In turn that made me think along the lines of "FFS what sort of security experts swap notes on blogs that may be / almost certainly are open to being read by the hackers" "

        Agree, if the security experts haven't managed to build their own secure dark web for the exchange of security intelligence...

        But then looking at all the various security researchers, it does seem that many are freelance and so need and to some extend deserve the publicity for their efforts.

      2. Blotto Bronze badge

        Ransome code is not proxy aware, kill switch won't work in most enterprises.

        the code is not proxy aware and the kill switch would not work in well structured environments where the only access to the net is via a configured non transparent proxy.

        Enterprises will need to think a bit harder about how they ensure the kill switch is effective this time. The miscreants wont make this same mistake next time.

        Talking about the kill switch is good, wouldn't have taken the miscreants long to work out something was not right anyway.

    2. Norman Nescio Silver badge

      Possibly not an intentional kill switch

      As the Malwaretech blog entry here:

      https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html

      points out, it was quite possibly not an intentional kill switch.

      Some malware probes for the existence of a selection of randomly generated domains. Some sandbox VMs respond to all DNS lookups by providing back the IP address of the sandbox VM instance. If the malware sees a positive response to the DNS lookups (which should fail), then the logic is that it is probably running in a sandbox VM, which may well be being used to analyse/investigate the malware, so the malware stops running.

      The single lookup of the unusual domain name was possibly a poor implementation of this technique.

      Alternatively, it is an intentional kill switch, used during development, with a local DNS server on the malware developer's LAN, the function of which was to prevent infection of other devices on the same LAN. If anyone keeps records of DNS lookups, it might be interesting to see where the first lookups came from.

      1. Bill Gray

        Re: Possibly not an intentional kill switch

        @Norman Nescio : "...The single lookup of the unusual domain name was possibly a poor implementation of this [sandbox detection] technique."

        I read the Malwaretech log (excellent description of why you'd look for a nonexistent domain to determine if you're sandboxed) and thought:

        OK, so the virus writer should check a randomly generated domain, instead of a fixed one. That way, they can't all be registered, your virus can't be kill-switched the way this one was, and your virus can still tell if it's being run in a sandbox.

        Except the folks creating sandboxes might take the precaution of checking the domain. Instead of returning a valid result for any garbage domain, check to see if it's been registered first. Suddenly, the virus can no longer tell that it's running in a sandbox.

        Except then, the virus author checks four or five valid domains; if they all return identical results, you know you're running in a sandbox. (Reading further, I see that this method is actually used in some cases.)

        Except that _then_, the sandbox authors do some revisions so that seemingly accurate results are returned that are actually remapped by the sandbox code.

        This is all outside my area of expertise. Still, I could see a nearly endless cycle of fix/counter-fix going on here.

    3. This post has been deleted by its author

    4. Anonymous Coward
      Anonymous Coward

      In security

      The best do not brag about their successes or failures, it gives the opposition information they may use against you.

      Be careful out there.

  10. 0laf Silver badge
    Mushroom

    Oh FFS

    I've spend the whole morning fire fighting a executive management that are in abject panic over this. Despite the facts that we

    1) Have no windows XP left

    2)Patched MS17-010 over a month ago

    3)Have tweaked the security appliances to catch this stuff

    4) Issues alerts on Friday and primed the helldesk

    and ultimately, we've had no fucking incident!

    It's almost like they're upset nothing has happened. FFs we had more bother with the emotet version the week before. This didn't even register it was a non-event.

    And I must say how much I'm enjoying every department in the company trying to climb on the infosec bandwagon all of a sudden. It's almost like they can smell resources and influence or something. Strangely they're nowhere to be seen when it's risk assessment or PIA time.

    1. Voland's right hand Silver badge

      Re: Oh FFS

      It's almost like they're upset nothing has happened.

      You have prevented management from demonstrating that they are doing something on a subject that has hit the worldwide press. You are a very brave man.

    2. Anonymous Coward
      Anonymous Coward

      Re: Oh FFS

      Well done for preventing an incident and doing your job properly.

      I assume PIA time is performance review and hence pay review related. All those that prevented their organisation from suffering should remind everyone that is why you deserve more. How many will get pay rises because they "saved" the firm when really they failed to prevent the incident?

    3. gerritv

      Re: Oh FFS

      No crisis, therefor they can't be heroes. A sad psychological need of some senior management types. You wonder how it would be in a CMM level 5 organization, everything ticking along smoothly getting it all done in 9-5 time frame.

    4. LDS Silver badge

      Re: Oh FFS

      I'm sorry for you. Now management will think you won't need whatever you will ask in the future for security, nor you don't deserve a raise/promotion because the systems were already secure.

      A true BOFH would have set up a stage to tell how the whole IT department heroically fought the almost invincible ramsomware during all the weekend, and how close was the company to lose everything (including the porn stored on executive machines), until the kill switch was activated. So you need $$$$$$ in the future to increase security, and a promotion for the big overtime effort.

      That's, at least, what salesdroid/marketdroid/executive would have done....

    5. Roland6 Silver badge

      Re: Oh FFS

      It would seem that missing from your action list was a consideration of possible outcomes, thus you missed an opportunity for management to throw some money at you to do something about security: attend a few courses, gain a certificate or two, implement that new disruptive security policy etc.

      I recommend adding such considerations to your management panic mitigation checklist.

  11. Anonymous Coward
    Anonymous Coward

    What is the motivation here? Is all it seems to be...

    <Black Helicopter Icon>

    Ransomware usually works on a relatively widespread basis but usually SMB, and domestic users. Big organisations and governments, generally are defended (although clearly some well publicised exceptions)

    The beneficiaries are usually relatively safe as law enforcement cannot usually be bothered to investigate and the cash rolls in for the most desperate victims.

    In this case, knowing there are a number of nation state backed cyber defence teams looking into this... they either a) have balls big enough to need a wheelbarrow and believe that they wont get caught no matter what and cyber defence is really too hard to deliver effectively, regardless of backers. or b) that they are insanely stupid and greedy and are not following the news...

    Or is this already a state backed exercise from somewhere and is simply a global experiment at our expense? The fact the original flaw was used by the NSA is not really relevant, it simply got it publicity but was clearly available for a long time.

    1. Anonymous Coward
      Anonymous Coward

      Re: What is the motivation here? Is all it seems to be...

      Given that the only safe/undetected way of laundering the bitcoins will be to buy drugs or guns or other such illegal goods on the darkweb and then turn that into cash by selling it on then the perps are as you say both greedy and insanely (criminally) stupid. No doubt they'll have their comeuppance shortly - without being "caught" by any nation state backed cyber defence team - probably up some dark alley being stiffed by gangbangers.

      Probably just some kid :-(

  12. John F***ing Stepp

    I would guess about now

    Some one will be bragging about how fast Skynet will take this crap out as soon as we hit the big red switch. . .

  13. Pen-y-gors Silver badge

    useful reminder

    I'm well aware of the old saw about the cobblers children having no shoes, so I spent a few hours auditing my systems over the weekend. Making sure all machines were up-to-date on windows updates, turning off SMB1 everywhere, checking all anti malware, and making sure on and offline backups working. Most was fine anyway, but I'm glad I did as malwarebytes blocked an attempt to access port 445 while I was checking. Nasty little sods out there...

  14. gerritv

    The warning was there in Sep 2016!!

    We were told to stop using SMB v1 in Sep 2016. The only reason to keep it enabled is to use it with XP!

    https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/

  15. Mage Silver badge
    Facepalm

    systems therefore really need protecting

    Even better, users really need training. Stop opening stupid attachments/clicking links etc in email and then clicking OK!

    Any business user ought to have their OWN on site email server/Gateway (even if it's only using POP3 & SMTP to an ISP pretending to be a client). Then:

    1) Internal email isn't on the Internet and works if you lose internet.

    2) Links & attachments can be sanitised, deleted, quarantined).

    3) Disable all <a href="http://www.wattystuff.net/2014/03/dont-panic/>Server related services on Workstations</a>. Yes, that's XP but basically relevant to Win7, Win8 & Win10. There are some extra services to disable now and some are renamed. REMOVE file & Print sharing from every network interface on every workstation. Use a NAS, cheap Linux box, print server or whatever to share printers / files if you can't afford a Windows Server.

    I was setting up stuff like that with cheap SW on a Windows server 20 years ago, then even better quality on Linux 12 years ago with free software.

    It

    1. Charles 9 Silver badge

      Re: systems therefore really need protecting

      How does user training work when the infection comes from UP TOP?

      As for the server, how do you counter lack of budget and potential legal liability should THAT get pwned?

  16. IanMoore33

    Piece of shitte MS

    Gvmt should have started charging MS $1000 fines decades ago for each outage for their bug infested shiite they have polluted the world with .

    I can't even guess how much data loss and business losses in $billions are due to their dogshitte crap .

    Mac and Linux user

  17. IanMoore33

    MS should hire the NSA hackers

    maybe they can teach them something about software

  18. Anonymous Coward
    Anonymous Coward

    In light of this threat I just got around to patching a somewhat neglected Windows 7 PC. And now it's got a message from Microsoft (falsely) saying it's not genuine. It may not be registered but it's certainly a legitimately purchased copy. So far it's just a tiny message in the corner of the screen but who knows what else it'll do. I don't have time for this. Guess I'll roll back the update and take my chances.

    This bullshit is what I blame more than anything, even the NSA, for outbreaks like this. If Microsoft had an update channel for security patches only, not unwanted features and M$'s own brand of malware, people would but alot more inclined to stay up to date.

    1. Anonymous Coward
      Anonymous Coward

      Oh look, it also broke PowerShell. Never use it anyway but geez!

  19. John Savard Silver badge

    But

    Isn't the good news that the vulnerability it uses has now been patched even in Windows XP? So they're not going to find too many more victims out there, even now that they've overcome the other hurdle thrown their way.

    1. deathOfRats

      Re: But

      That a patch exists doesn't mean that the patch has been used. And even if it has been, it won't prevent most users to download/run the malware and lose their data. It just won't spread so easily.

      1. deathOfRats
        WTF?

        Re: But

        WOW! I have 2889 minutes to edit that post! XP

  20. Blotto Bronze badge

    so the scammers have patched their faulty software and released it.

    If only legit software updates could work in a similar way, exploiting vulnerabilities to patch un patched systems.

    No one would want to pay for that kind of a service though would they.

  21. Anonymous Coward
    Anonymous Coward

    The goal here was 2 fold.

    1. Hurt Russia.

    2. Hurt NSA credibility.

    Everything else is gravy for the attackers. Rumors running around that this is Deep State sponsored coming out of various cliques in intelligence agencies in retaliation for the Vault 7 leaks.

  22. Nano nano

    Turn off SMB v1 file-sharing ?

    Why not !

  23. Stevie Silver badge

    Bah!

    Yeah, saw this coming about one second after reading the original El Reg description of the killswitch.

    Perhaps if the bright young thing that found it had not been so hungry for fame we might have caught some breathing space.

    Oh well.

    Next up: Why the government can be trusted with your encryption keys and why they should have a proper back door into your computer that only they can ever use.

  24. Lion

    Peer creds

    The scum are obviously in hiding - either on a luxury yacht on the Black Sea or in a basement somewhere. I'd hazard a guess it is the latter. There must be other scum in the same racket who know who the are. I wonder if they have earned any street creds for what they did?

    - chaos (not really)

    - financial bonanza (nope)

    - media attention (big win)

    - shit disturbing (yep - mostly stirred the NSA and Microsoft)

    - rattle some chains (mostly IT departments)

    - peer envy (I doubt it)

    Their reward beyond the $30K they collected will be prison (blackmail and extortion are felonies).

  25. John Smith 19 Gold badge
    FAIL

    So the haul from this little operation is currently what $60K?

    V. Poor criminal work.

    Extortion technique needs more work.

    Clean up costs have probably been in the $m.

    1. Jim Birch

      Re: So the haul from this little operation is currently what $60K?

      This is a fairly typical ratio of realized proceeds of crime to cost of crime and prevention measures. The economic case for crime reduction is overwhelming. But it's easier said than done. People are creative, even (especially?) criminals.

  26. Paul Rawdon

    XP

    The update would have been already made for the cash register software based on XP that is still being updated.

  27. User-1

    Ransomware scum? Sorry but I'm rooting for these "scums". The only evil ones I'm seeing is MS for not supporting this OS and NSA for doing such a shitty job of securing their shit. One thing I hope these "scums" learn is to not be so lenient on their demands. $300? Really?

    1. Pompous Git Silver badge

      "The only evil ones I'm seeing is MS for not supporting this OS and NSA for doing such a shitty job of securing their shit. "
      Er... MS has supported XP and issued a patch for the vuln as recently as March 2017. A bit harsh to blame MS when it's lusers opening attachments with a payload that cause the problem.

  28. Anonymous South African Coward Silver badge

    Our one branch office got hit by the older strain. Guess their IT wasn't up to scratch, or somebody fell for a phish. Shame.

  29. truloxmyth

    Its a sign of the times that no government is actually interested in Universal security, for the greater good of human kind. We're at a point where everything is now based online, and everyone in the world is connected.

    The internet has removed the idea of 'borders' in the traditional sense!! I don't have to get on a plane to Italy, to see Italy. I can log onto remote cameras and a host of other online services, which mean I can be in the country without having to physically be in the country!

    The NSA wasn't even bothered about protecting their own country... They didn't release this data, to allow the problem to be solved. If I were American I would be Pissed that my own government has been complicit in this entire debacle by keeping this quiet, and didn't release the information to the wider security community when they found the holes!!

    If your doctor found you had terminal cancer, but they had a product that would guaranteed slowing of the cancer or entire removal of the disease then you would expect them to tell you wouldn't you?! But when the shady NSA finds a potentially life threatening exploit, they keep it to themselves?!... the middle letter of NSA stands for SECURITY for effs sake!!

    There is no such thing as trust anymore between so called 'allies' as the NSA has just proved. It has also proved that life is worthless to them. This is clearly due to their inability to see the bigger picture of what they have A. Created, and B. Allowed to be released into the wild!!

    Yes someone in their bedroom could have found the exploit, but that's a bedroom hacker/cracker. But you put pretty much unlimited resources and man power behind a department, then they are clearly going to come up with the exploit a billion times faster than a sole agent. Or even a collective of agents separated over the globe.

    So all this stupidity that the NSA shouldn't be held accountable should be rethought. Because they CLEARLY are at fault here, for NOT DISCLOSING THE INFORMATION LAST YEAR!!!

    1. Anonymous Coward
      Anonymous Coward

      "If your doctor found you had terminal cancer, but they had a product that would guaranteed slowing of the cancer or entire removal of the disease then you would expect them to tell you wouldn't you?! But when the shady NSA finds a potentially life threatening exploit, they keep it to themselves?!... the middle letter of NSA stands for SECURITY for effs sake!!"

      Unless, of course, there are SIDE EFFECTS. What if said doctor forgot to mention the treatment in question only has a 50% survival rate, for example? NOW is it worth blurting out?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019