back to article Johnny Hacker hauls out NSA-crafted Server Message Block exploits, revamps 'em

Hackers* have improved the reliability and potency of Server Message Block (SMB) exploits used to carry out the hard-hitting NotPetya ransomware attack last year. EternalBlue, EternalSynergy, EternalRomance and EternalChampion formed part of the arsenal of NSA-developed hacking tools that were leaked by the Shadow Brokers …

  1. JohnFen Silver badge

    Whoah

    Damn, people are still using SMB??

    1. J. Cook Silver badge

      Re: Whoah

      Sadly, yes. For the large part, it's SMB v2 (or 2.5, 3, 3.12, 3.flavor of the day, etc.) and smb v1 should be firmly turned OFF.

      Also, who the hell exposes the SMB port to anything external?

  2. John Smith 19 Gold badge
    Unhappy

    "Damn, people are still using SMB??" "Also, who the hell exposes the SMB port to anything external?"

    Well, yes.

    Good questions.

    I thought these attack vectors were obsolete as the OS's they ran on.

    Clearly these guys think it's enough of a thing to make their time and trouble worthwhile.

    So what do they know that we don't?

  3. Anonymous Coward
    Anonymous Coward

    Powershell/WScript

    I see a lot of successful exploits using Powershell recently.

    Seeing as how most users never use Powershell perhaps it would be a good idea to have it disabled.

    Same for the Windows scripting host.

  4. amanfromMars 1 Silver badge

    IT's All a Matter of Perspective ...... and whether You Be Slave Serf or Free to Server Units

    Hackers, including those who are not named John, Johnnie, Janelle or Jonah, have improved the reliability and potency of Server Message Block (SMB) exploits ... John Leyden

    In early type Bletchley Park Huts and current running Cheltenham Doughnut StationsAre hackers improving the reliability and potency of exploits crack coders and code crackers?

    It is strange though how working diligently in the private sector at the leading cutting edge of new vital ubiquitous technologies with disruptively creative methodologies can have one so crassly classified Renegade Rogue and Jolly Rogering Pirate.

  5. CAPS LOCK Silver badge

    Hmmm, I was, just now, thinking of changing my business network to NFS...

    ... more food-for-thought.

  6. Anonymous Coward
    Anonymous Coward

    Both Xerox MFP Printer and Fiery RIPS are still selling printer solutions that rely on SMBv1 for scan to PDF files. The only way to allow this feature is to leave SMBv1 ON your server share. I have complained to both Xerox and Fiery and their reply is it's not a priority. Apparently, all Fiery RIPs for Postscript printing rely on SMBv1.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020