A runaway strain of malware hit Windows computers Friday and spread through the weekend, rendering hundreds of thousands of computers around the world more or less useless. The big twist: The virus was made possible by U.S. government hackers at the National Security Agency. But the finger-pointing won’t stop there, and it probably shouldn’t.
As the worm, known as WannaCry, has been contained, more free time has opened up in which to argue and assign blame beyond the anonymous hackers who used leaked NSA code to assemble the virus, and whatever party decided to turn it into ransomware. Microsoft isn’t holding back.
In an unusually bold and forthright post by president Brad Smith, the company called out the NSA by name for not just creating, but “stockpiling” — and then, like Cyber Frankenstein, losing all control over — the attacks that made WannaCry possible:
This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action.
Every software weakness the NSA (or CIA, or FBI) decides to use for itself in total secrecy is necessarily one it won’t share with a company like Microsoft so that it can write and release a software update to keep its customers safe. (Whether or not you see this as a good and necessary thing likely has a lot to do with your opinion of whether the NSA too often prioritizes its ability to hurt adversaries over the privacy and safety of U.S. citizens or over the privacy and safety of people in general).
The government’s official decision to withhold or disclose is driven by something called the Vulnerabilities Equity Process (or VEP), and its exact mechanism is not entirely known. The VEP is meant to balance the advantages gained by keeping a given software vulnerability secret versus the potential risks to the world at large.
When the NSA adds to its arsenal an undisclosed software vulnerability, known as a “zero day,” rather than reporting it to the maker of the software, any common cybercriminal who happens to independently discover it will be free to exploit the security hole for their own ends, sometimes for years and years. Even if everything goes according to plan for the NSA, this sort of stockpiling values the military and intelligence community’s offensive capabilities over the digital safety of, well, literally everyone else, and is rightfully controversial.
But per Microsoft’s point, things aren’t going according to plan recently, and our nation’s secret keepers have been having a lot of trouble keeping their computer weapons away from the likes of the Shadow Brokers and Wikileaks. It’s a true and damning argument on Smith’s part: Whether due to internal leakers or external attackers, two of the most advanced and secretive spy agencies in the world have seen some of their most prized offensive tools snatched out of the shadows and not only made public, but weaponized against British hospitals, Chinese universities, and FedEx. Congressman Ted Lieu, a rare legislator with any background in computer science, sees WannaCry as an opportunity to overhaul the VEP in favor of more disclosure: “Currently the Vulnerabilities Equities Process is not transparent and few people understand how the government makes these critical decisions,” the California Democrat wrote in a statement as WannaCry raged around the world. “Today’s worldwide ransomware attack shows what can happen when the NSA or CIA write malware instead of disclosing the vulnerability to the software manufacturer.”
The NSA did not create WannaCry. Rather, it discovered weaknesses in various versions of Windows and wrote programs that would allow American spies to penetrate computers running Microsoft’s operating system, and it was one of these programs, codenamed ETERNALBLUE and repurposed by still-unidentified hackers, that allowed WannaCry to spread as quickly and uncontrollably as it did last week. Whether or not you think the causal chain is such that the NSA is in some sense morally responsible, it’s undeniable that without the agency’s work, there is no ETERNALBLUE, and without ETERNALBLUE, there is no May 2017 WannaCry Crisis. In this sense, Microsoft is right–but the blame shouldn’t end there.
Microsoft also did not create WannaCry. But it did create something something nearly as bad: Windows Vista, an operating system so horrendously bloated, broken, and altogether unpleasant to use that many PC users back in 2007 skipped upgrading altogether, opting instead to stick with the outdated Windows XP, a decision that has left many people on that decade-and-a-half-old operating system even today, years after Microsoft stopped updating it.
When Microsoft responded to the startling initial reports of ETERNALBLUE’s public release by noting it had already inoculated Windows against the threat via software patch, it did not mention that XP users were not included. Using an operating system after its expiration date is unwise, but in fairness to the millions of people around the world still using old versions of Windows, expecting consumers to regularly buy expensive software of uncertain quality is unwise too. It’s only relatively recently that Microsoft has started to shake off the stink from Vista (and the confusing Windows 8).
Some of the NSA’s defenders are quick to blame computer owners and IT administrators for not keeping their software current, but less likely to blame Microsoft for writing insecure code, alienating customers with shoddy operating systems and planned obsolescence, or dropping support for older OSes still in wide use. (The fact that Microsoft did actually release a WannaCry security patch for Windows XP over the weekend shows that it’s entirely possible to make old software safer). It can’t be overstated that the choice to let older versions of Windows lapse into a condition of permanent insecurity is as much a business strategy as an engineering decision, and one that leaves Microsoft customers in the lurch when something like WannaCry breaks loose. In the case of a large, high-stakes organization like a hospital or manufacturing plant, upgrading to the next version of Windows isn’t just a matter of waiting for the progress bar to fill, but a nightmarish web of compatibility issues with specialized hardware and niche, 3rd party software. If letting a computer network in you administer run Windows XP is negligent, it’s surely a negligence that pales compared to losing a military cyberweapon, or abandoning vulnerable customers whose computers work more or less fine.
The NSA surely wants to do its work in full secrecy, undisturbed as much as possible by obligations to anyone or anything else–it’s the business they’re in. Microsoft surely wants to continue to sell successive versions of Windows every several years and gradually forget about its earlier attempts–it’s the business they’re in. But these two agendas, of militarism, absolute secrecy, and software profit maximization create an environment that allows something like WannaCry to stomp all over the globe, hobbling hospitals and train stations in its wake.
There are two key points here to note:
Firstly, as the article points out the US government seems to be quite willing to compromise the security & safety of its (& global) citizens in the interests of developing weapons to attack its enemies. This willingness to compromise its citizens has spread to all of the 5 Eyes nations, and beyond. It now seems to be the norm, with only a small number of democratic countries sticking to their principles.
Secondly, that the process is self-generating and self-sustaining. Just as hatred breeds further hatred, so does this type of malicious software breed more of its kind. It’s a viscous circle, without break and without end.
The USA is behaving more and more like a hostile state that regards all foreign countries as enemies, even those it claims as allies. It mistreats those countries it claims to be allied to, using a variety of methods to keep them in line, and make sure their leaders pretend that the relationship with the USA is good and ‘special’. The reality is that these other countries are forced into putting on a show of unity, and put up with the coercion and bullying from the USA.
Sam,
I want to thank you for your succinct summary of post de-industrialization paradigms at work: militarism-absolute secrecy and software-profit maximization. Vulnerable is the feeling you just can’t let go. Thank you and the intercept for voicing truth to power.
Why are governments, schools and hospitals wasting money and running insecure systems by using Windows and not open source software? If Microsoft had been prosecuted for anti-trust violations and illegal business practices (death of Netscape/patent extortion) in the 90s then the world wouldn’t be in this mess. People are rejecting WindowsOS phone for a reason.
Then there was the Microsoft “We want to shove Windows 10 down your throat” update marked as “important” that kept crashing computers, overran data caps by helpfully downloading the gigabytes just in case, and was hard to get rid of. And Windows 10 itself that in the middle of a presentation, or exam might decide to install and update and reboot a few times locking you out for a half hour or more. So people disabled automatic updates because they were such a problem.
Microsoft’s irresponsibility in doing the software updates causing people to shut them off is their responsibility.
(Apparently the most recent Win10 will ask you if it is convenient to install and reboot, but the Win10 was practically itself malware, crashing and rendering unusable many computers that weren’t compatible and couldn’t reverse the update).
YES! Since when does a software company have the right to invade my computer, override my right to refuse, and totally remove and replace my &^%$ operating system??? Especially when we all know Microsoft’s record with new OSs.
In essence, they were forcing many of us to become their free Beta testers. In addition to enduring the inevitable glitches (that’s what Beta-testing is for, after all), who knows the f&^%$ security holes???
I got rid of it but I know people who just kept it because they didn’t know how to (or didn’t feel comfortable) removing it. Microsoft wins–we lose.
Well with the NSA and US having all this intelligence, we now certainly know that the Russia-Putin breach to the Dem Party was not realistically feasible– they do not have the technology. crookdClintObama lies end here. Can be thankful for that being put to rest.
It was reported in 2013 that Microsoft showed security flaws to the NSA
before fixing them.
https://web.archive.org/web/20130622044225/http://blogs.computerworlduk.com/open-enterprise/2013/06/how-can-any-company-ever-trust-microsoft-again/index.htm
>It can’t be overstated that the choice to let older versions of Windows lapse into a condition of permanent insecurity is as much a business strategy as an engineering decision, and one that leaves Microsoft customers in the lurch when something like WannaCry breaks loose.
What, should Microsoft continue to release patches for Windows 95 and Windows 3.1? I mean how far are we going with this?
“What, should Microsoft continue to release patches for Windows 95 and Windows 3.1? I mean how far are we going with this?”
You, Dietrich Buxtehude, might be happy to turn yourself into an ‘update slave’ (or is it ‘update zombie’?) but it is not a humanistic ideal for homo sapiens ….
Or perhaps open up old/obsolete versions to an updating system similar to many Linux distros.
If there is a demand to keep using various old/obsolete OSs for whatever reasons there are surely people qualified to keep the OS up to date towards security vulnerabilities. This solution would damage the whole profit driven closed source planned obsolescence business model though and we don’t want that, right?
Now that their Commissar-in-Chief ObaMao is out of office, the leftist globalist corporations like Microsoft crawl out their holes to insert themselves in politics and national security matters. NSA is tasked with defensive and offensive cyberwarfare in the national security interests of the USA. The rest of the world is not its concern and rightly so.
If Americans receiving care in American hospitals aren’t included in “national security interests of the the USA”, then who the fuck is?
I’m sorry but this brings up a wider point for me: why is it that you (and your foreign/security policies) conveniently ignore “the rest of the world is not it’s concern and rightly so” when meddling in foreign countries politics and resources? It’s especially ironic when that shit eventually turns around to bite you in the ass and become “national security matters”…
Free and open source software is the only known defense against malware. The development of high quality, stable operating systems under a GPL licence should be substantially supported by the government and viewed as a public infrastructure just as vital as the roads and bridges.
“The development of high quality, stable operating systems under a GPL licence should be substantially supported by the government and viewed as a public infrastructure just as vital as the roads and bridges.”
This should be the indisputable principle for operating systems development .. Not doing so, tells us a lot about the inefficiency and outright harmful directions governments follow.
One sad fact, there are still a lot of people who have never heard of Linux and Linux distributions, or, they might have heard about Linux but think it is something weird.
Besides obvious advantages, having Linux (mint distribution for example) to access the Internet, will instantly reduce Internet data usage to just a fraction of what windows 10 requires.
NOTICE: An interviewee on Fox-Tucker Carlson a couple nights ago said that “they’d RECEIVED about… $70,000″ in ransom payments from the “virus.”
The interviewee (I can’t remember his name) had all kinds of statistics in addition to the monetary collection figures.
I don’t think Carlson caught the significance of the interviewee’s statements.
HINT HINT.
Microsoft’s software is among the most poorly designed available, and their support for PC users of their garbage is horrendous. MS products are so cumbersome, and the code so obscured that their “tech” support people usually don’t know how to use it well either.
Linux, on the other hand, is open source, well-designed, and has a community of users who are knowledgeable. I use both the garbage that MS foists upon PC users, but ever since I bought to used 64 bit Dell machines loaded with Linux Mint, and the other with Ubuntu, I find it difficult to use my MS machine.
Bull$h1t. *nix, M$ or crApple, if you don’t take it upon yourself to maintain, upgrade, patch, fix or implement changes, you are leaving yourself open regardless of OS
I’m no Microsoft fan but they actually go further in supporting their user base than most of the alternatives.
Apple rapidly drops support for hardware leaving users stuck with old and unsupported OS versions running on perfectly good hardware. The iPad1 was dropped after only a couple years and Intel based 32 bit systems are stuck at OSX 10.7 Lion. PowerPC based macs are long forgotten but the transition to Intel that deprecated PPC systems occured in about 2 years and left many quite irritated. This is infuriating to users who pay a premium for Apple’s closed eco-system and are forced to either toss perfectly good hardware into the scrap pile or run an outdated and possibly unsecure system.
Linux (and BSD) deprecates older kernel versions and introduces library incompatibilities with version creep that make it impossible to patch some vulerabilities and keep typical user applications current on older kernels. The Long Term Support intervals vary by company with Ubuntu at 5 years and Red Hat EL supporting 7 or 10 years. Both are below the lifetime interval on large deployments (like hospitals) and below the 12 year official lifetime of XP released in 2001.
Going to enterprise level Unix like HP-UX or IBM AIX gets you a much longer term support model but you pay a significant price for maintenance and updates as well as for custom hardware. Even in these environments there will eventually be a major release demanding a very disruptive system-wide upgrade.
In short, it’s not just Microsoft but they get the black eye because they have the largest user base and buggiest code. The real blame should be on the shoulders on the NSA, CIA, FBI, etc. that hoard these vulverabilites and the administrations and congress that allow them to do so. It’s not a stretch to suggest informing Microsoft, Apple, Cisco, etc. of their vulerabilities and thus protecting US citizens and US infrastructure from hackers and state actors outweighs the gains the spy agencies receive from exploiting their treasure trove of exploits. Clearly the NSA/CIA defenders ignore the damage the agencies do to US brands by giving the world the impression that US hardware and software cannot be trusted. Continuing down this road will only serve as impetus for China, Russia, North Korea, et al. to develop and rely upon alternatives to US technology. At some point allegedly “keeping us safe” does more harm than good. Perhaps the New “keeping us safe” should focus on patching vulnerabilities rather than exploiting them.
Really? I run 3 Apple macs in my home design business and they are from 2010, 2009 & 2006. Whilst they have all reached ceilings in small and various ways, they are still predominantly secure and I guarantee that all 3 are more productive than your average Apple/PC ‘prosumer’ with the latest laptoaster. Having motivation leads to acquiring information. And I’m grateful for the unnecessary mac scrap piles because it creates for me a near endless supply of spare parts.
Well said.
To say that Windows 10 is Microsoft shaking off the stink of bad decisions, is laughable.
If MS has a ‘Stink of Bad Decisions’, how about the Treasury Dept.
If letting a computer network in you administer run Windows XP is negligent, it’s surely a negligence that pales compared to losing a military cyberweapon, or abandoning vulnerable customers whose computers work more or less fine.
From their Website – http://www.treasurysoftware.com/white-paper-ach-facts.html
Treasury Software develops a range of cash management and secure payment solutions for business including ACH, positive pay, BAI, bank reconciliation, and credit card reconciliation. Designated a Verified for Windows XP software application by Microsoft, Treasury Software is a Microsoft Certified Partner and Winner of the Gold Cup Award from CPA Software News.
That’s the story – Automated Clearing House (ACH) runs XP & How pervasive is this crime? According to a report late last year from the FBI, there has been approximately $100 million in attempted losses due to ACH fraud as of October 2009. The FBI reports it is seeing several new victim complaints and cases opened every week.
Please note that “Treasury Software” is a private company. It is not part of the US Government. Therefore, I think DD More’s comment is confusing the issue, rather than advancing the discussion.
I’ve been thinking lately that what I would like is a Robust Router Operating System. The idea is to re-purpose a lot of these consumer grade routers floating around and turn them into a hardened security systems with plugable architecture..
Something to add might be a VPN.
Secure email Like ProtonMail.
Or a Tor Node.
If it were based on Debian you could do things like:
apt-get install protonmail
or
apt-get install tor-router
Individual VPNs could roll some Debian packages that install in routers.
apt-get install pia-router-vpn (VPN)
A protocol that extends fail2ban to routers call it scale2ban.
Dual boot routers that can boot from a usb stick would also be nice.
etc.
Agree
Over the years I’ve created my own software by submitting stacks of punch cards that contained FORTRAN, PL1 OR ASSEMBLER source code to main-frame batch systems. I’ve gone through all the transitions and adopted PC’s at a time when bottles of Whiteout could be found sitting next to PC screens. I am now approaching my 75th year, and I’ve never been a tech professional.
Debian Jessie is my default environment where I do almost 100% of my work. I’m a believer in a co-operative economy. Patronizing co-operatives, collectives, OpenSource, Creative Commons, crowd-funded and similar economic arrangements makes me feel good. Being marketed to makes me feel bad. I think I’ve be over-joyed to find myself living in a cooperative nation.
I have a hobby machine that I expect will eventually become my default. The OS is a Debian Install of Qubes 3.2. Qubes is crowd-funded and implements privacy and security by isolation rather than fortress methods. The machine is an older Lenovo Thinkpad that is capable of supporting the full scope of Qubes. I expect Purism, a crowd-funded machine that can be ordered with Qubes to eventually replace the Lenovo. I do contribute to cooperative ventures.
Myself, I do this stuff as a hobby. I have no reason to seek high levels of security and privacy. To me, privacy is simply the personal space that virtually all mammal, and many other, species require. Bats, hippopotamus, zoo animals and live-stock may not require personal space, or become very sick if deprived of it. Internet privacy is part of my personal space. To me, it is a requirement of free-living social humans.
How about you? No individual has to live in a zoo. Maybe read a book instead of haunting Internet non-stop. Perhaps the new news might be “After years, David Whyte’s ‘The Heart Aroused: Survival of the Soul in Corporate America’ becomes a best seller.: Who knows, maybe an edition has been released under Creative Commons.
Look into DD-WRT and Tomato router firmware.
Why can’t the NSA just find and take down wikileaks? If they can get Kim Dotcom and Aaron Schwartz, if Snowden and Assange have to live in exile, then why can’t the NSA or the CIA find wikileaks agents and servers?
Is it insane to think that perhaps wikileaks is simply a rogue faction of one of the US intelligence agencies? Or a front? The only explanation that does not make sense is that an actual enemy state is behind all these leaks and attacks, or we’d have caught them long ago.
I suppose that you’re right. Wikileaks is assuredly at fault for merely pointing out that the NSA had these Malware tools that they used, stored in an unsecure place. It’s also Wikileaks fault that the NSA used these tools against innocent Americans that they illegally spied upon.
Yeah, that’s the juice. Is it still ignorance when the truth is out there and you still spew stupidity?
So…wikileaks is the “problem?”
“NSA’s defenders are quick to blame computer owners and IT administrators for not keeping their software current, but less likely to blame Microsoft for writing insecure code, alienating customers with shoddy operating systems and planned obsolescence”
You would know NeoCapitalism is broken (and people (are essentially fucked!) when the bell on your very reliable bike gets broken and the only way to get a new bell is to pay for a new (and expensive) bike! Not only that, but the new bike is connected, and keeps uploading your data, to mother ship.
The establishment mindset requires a lot of double think. The NSA is violating the law on a vast scale, but that is OK (four legs good). Other people doing the same thing are somehow immoral (two legs bad).
Look for stories to emerge about how people who kept their data in the cloud were mostly spared and that those hardest hit were running pirated versions of Windows. Thus delivering a profound moral to the story.
I do hope that anyone with anything stored in various clouds is aware that it’s all being data-mined for fun and profit. And hopefully anyone capable of running pirated Windows is small and smart enough to stay one step ahead of the Man.
I love your double-think framing. It reminds me of the uproar around Russia’s supposed election-hacking by (someone) leaking genuine emails in amongst a sea of fake news and literal shit. If you compare that to the US’s history of meddling, coup-backing and assassinations in foreign states, it reminds me how inwardly sensitive and outwardly ignorant a superpower can be.
(I sometimes laugh at a potential conversation involving one of Putin’s thugs trying to supply weapons to Cliven Bundy and his militia for an uprising;
Cliven: No thanks, we’ve got our own. And they’re better quality than yours!)
Microsoft got in bed with the Devil a long time ago. You reap what you sow in life, I guess.
I am pretty sure that Microcrap is in league with the anti-virus software community-they probably tell eachother about how to get hapless users to pay more and more for software to protect their crappy software-a mutual benefit relationship.
So nice to read something well written.
Greed for sure.
Upgrading Microsoft operating systems has always been problematical. You never know what will work and what won’t work after the upgrade. Even if the upgrade works well there is always the issue of device drivers. Third party manufacturers don’t always write new device drivers for older devices. Thus, your new operating system will no longer talk to your printer. It is easy to see why large institutions don’t upgrade when they basically have worked all the connectivity issues on their old OS and are unwilling to risk failures and untold hours of debugging to upgrade. Microsoft has basically been blind to these issues for years. Now we learn that MS had fixes and didn’t distribute them.
Add to this the part played by NSA etc. and you have a guaranteed formula for disaster. There is no national security issue that justifies putting hospital computers at risk solely for some theoretical national security advantage. The end does not justify the means. This is especially true when the end may be largely illusory.
By the way, you do back up your data don’t you??
After approximately 25 attempts to upgrade to Win 10 Creators edition, following MS’s tutorials and using their downloaded tools to remove an error I was getting that kept the system from upgrading, I finally gave up and installed a Linux OS. One try, all went well.
Whatever happened with VMS-Virtual Memory System- from Digital Equipment Corporation, now HP.
I remember it was banned from the old Black Hat meetings of yesteryear because it couldn’t be hacked.
Initially, programs like Wordstar, Lotus123, Norton Editor, dBaseIV, etc., didn’t come with all the complexities that programs have today. Unfortunately, they could be easily copied and installed on multiple machines. This was bad for business.
Microsoft was quick to make their operating system conform to the new needs of remotely detecting and deactivating pirated software. So they purposely introduced vulnerabilities that could be used to limit the usefulness of pirated and cracked software.
These are the vulnerabilities that are now coming home. The vulnerabilities form the very foundation of Microsoft’s business model that created Bill Gates among many others.
Thanks for the clear, balanced summary of this serious cyber issue/incident. Considering all the implications and ramifications is rather alarming. Your insights are appreciated because right now I am working too many hours to spend time deciphering long articles written by the big & bossy news publishers.
Glad to see someone point out the problems with Microsoft and the share of the blame they deserve. I think the burden on users, especially small businesses, is underappreciated. I loathe Microsoft and Windows 10, and refuse to give them money if I can avoid it. I use Windows 98 at home, though it can no longer install a functional browser or play a video.
But at the small business I work for, the boss always upgrades to the latest Windows and lets it update automatically, so I am stuck with Windows 10 at work, and am unable to keep it from pestering me with ads and update related messages. Every time Microsoft decides to update us to a new operating system, we experience days of lost work trying to fix all the compatibility problems and find where they moved every damn thing. It’s infuriating. My work PC now works like an i phone or something.
My work also has an XP machine, currently disconnected from the Internet, that we absolutely rely on periodically to run a DOS program that won’t run on anything after XP. I’d tell the boss not to plug it in to the Internet next time, but how will we get the data out of it without a floppy drive?
By the way, I heard NASA still has some computers that use card readers, because they are communicating with spacecraft that left the planet in the 70’s. Presumably not connected to the Internet, but there are lots of reasons people keep old computers.
ZONEALARM.COM
At home you can try Ubuntu (even without installing it, by using a DVD or usb stick). Note that it may be slow on ancient hardware. If you have a laptop, you may need some online help to install, because laptopmakers do not always keep to standards. Updating is easy. You can install it next to windows if you want (on a separate disk or partition), but do some research first. Ubuntu doesn’t run DOS, but has browsers, video players and office programs such as spreadsheets. You don’t have to pay for it, it is free.
Good article. I wish The Intercept would only focus on stories like this and do away with the political hit pieces and the pro- illegal immigrant stories. Anyone not connect to the Washington establishment hates the way the intelligence agencies operate.
The right and left should be able to unite on issues like privacy and marijuana legalization. We should stop focusing on our differences and focus on our similarities.
Why don’t you go read a technical website then instead of a political website
Are you saying you can’t do both? Do you think tech is immune to politics?
I definitely need to read the article. But maybe the leaker has stock in the more impervious medical-info-networks that will now need to be installed?
TallyHoGazehound May 16 2017, 9:51 p.m.And there is this to consider, as well: https://www.cs.columbia.edu/~smb/blog/2017-05/2017-05-12.html
The small business owner answer is much simpler than the smb blog you posted suggests.. just go to ubuntu.com and download and install the ubuntu.com or go to the centos.org website and download and install either Ubuntu or Centos [https://www.digitalocean.com/community/tags/centos?type=tutorials] for no cost at all. New users will be surprised how easy these two operating systems are to learn but more than easy to learn to use these Operating system can teach you a lot about your own computer. There are tutorials all over the place on the net. Linux is rarely affected by virus and it is supported by a massive number of persons all over the world. . My two bits.
? Reply
Yes. You have a reasonable suggestion for some. Personally, Ihave two boxes on my desk. One runs Win10 the other a Linux distro. The Win10 box crashes on almost every MS update. Sometimes “self-correcting” others it requires a computer tech support. It’s an old box that probably can barely run Win10 on its best day. The Linux box is like a little two-stroke engine that seems to chug through anything the internet wants to throw at it and the guts of that box are even more feeble than the Win10 box. But if I ran a business that wasn’t computer oriented, unless Iwas specifically skilled, I wouldn’t choose a Linux distro. A small business, running on a shoestring, might not have the resources to “learn a lot about your own computer.” For better or worse, we have a world where computers are like cars. Life is structured such that, for some, both are unavoidably required even though one’s talents don’t stretch to “engine repair.”
If I am correct, back in 1962, JFK was so pissed at the CIA (Bay of Pigs, etc.) that he wanted to smash it into one thousand pieces. If it was bad then, it, and it’s clones (NSA, DIA, etc.) must be unfathomably evil today.
and look what happened to him..
There will always be vulnerabilities. The NSA kept secret the exploit of SMBv1 known as a zero-day because Microsoft did not know about it. That secret makes it a highly effective tool. The moment Microsoft knew about it they started to patch the flaw that allowed it to be exploited. The NSA likely used this zero-day for over a decade as it even worked on Win7 which despite Win8/8.1/Win10 is still very popular. The majority of the systems hacked world-wide were WinXP, a 15 year old OS without support for the last three years. Most of those systems were pirated or just not upgraded due to the Microsoft licensing tax. Microsoft released the XP patch because they were taking a lot of heat about the WannaCry virus.
Perhaps OS vendors need to open source their code for public peer review or at the least offer exploit bounties with cash prizes. There are plenty of people on the autism scale capable of cashing in big time by competing for the payouts and revealing zero day exploits that can be quickly patched.
The nature of nation-state cyber warfare means these zero days will continue. The Stuxnet virus was a suspected NSA / Mossad attack on the very specific Siemens PLC infrastructure running the Iranian gas centrifuge enrichment sites. It infected computers around the globe but did nothing until it spotted the correct Siemens configuration specific to the Iranian nuclear enrichment sites. It was a highly sophisticated bug free virus that hid it’s activity very well. It was not the normal garbage produced weekly by cyber criminals. It was clearly written by phD computer scientists. There were 4-5 zero day exploits to allow a USB thumb drive to silently infect Windows computers and gain control. For several months the Iranians could not understand why their centrifuges kept breaking down causing significant down time and when repaired it would happen again. All the monitors showed everything working properly but the virus was lying. It was speeding up and reversing the motors so they would break. It was exceeding the specs on the motors but telling the operators that everything was working normally. It was a brilliant piece of work.
Welcome to the new reality where a digital cold war rages and end users are caught in the middle of it. Get ready for IoT – Internet of Things to cause some serious problems. All these devices and appliances getting attached to the Internet and security an after thought and just plain highly lacking. A Philips light bulb connected to your WiFi might allow one to hack the lightbulb and gain access to the Wi-Fi network. Your refrigerator might have a flaw that allows someone to unlock your IoT door locks, etc. It’s gonna be cyber armageddon! Got a keyfob for your car? There’s an amplifier antenna device where thieves can boost your keyfob signal to unlock and start the car in the driveway even though your keyfob is on your nightstand while you sleep. The paranoid have taken to putting their keyfob in their freezer or putting it in a faraday cage. Your smartphones are the best thing ever for cyber espionage. Before Snowden leaked the details, the NSA could hack anyones smartphone to eaves drop using the microphone and camera and GPS. Apple and Google quickly upped their game after the Wikileaks which is why the FBI couldn’t hack that iPhone 5C and begged Apple to help. Apple knows that once the cat is out of the bag you cannot contain it. Which is exactly what happened to the NSA’s favorite cyber toys being stolen.
Well said :)
Sam Biddle,
Other than agreeing that this is truly dangerous and as stupid a policy as unleashing a Stuxnet virus out in the world, there needs to be a bit of clarification to round out your story.
Win7 quickly replaced Vista after XP (I did the transition to two OS in a couple of months). Anybody who wanted to learn, could learn when Microsoft would no longer support XP.
Even I can see that although MS can update old software, I can also see why MS would not want to.
They are also overstaffed with a far less talented pool of coders, so I would – if I didn’t need the features for business – have left MS and their under-performing and highly nasty Win10 for Open Source. In other words, why should they support older systems when they can’t even make one decent and current OS?
Another point of fact, Windows10 is the worst OS system that I have ever used, and I would be happy to revert to 7 or XP (I still own disks) if only MS thoroughly supported the systems.
We do NOT and will NOT do business with persons/businesses who use WINDOWS 10.
Increasingly, tech companies are setting new rules to remind end-users of who is boss and who is slave!
Microsoft, with Windows 10, is a clear manifestation of that.
BREAKING NEWS 5:30 ET 5/16/2017
Comey Memo Says Trump Asked Him to End Flynn Investigation
https://www.nytimes.com/2017/05/16/us/politics/james-comey-trump-flynn-russia-investigation.html?hp&action=click&pgtype=Homepage&clickSource=story-heading&module=span-ab-top-region®ion=top-news&WT.nav=top-news&_r=0
With all due respect, please stay on topic.
Besides, Do you seriously think that you are breaking some huge story here that nobody else has seen? C’mon, it’s all over the damn Internet.
…I know it’s a break from the topic… but there wasn’t an current article that directly tied in…
and this seemed of vital relevance to so many running threads on the site… all centering around calls for evidence and the insistence that there’s “nothing” to these investigations… etc.
while yes, I’m sure many have seen it… some may not have seen it.
carry on
Again READ!…”New York Times has not viewed a copy of the memo, which is unclassified, but one of Mr. Comey’s associates read parts of the memo to a Times reporter…anonymously
https://www.nytimes.com/2017/05/16/us/politics/james-comey-trump-flynn-russia-investigation.html?hp&action=click&pgtype=Homepage&clickSource=story-heading&module=a-lede-package-region®ion=top-news&WT.nav=top-news
this story has been sourced independently by The New York Times and The Washington Post, and others…
As noted, the notes are unclassified, meaning the sources vouch for the content…which will also be released.
Bold font ..impressive..very convincing..not
I’d have used a yellow highlighter, if the option were available.
Chaffitz (R) CA wants to see the memo.
Graham (R) wants to speak with Comey
John Dean thinks this is as bad as Watergate
CNN, WAPO, NYT, and another news org have verified the source through independent channels, confirmed as reliable.
Your skepticism is warranted, but I think this story is huge… and you’ll have your answer in short order.
edit: Chaffetz (R) UT
John Dean inteviewed by Wolf Blitzer:
Blitzer: “What’s happening now, these past couple of hours, does this seem familiar to you?” .
The infamous “smoking gun” tape is a White House recording of Nixon and Chief of Staff H.R. Haldeman.
http://www.huffingtonpost.com/entry/john-dean-trump-smoking-gun_us_591ba47ee4b0a7458fa415a4?36i&ncid=inblnkushpmg00000009
Are you saying that WAPO needs a hotline to the CIA in order to get secret information that they decide what the public should and should not know? That WAPO is an arm of the cia who helped the CIA perpetrate WMD for an illegal war, torture, suport wallstreet thieves, etc etc?
Te secrecy game is BULLSHEET. It’s a conjob. Comey was fired because he was a political hack hitjobber.
YOU LIE.
it is unfortunate that you can’t elevate your game just a tad.
RE: “you lie”…
“Not puppet! Not puppet! You’re the puppet! you’re the puppet!” [paces like wounded wildebeast, eyeing a pride of lions]
MORE BREAKING NEWS!!
‘The Washington Post’ Helped Give Us the Iraq War – The Nation
https://www.thenation.com/…/eleven-years-how-washington-post-helped-give -us-iraq-war/
Mar 12, 2014 … In the months before the war, the Washington Post ran more than 140 … Eleven Years On: How ‘The Washington Post’ Helped Give Us the Iraq War … opinion pieces drew too little attention after WMD were not discovered.
OOPS – we have known for years that the WALLSTREET WASHING MEDIA WHORE LIE for a living.
IDEA! SAVE ON TOILET PAPER!!
Subscribe to WAPO
And there is this to consider, as well: https://www.cs.columbia.edu/~smb/blog/2017-05/2017-05-12.html
Thanks for the link–the smb blog has a really interesting take on all this, from what looks like an authoritative source.
Hmmm, maybe if you made a decent OS that wasn’t like Swiss cheese…….
The recipe for CRAP CAKE is tried and true and consists of ingredients that fail in their own right. The CAKE JOB that is the operating system and greed and thieves are the same TYPED as the WALLSTREET JOB, the wallstreet ill legal operating system, the greed, and the practiced thieves.
The hack job consisted of the same TYPED ingredients. A notoriously vulnerable operating system, greed and thieves.
We should not be surprised when the Dumb&dumbers who run (ruin) our country come up with stupid stuff. The dumb&dumbers are always pretending to themselves that they are so smart that it is always someone else’s fault for their stupidity. But dumb&dumbers are always trying to con the populations because they are so accustomed to conning themselves into believing they are all that and a bag of chips.
Vista, Windows 3.1, Windows 3.11, Windows 95, Windows 8, ahh, but who’s counting?
5 fatal flaws that dog the new windows 10 – networkworld.com
windows 10 privacy problems – slate.com
microsoft admits windows 10 has a serious problem – forbes.com
100 common windows 10 problems and how to solve them – techradar.com
windows 10; the biggest problems, gripes and missing features – extremetech.com
Why Windows 10 sucks or Everything Wrong with Microsoft Windows
https://itvision.altervista.org/why-windows-10-sucks.html
NSA Partner in Crime? Microsoft Admits Windows 10 Auto-Spying …
21stcenturywire.com/…/nsa-partner-in-crime-microsoft-admits-windows-10- auto-spying-cant-be-disabled/
Windows 10 is possibly the worst spyware ever made
http://www.networkworld.com/…/windows-10-privacy-spyware-settings-user- agreement.html
Windows 10 Worst Secret Spins Out Of Control [Updated] – Forbes
http://www.forbes.com/sites/…/windows-10-data-tracking-spying-levels/
Feb 9, 2016 … Update 15/02/2016: Microsoft has dismissed the data on the Voat thread as completely flawed. … Back in November Microsoft confirmed Windows 10’s worst kept secret: its extensive telemetry (or ‘spying’ as it has been labelled) cannot be stopped. … Providing a shock is Voat user …
Windows users are like lab rats, one experiment after another. And there are so many of them – BUT WHO’S COUNTING.
5 fatal flaws that dog the new windows 10 – networkworld.com
windows 10 privacy problems – slate.com
microsoft admits windows 10 has a serious problem – forbes.com
100 common windows 10 problems and how to solve them – techradar.com
windows 10; the biggest problems, gripes and missing features – extremetech.com
Why Windows 10 sucks or Everything Wrong with Microsoft Windows
https://itvision.altervista.org/why-windows-10-sucks.html
NSA Partner in Crime? Microsoft Admits Windows 10 Auto-Spying …
21stcenturywire.com/…/nsa-partner-in-crime-microsoft-admits-windows-10- auto-spying-cant-be-disabled/
Windows 10 is possibly the worst spyware ever made
networkworld.com/…/windows-10-privacy-spyware-settings-user- agreement.html
Windows 10 Worst Secret Spins Out Of Control [Updated] – Forbes
forbes.com/sites/…/windows-10-data-tracking-spying-levels/
Feb 9, 2016 … Update 15/02/2016: Microsoft has dismissed the data on the Voat thread as completely flawed. … Back in November Microsoft confirmed Windows 10’s worst kept secret: its extensive telemetry (or ‘spying’ as it has been labelled) cannot be stopped. … Providing a shock is Voat user …
Windows users are like lab rats, one experiment after another. And there are so many of them – BUT WHO’S COUNTING.
Thanks for those links. It’s a topic I have not researched. Do you know if its Home & Pro or just Home version?
I have a Mac & a Ubuntu machine. But who’s counting? lol
i dont really know – there are pros here on the board that would. People i know of using windows swear by ZoneAlarm.
The only one that doesn’t spy on you is enterprise edition but you need to have it connected to an AD/DC (domain server) and even then there are things that the domain server sends home.
if you have an Ubuntu machine then just put that in between the windows machine and the internet and you will easily be able to see what kind of phone home connections are being made
The Forbes story has been ripped about as fiction.
http://www.zdnet.com/article/when-it-comes-to-windows-10-privacy-dont-trust-amateur-analysts/
tx ;-)
Meanwhile at CNN: ‘North Korea did it.’
I’m forgetting MSNBC: ‘Global Cyberattack: Is the NSA Getting Blamed?’
Meanwhile about 40,000 DNC emails from the DNC were discovered on Seth Rich’s laptop but the W.D.C cops were told to “stand down” in any investigation:
https://pjmedia.com/trending/2017/05/16/fox-news-murdered-dnc-staffer-sent-44053-internal-emails-to-wikileaks/
Just wondering when The Intercept is going to start doing some digging on their own with this one??
Jeremy? Glenn?
What I find amusing is the effort to find the hackers, my answer, follow the money trail and you find the criminals.
Amusing ? With NYT on the scoop about intellegence officials “private security experts” (ah-ha) that, it may take weeks..it may take months, but ..but we’re pretty sure it’s Pyongyang and his cadre of North Korean Hackers..
So, on the same day..we have the President revealing ISIS secrets to a Russian diplomat in the Oval Office according to WP’s current and former U.S. Officials, also anonymous..
Heck..the Senate Intellegence Committee is going to be eligible for a Grammy Award if this keeps up
If the National Security Agency took its own name seriously, they would expend just a little of their gargantuan resources (i.e. a few hundred skilled security programmers) to finding these threats and fixing them. It would be a far bigger service than finding a few enemy secrets by keeping these cracks in a weapons locker.
That proposal is just obvious; the more controversial one is whether they should use their frightening surveillance capacity to backtrack the perpetrators of the cracks that still do happen. What would the rest of the crackers think if even a few of their number were hauled out into the light long enough to be sentenced to 10 years in jail?
The NSA is a rogue agency – operating without oversight from Congress or the President, much less the American people, funded through the black budget and suffering from a decades long case of very intentional mission-creep.
The biggest service would be to shutter their operations and allow the few legitimate functions they serve to be subsumed under the appropriate civilian and, in some cases, military agencies.
Sam,
You can’t seriously expect MS to update an operating system that was released the same year 9/11 happened. To put that in perspective, the iPhone wasn’t released until 6 years later. They supported this OS for 13 years and STILL provided an emergency patch for WannaCry. The Vista excuse is old too. Windows 7, which is more stable, uses about the same memory as XP and itself has been out since 2009 is still used by 50% of the PC market. That was patched for WannaCry SMB vulnerability in March. I’d love a reference to any other market that supports and is liable for their product for 13 years after 5 newer versions have been released.
Agree. They are not public service.
The Vista “excuse?” I came on my last laptop in 2006, which had enough resources to handle it properly. For stability it was the best OS I’d used. People I knew who crashed a lot had their problems go away when they added 512k ram (to a GB). 7 was supposed to be much more efficient, but in fact it was only a marginal improvement when I made direct comparisons. Its unfairly maligned. My next (current) laptop, Lenovo Twist, because I wanted touch- in 2014 came with 8 and upped to 8.1, and except for not running my 32bit TV adapter (neither did 7) 8.1 is just as good. And I don’t need 10’s nuissances, so by the time I need a new machine, they’ll hopefully have been resolved.
Manufacturing consent used to work, but society has simply grown too diverse. The only way I can see for the US Government to survive is to put a clown in charge, who will monopolize all the attention, and allow the government to continue unimpeded with its work. It won’t be easy to find someone who can create a crisis every other day and be an ongoing distraction, but the government has to try.
It’s the only chance.
The US goverment is out of control in the name of National Security .
Remember the Nazi,Lenin they are very similar.
also out of orbit in the name of foreign policy
the us gov runs relationships like a very bad marriage embroiled in secret love interests
every relationship is supposed to be a big secret yet all the manifested trades are out in public
IT’S A POLITICAL POWER SHELL GAME with BS classified and used as a HOT POTATO.
what a con job