Bitcoin Forum
November 22, 2017, 04:40:30 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: [2017-05-19]NSA Reported Vulnerability Used In WannaCry Attack To Microsoft  (Read 6248 times)
TravelMug
Sr. Member
****
Offline Offline

Activity: 308


trade.io - Join the Trading Revolution


View Profile
May 18, 2017, 05:02:33 PM
 #1

NSA Reported Vulnerability Used In WannaCry Attack To Microsoft


The U.S. National Security Agency alerted Microsoft of a critical vulnerability that was eventually used to carry out the massive WannaCry ransomware attack that hit more than 300,000 computers worldwide last week, the Washington Post reported.

The NSA went to Microsoft after it learned a hacking group known as the Shadow Brokers had stolen the hacking tool that took advantage of the exploit out of fear the tool might be used for a large-scale attack. Microsoft issued a patch for the vulnerability in March, but many machines were not updated at the time of the attack and were affected.

"NSA identified a risk and communicated it to Microsoft, who put out an immediate patch," Mike McNerney, a former Pentagon cybersecurity official and a fellow at the Truman National Security Project, told the Washington Post.

While the NSA did alert Microsoft in time for the company to make protection available to many machines — although not always taken advantage of — it failed to make clear to the public just how dangerous the vulnerability could be.

A month after Microsoft issued the security patch, the Shadow Brokers published the code for the NSA-crafted attack known as EternalBlue. A modified version of the exploit was used to carry out the ransomware attack that hit machines in more than 150 countries, including those at hospitals and major corporations.

The WannaCry attack was also not the first time the exploit had been used. The same vulnerability was used in a botnet hack in which compromised machines were used to mine for the cryptocurrency Monero. According to security firm Proofpoint, the exploit was used as early as April and may have been larger in scale than WannaCry.

Despite the NSA’s disclosure of the exploit to Microsoft, the computing giant still scolded the government agency for holding onto and making use of the vulnerability for so long in the first place — for more than five years, the Washington Post reported.

Microsoft President and chief legal officer Brad Smith said in a blog post the hoarding of exploits by government organizations puts users at risk when the vulnerabilities aren’t disclosed to the public — especially when that information is stolen or leaked and made available for hackers to use freely with no protections in place.

“An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen,” Smith said. “The governments of the world should treat this attack as a wake-up call. They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world.”

Smith reiterated Microsoft’s belief that there needs to be a “Digital Geneva Convention” to regulate government agency actions in cyberspace. The company has argued in favor of a requirement for governments to disclose exploits so companies can protect users rather than allow the vulnerabilities to exist without a fix in place and putting more people at risk.

https://bitcoinwarrior.net/2017/05/nsa-reported-vulnerability-used-wannacry-attack-microsoft/

    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄   
   ████████████████████████████████  
     ▀██████████████████████████▀    
        ▀████████████████████▀       
          ████████████████▀         
            █████████████           
            ▀████████████▀           
             ▀██████████▀            
              ██████████             
               ████████              
               ▀██████▀              
                ██████               
                 
.
trade.io.
██████
██████
███
███
███
███
███
███
███
███
███
██████
██████

▄██████████████████▄
███       ▀███████
███       █████████
███       █████████
███       █████████
███              ██
███   ▄▄▄▄▄▄▄▄   ███
███   ▄▄▄▄▄▄▄▄   ███
███              ███
███▄▄▄▄▄▄▄▄▄▄▄▄▄▄███
██████████████████▀

▄██████████████████▄
███████████▀ ███████
█████████▀   ███████
███████▀     ██▀ ███
███ ▀▀       █▄▄████
███          █▀▀▀▀██
███ ▄▄       ███████
██████▄     █▄ ▀███
█████████▄   ███▄███
███████████▄ ███████
▀██████████████████▀

▄██████████████████▄
████████████████████
███████████████▀▀ ██
█████████▀▀     ███
████▀▀     ▄█▀   ███
███▄    ▄██      ███
█████████▀      ▄██
█████████▄     ████
█████████████▄ ▄████
████████████████████
▀██████████████████▀
██████
██████
   ███
   ███
   ███
   ███
   ███
   ███
   ███
   ███
   ███
██████
██████
.
.Join the Trading Revolution.
1511325630
Hero Member
*
Offline Offline

Posts: 1511325630

View Profile Personal Message (Offline)

Ignore
1511325630
Reply with quote  #2

1511325630
Report to moderator
1511325630
Hero Member
*
Offline Offline

Posts: 1511325630

View Profile Personal Message (Offline)

Ignore
1511325630
Reply with quote  #2

1511325630
Report to moderator
1511325630
Hero Member
*
Offline Offline

Posts: 1511325630

View Profile Personal Message (Offline)

Ignore
1511325630
Reply with quote  #2

1511325630
Report to moderator
Join ICO Now Coinlancer is Disrupting the Freelance marketplace!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1511325630
Hero Member
*
Offline Offline

Posts: 1511325630

View Profile Personal Message (Offline)

Ignore
1511325630
Reply with quote  #2

1511325630
Report to moderator
TotalPanda
Legendary
*
Offline Offline

Activity: 1344

vertex output parameter not completely initialized


View Profile
May 18, 2017, 05:11:28 PM
 #2

http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598
joshy23
Full Member
***
Offline Offline

Activity: 238


View Profile
May 18, 2017, 05:38:25 PM
 #3

NSA has already known the exploit for 5 years, but didn't told Microsoft about it. They only told Microsoft after the hacker stole the exploit from NSA. I guess, we can blame NSA for this one, why did they withheld the exploit to Microsoft? That is the problem with NSA, CAI, they don't want to share information. Unfortunately, Microsoft release a patch, but no one heeds, that's why the virus has infected a lot of computers worldwide.
digaran
Hero Member
*****
Offline Offline

Activity: 630


COINPAYMENTS.NET


View Profile
May 18, 2017, 10:26:50 PM
 #4

NSA has already known the exploit for 5 years, but didn't told Microsoft about it. They only told Microsoft after the hacker stole the exploit from NSA. I guess, we can blame NSA for this one, why did they withheld the exploit to Microsoft? That is the problem with NSA, CAI, they don't want to share information. Unfortunately, Microsoft release a patch, but no one heeds, that's why the virus has infected a lot of computers worldwide.
Not CAI but CIA and they are monitoring some specific keywords on the web and might even read this.
They knew about the exploit and didn't tell any body because they were using it to spy on people.
I know this fact that windows is no longer safe for us to use since windows XP.
Anyways who needs them any more when we have facebook and google? they are the source and the mother load of all information.
Steve Jobs was the man to develop iOS and made Apple happened and we lost him.
If you need to be safe just write your own operating system from scratch like many people do.

       ▀
   ▄▄▄   ▄▀
   ███ ▄▄▄▄  ██
       ████
    ▄  ▀▀▀▀
▄▄
      ██    ▀▀
██▄█▄▄▄████████
▄▄▄▄▄▄▄▄▀▀███▀▀▀
██████████████████
████▄▀▄▀▄▀███▀▀▀▀▀
████▄▀▄▀▄▀███ ▀
████▄▀▄▀▄▀████████
▀█████████████████
]
,CoinPayments,
█████
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████
█████
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████
█████
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!