Go Back   OC3D Forums > [OC3D] General Forums > OC3D News
Reply
 
Thread Tools Search this Thread Display Modes
 
  #1  
Old 15-05-17, 10:47 AM
WYP's Avatar
WYP WYP is offline
News Guru
 
Join Date: Dec 2010
Location: Northern Ireland
Posts: 20,143
Microsoft confirms that "WannaCrypt" uses an NSA exploit

Microsoft has confirmed that "WannaCrypt" uses an NSA exploit, calling once again for a "Digital Geneva Convention" to prevent nation states from stockpiling such vulnerabilities for future use.



Read more on Microsoft's confirmation that "WannaCrypt" uses an NSA exploit.

__________________
_______________________________
Twitter - @WYP_PC
Reply With Quote
  #2  
Old 15-05-17, 12:14 PM
AlienALX's Avatar
AlienALX AlienALX is offline
OC3D Elite
 
Join Date: Mar 2015
Location: West Sussex
Posts: 15,317
That's some nasty business man. Made sure all my stuff was up to date after reading about that this morning.
__________________


If you don't like what I post don't read it.
Reply With Quote
  #3  
Old 15-05-17, 12:25 PM
barnsley's Avatar
barnsley barnsley is offline
born in a.....
 
Join Date: Dec 2012
Location: Cambridge
Posts: 7,216
It technically uses two exploits that had been held by the NSA a while ago before they got hacked. The way it spread (NSA's nickname for it is 'EternalBlue') only worked if the target machine hadn't had March's patches installed. If it detects it, it will also make use of the other ex-NSA exploit, codename 'DOUBLEPULSAR' if that hasn't already been disabled as well.

Sadly our Governments will always keep any exploit they find hidden as they won't be affected by this.
__________________
Rig: i7 [email protected]|2x8gb HyperX Fury|Intel z97-AR|Corsair H75| 2x Nvidia 1070 founders edition|Superflower leadex 750W gold|Inwin 904| 970 EVO 500GB m.2|512GB evo 840| Crucial MX 500 500GB|ASUS MG279Q +Acer S240HL| Windows 10 pro, 8.1 pro| Kubuntu LTS
Audio: Silverstone EB01-E+EB03+DT 770 Pro 250Ω+Samson SAGOMIC
Ducky Legend (cherry red)+Zowie AM-FG
Reply With Quote
  #4  
Old 15-05-17, 01:32 PM
Avet's Avatar
Avet Avet is offline
OC3D Elite
 
Join Date: Dec 2016
Posts: 1,642
Linux is the solution. I am not well informed on this subject so i will ask. Why aren't hospitals, and businesses using Linux instead of Windows? It is rock solid, and free.
Reply With Quote
  #5  
Old 15-05-17, 02:29 PM
Darkdayzzz Darkdayzzz is offline
Member
 
Join Date: Jun 2016
Location: Florida, USA
Posts: 185
Quote:
Originally Posted by Avet View Post
Linux is the solution. I am not well informed on this subject so i will ask. Why aren't hospitals, and businesses using Linux instead of Windows? It is rock solid, and free.
Sigh....simple answer in my opinion? Because nurses/doctors/secretaries/etc simply WONT learn the new system. Now, one could install a version of linux that looks and acts significantly like windows (its out there can't recall the name) and that would work wonderfully.

Longer answer? Governments / faculties / schools / medical buildings / don't have the time or money to do retraining on employees on how the new OS would operate. Never mind the fact that these same places ONLY use it for typing documents / patient information / google things / etc...nothing super intensive or 'power user' type things.

So there is no reason these places shouldn't be using either mac OSX or a version of Linux, it's just the fact that they don't care because everything in government takes forever and a year to get going. That would be the biggest reason why (again my opinion is all) because lets all face it, as far as exploiting is concerned windows is the most targeted OS. Sure you CAN target Macs or Linux distros....but no one does. Why? its harder, more time consuming, often enough not enough to gain quickly and easily, and generally you could probably have 3-5 windows machines compromised before 1 linux/mac machine. So again, time and effort vs reward chances....reward chances win everytime so windows will continue to be targeted over the other OSes.


This is all just my two cents is all, take it for what it is.
Reply With Quote
  #6  
Old 15-05-17, 03:50 PM
evilcorp's Avatar
evilcorp evilcorp is offline
Member
 
Join Date: May 2017
Posts: 153
Over the weekend i was in contact with a couple of IT project managers who work for the NHS who have been pretty badly effected by 'wannacrypt'. They just were not prepared for any attack of this kind and are looking at weeks and possibly months of recovery time.

Most companies just dont want to spend the money on patching systems and are often 6 months or longer behind on critical microsoft patching of vulnerabilities.

Linux like all other OS's is vulnerable to exploits and there have been a lot of high profile potential exploits that havent been utilized. Hospitals dont use linux because a lot of the mission critical software they use is coded in windows only. There is also the training element which is cost prohibitive to most organizations.

Its scary that we are living in a time where the security services are stockpiling vulnerabilities and buying a lot of vulnerabilities from very questionable sources.
Reply With Quote
  #7  
Old 15-05-17, 05:05 PM
NeverBackDown NeverBackDown is offline
AMD Enthusiast
 
Join Date: Dec 2012
Posts: 17,737
Quote:
Originally Posted by barnsley View Post
It technically uses two exploits that had been held by the NSA a while ago before they got hacked. The way it spread (NSA's nickname for it is 'EternalBlue') only worked if the target machine hadn't had March's patches installed. If it detects it, it will also make use of the other ex-NSA exploit, codename 'DOUBLEPULSAR' if that hasn't already been disabled as well.

Sadly our Governments will always keep any exploit they find hidden as they won't be affected by this.
Good to see you back
Reply With Quote
  #8  
Old 15-05-17, 09:25 PM
barnsley's Avatar
barnsley barnsley is offline
born in a.....
 
Join Date: Dec 2012
Location: Cambridge
Posts: 7,216
Quote:
Originally Posted by NeverBackDown View Post
Good to see you back
Thanks

Sadly I'm mostly too busy these days to post (or at least at the moment). My new-ish job is a whole lot more demanding.
__________________
Rig: i7 [email protected]|2x8gb HyperX Fury|Intel z97-AR|Corsair H75| 2x Nvidia 1070 founders edition|Superflower leadex 750W gold|Inwin 904| 970 EVO 500GB m.2|512GB evo 840| Crucial MX 500 500GB|ASUS MG279Q +Acer S240HL| Windows 10 pro, 8.1 pro| Kubuntu LTS
Audio: Silverstone EB01-E+EB03+DT 770 Pro 250Ω+Samson SAGOMIC
Ducky Legend (cherry red)+Zowie AM-FG
Reply With Quote
  #9  
Old 15-05-17, 09:33 PM
NeverBackDown NeverBackDown is offline
AMD Enthusiast
 
Join Date: Dec 2012
Posts: 17,737
Quote:
Originally Posted by barnsley View Post
Thanks

Sadly I'm mostly too busy these days to post (or at least at the moment). My new-ish job is a whole lot more demanding.
Well gotta pay bills, I don't blame yeah
Reply With Quote
  #10  
Old 16-05-17, 04:54 AM
Sliced Sliced is offline
Newbie
 
Join Date: Dec 2012
Posts: 33
Quote:
Originally Posted by Avet View Post
Linux is the solution. I am not well informed on this subject so i will ask. Why aren't hospitals, and businesses using Linux instead of Windows? It is rock solid, and free.
Linux is only "rock solid" because so few people use it. The same with apple. If the usage numbers were switched with Linux being at the top and Windows at the bottom then Linux would be were Windows is. Completely insecure and riddled with Virus'.

Why code something that will infect 100 people when you can spend the same amount of time coding that will effect 1 million people.

Also, going to Linux really is not up to the hospitals.
Back when they were starting to use computers Linux was not a real option. Windows was their only option. So when they started buying other machines (MRI's, blood testers, bespoke software....) it was all coded for XP only.
To move all of that software over you'll have to pay each and every company to remake each piece of software then pay for the licence for each system.
It would take many years and billions of £'s.
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump










All times are GMT. The time now is 02:54 AM.
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2021, vBulletin Solutions, Inc.