MICROSOFT HAS HIT OUT at the National Security Agency (NSA) for its "stockpiling of vulnerabilities" that was indirectly to blame for the ongoing WannaCry ransomware outbreak.
Brad Smith, chief legal officer at Microsoft, penned a blog post over the weekend about the global WannaCry ransomware attack, which reports claim has spread to 150 countries, and is expected to ramp up again today as more PCs are switched on.
The ransomware attack, which struck NHS hospitals across the UK on Friday, exploited a Windows SMB bug that was hoarded by the NSA earlier, a fact that was leaked in February before the it was patched by Microsoft in March.
However, with patches not available for unsupported versions of Windows and with firms taking time to apply patches for newer releases, WannaCry was quick to lock down hundreds and thousands of computers, and Microsoft - yes, the same Microsoft that gave the NSA access to users' Skype chats - ain't happy about it. Not one bit.
In his blog post, Smith is calling for government organizations to stop hoarding hacking tools and and to disclose software vulnerabilities as soon as government cyber-intelligence operatives find them.
"This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world," Smith wrote.
Smith went on to compare the NSA's exploit stockpiling to "the US military having some of its Tomahawk missiles stolen", before continuing: "Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage.
"And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today - nation-state action and organized criminal action."
Although some expect the spread of the ransomware to continue this week, a 22-year-old cybersecurity researcher who tweets as [email protected]', late on Friday discovered a kill switch in the code of the ransomware.
The kill switch detects that a particular web domain exists, and when it does, stops spreading the infection. MalwareTechBlog registered the domain name - iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com - for $10.69, which immediately halted it's worldwide spread.
While this kill switch won't be of much use to those computers already affected, Microsoft has released emergency security patches to defend against the ransomware for unsupported versions of Windows, including Windows XP - which runs on 90 per cent of NHS Trusts systems - and Windows Server 2003. µ
Presumably 'Richard' is your next security worry
Good news if the kids need a summer job
Welcome back, Zoinkerberg
That's another good reason not to see it