Hackers Hit Dozens of Countries Exploiting Stolen N.S.A. Tool

NY Times ^ | May 12, 2017 | NICOLE PERLROTH and DAVID E. SANGER

[SaveFerris]

[Never open an email attachment.]

Hey they did it where I worked. From a trusted business partner site. Ransomware. Encrypted everything on that computer which prevented the operator from forward that email to the engineering department. Yes, ransomware.

My reward for shutting down the machine after informing them it was hosed? Cursed at and then a hostile work environment that never shut down the insurgency. Totally messed-up and amateurish installation with absolutely no concept of best practices.

It’s amazing at least 3 machines weren’t destroyed. I stopped them from hitting Engineering but they then were trying to link to another computer when I happened to walk in and ask what in the world they were doing.

Incredible.

[palmer]

I see people are suggesting updates hoping for security patches. The problem is that 99% of each update is more unnecessary crap, only 1% is security patches. The unnecessary crap just adds new vulnerabilities. MS wants to push you into a "free" continuously updated OS that constantly enables a bigger revenue stream by capturing and selling your personal info.

MS is ransomware lite. They support the hackers by adding new poorly written crap. For example MS now adds a bunch of unnecessary listen ports that can't be uninstalled (but they can be blocked with a non-MS firewall). Intel is almost as bad providing a listen port independent of the OS. It's hard to practice safe networked computing when MS and Intel are making it less safe.

[Mycroft Holmes]

An adversary might try to de-anonymize the user by some means. One way this may be achieved is by exploiting vulnerable software on the user's computer.[11] The NSA had a technique that targets a vulnerability – which they codenamed "EgotisticalGiraffe" – in an outdated Firefox browser version at one time bundled with the Tor package,[12] and in general, targets Tor users for close monitoring under its XKeyscore program.[13] Attacks against Tor are an active area of academic research,[14][15] and are welcomed by the Tor Project itself.[16] However, Tor was not only developed for a time in the early 2000s by individuals who "were on contract from DARPA and the U.S. Naval Research Laboratory", but since its inception the bulk of its funding has come from the federal government of the United States.

[FreedomOfExpression]

How much effort would it take them to support XP? Or at least offer free upgrades to Win 7? Why not?

They are in business to make money. Supporting a 15+ year old outdated product with a small user base takes resources. Resources that can be better used to offer support for newer versions of the product.
Giving away products, similar answer regarding money, but there are technical issues as well. Each new operating system has CPU and memory requirements that older computers may not meet. Granted, with Windows 7 it is a lower threshold, but some old computers running XP won't meet the requirements.
One thing overlooked is the drivers required to make things function. The hardware manufacturers, if they are still in business, will not continue to put out new drivers for newer operating systems for those outdated products, and it would be cost prohibitive and in some cases impossible for Microsoft to come up with drivers that work with very old hardware that is not even available anymore.

Windows 8 is another conversation entirely. You won't get any argument from me about that dumb move.

[Caipirabob]

I dunno. I’m more worried about a Microsoft patch taking out my PC than anything else.

[GailA]

FedEx in Memphis was hit.

[Delta 21]

[AppyPappy]

Updating machines is frequently up to the user. That’s what happened to us. Boxen used by grad students that had Automatic Windows Update turned off because they don’t want to reboot the machine.

I have a machine that does not have this update....because it has been turned off for several weeks.

[SaveFerris]

Oy, and here I sit with two 8.1 devices....one a tablet that I rarely use.

[SaveFerris]

I heard that. It’s jacked up a machine more than once for me.

[FreedomOfExpression]

Ah, 8.1 is a lot better than 8.0 from what I have heard. I occasionally use a computer with 8.1, but I'm not really used to it.
If you got used to Windows 8.1 and it works for you, there's no problem. It's just that I mainly prefer the interface of other versions over windows 8.

[SaveFerris]

I miss Windows 98 SR2. Ah, the good old days.

[PLMerite]

See what happens when you encourage “whistle blowers?”