Microsoft blasts spy agencies for hoarding security exploits

Microsoft is hopping mad that leaked NSA exploits led to the “WannaCry” (aka “WannaCrypt”) ransomware wreaking havoc on computers worldwide. Company President Brad Smith has posted a response to the attack that roasts the NSA, CIA and other intelligence agencies for hogging security vulnerabilities instead of disclosing them to be fixed. There’s an “emerging pattern” of these stockpiles leaking out, he says, and they cause “widespread damage” when that happens. He goes so far as to liken it to a physical weapons leak — it’s as if the US military had “some of its Tomahawk missiles stolen.”

To Smith, this is a “wake-up call.” Officials ought to treat a mass of exploits with the same caution that they would a real-world weapons cache, he argues. Microsoft had already floated the concept of a “Digital Geneva Convention” that required governments to report security holes, but the idea has gained a new sense of urgency in light of the recent ransomware chaos. Will the NSA and other agencies listen? Probably not — but Microsoft at least some has some evidence to back up its claims.

Smith’s write-up also calls for a greater sense of “shared responsibility” in fighting online threats. While Microsoft makes its own efforts by rushing out patches and sharing concerns with other companies, it also chastises customers who could have closed the WannaCry hole two months earlier but didn’t. If they don’t get updates quickly, Smith contends, they’re “fighting the problems of the present with tools from the past.” He’s being a bit unrealistic — it’s not so simple for companies to upgrade to the latest versions of Windows, especially if budgets are tight or there’s must-have software that could break. At the same time, it’s hard to escape the reality that many WannaCry victims are running outdated software.

Workers might not have to wait for their IT departments to get into gear, at least. Rendition Infosec as introduced a stopgap TearSt0pper tool that can thwart WannaCry without requiring a patch. You need to launch it every time you boot your PC (provided you’re allowed to run apps like this), but it could mean the difference between a productive day or explaining why your system is out of commission.

Source: Microsoft on the Issues, Rendition Infosec

Source: Engadget - Read the full article here

Author: Daily Tech Whip

This article is part of our 'News Tiles' service. The site is currently in Beta. When it is fully operational you will be able to search through and arrange the 'Tiles' to display a keyword, product or technology over your chosen time period. For example you would be able to display all of the leading tech articles on the new Kindle Fire, in one spot in real time. You will also have access to our own original reporting and analysis as well as a polished place to post your own thoughts & reviews here, amongst the Daily Tech Whip Community. Please let us know if you have any feedback via the contact form or via Twitter. Don't forget to come back next week and see our full site and claim your name and your own free tech blog.

Share This Post On