Latest in Gear

Image credit:

Microsoft blasts spy agencies for hoarding security exploits

It likens 'WannaCry' to someone stealing Tomahawk missiles.
Jon Fingas, @jonfingas
May 14, 2017
Share
Tweet
Share

Sponsored Links

P. Goetzelt/AFP/Getty Images

Microsoft is hopping mad that leaked NSA exploits led to the "WannaCry" (aka "WannaCrypt") ransomware wreaking havoc on computers worldwide. Company President Brad Smith has posted a response to the attack that roasts the NSA, CIA and other intelligence agencies for hogging security vulnerabilities instead of disclosing them to be fixed. There's an "emerging pattern" of these stockpiles leaking out, he says, and they cause "widespread damage" when that happens. He goes so far as to liken it to a physical weapons leak -- it's as if the US military had "some of its Tomahawk missiles stolen."

To Smith, this is a "wake-up call." Officials ought to treat a mass of exploits with the same caution that they would a real-world weapons cache, he argues. Microsoft had already floated the concept of a "Digital Geneva Convention" that required governments to report security holes, but the idea has gained a new sense of urgency in light of the recent ransomware chaos. Will the NSA and other agencies listen? Probably not -- but Microsoft at least some has some evidence to back up its claims.

Smith's write-up also calls for a greater sense of "shared responsibility" in fighting online threats. While Microsoft makes its own efforts by rushing out patches and sharing concerns with other companies, it also chastises customers who could have closed the WannaCry hole two months earlier but didn't. If they don't get updates quickly, Smith contends, they're "fighting the problems of the present with tools from the past." He's being a bit unrealistic -- it's not so simple for companies to upgrade to the latest versions of Windows, especially if budgets are tight or there's must-have software that could break. At the same time, it's hard to escape the reality that many WannaCry victims are running outdated software.

Workers might not have to wait for their IT departments to get into gear, at least. Rendition Infosec as introduced a stopgap TearSt0pper tool that can thwart WannaCry without requiring a patch. You need to launch it every time you boot your PC (provided you're allowed to run apps like this), but it could mean the difference between a productive day or explaining why your system is out of commission.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

The 2020 Engadget Holiday Gift Guide

The 2020 Engadget Holiday Gift Guide

View
Spotify Wrapped chronicles your 2020 listening habits in a stories-style format

Spotify Wrapped chronicles your 2020 listening habits in a stories-style format

View
Watch the trailer for Studio Ghibli's first fully CG movie

Watch the trailer for Studio Ghibli's first fully CG movie

View
The 'lost' Superman PlayStation game has appeared in public

The 'lost' Superman PlayStation game has appeared in public

View
The Arecibo Observatory's telescope has collapsed

The Arecibo Observatory's telescope has collapsed

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr