Latest in Gear

Image credit: P. Goetzelt/AFP/Getty Images

Microsoft blasts spy agencies for hoarding security exploits

It likens 'WannaCry' to someone stealing Tomahawk missiles.
4071 Shares
Share
Tweet
Share
Save

Sponsored Links

P. Goetzelt/AFP/Getty Images

Microsoft is hopping mad that leaked NSA exploits led to the "WannaCry" (aka "WannaCrypt") ransomware wreaking havoc on computers worldwide. Company President Brad Smith has posted a response to the attack that roasts the NSA, CIA and other intelligence agencies for hogging security vulnerabilities instead of disclosing them to be fixed. There's an "emerging pattern" of these stockpiles leaking out, he says, and they cause "widespread damage" when that happens. He goes so far as to liken it to a physical weapons leak -- it's as if the US military had "some of its Tomahawk missiles stolen."

To Smith, this is a "wake-up call." Officials ought to treat a mass of exploits with the same caution that they would a real-world weapons cache, he argues. Microsoft had already floated the concept of a "Digital Geneva Convention" that required governments to report security holes, but the idea has gained a new sense of urgency in light of the recent ransomware chaos. Will the NSA and other agencies listen? Probably not -- but Microsoft at least some has some evidence to back up its claims.

Smith's write-up also calls for a greater sense of "shared responsibility" in fighting online threats. While Microsoft makes its own efforts by rushing out patches and sharing concerns with other companies, it also chastises customers who could have closed the WannaCry hole two months earlier but didn't. If they don't get updates quickly, Smith contends, they're "fighting the problems of the present with tools from the past." He's being a bit unrealistic -- it's not so simple for companies to upgrade to the latest versions of Windows, especially if budgets are tight or there's must-have software that could break. At the same time, it's hard to escape the reality that many WannaCry victims are running outdated software.

Workers might not have to wait for their IT departments to get into gear, at least. Rendition Infosec as introduced a stopgap TearSt0pper tool that can thwart WannaCry without requiring a patch. You need to launch it every time you boot your PC (provided you're allowed to run apps like this), but it could mean the difference between a productive day or explaining why your system is out of commission.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
4071 Shares
Share
Tweet
Share
Save

Popular on Engadget

Sonos' portable smart speaker leaks in greater detail

Sonos' portable smart speaker leaks in greater detail

View
Kevin Smith is making a 'He-Man' anime series for Netflix

Kevin Smith is making a 'He-Man' anime series for Netflix

View
SpaceX Starman Roadster completes its first orbit around the Sun

SpaceX Starman Roadster completes its first orbit around the Sun

View
Tesla's relaunched solar power efforts include $50 panel rentals

Tesla's relaunched solar power efforts include $50 panel rentals

View
After Math: Plead the fifth

After Math: Plead the fifth

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr