Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSA Exploits Ported To Work on All Windows Versions Released Since Windows 2000 (bleepingcomputer.com)

Posted by msmash on from the security-woes dept.

Catalin Cimpanu, reporting for BleepingComputer: A security researcher has ported three leaked NSA exploits to work on all Windows versions released in the past 18 years, starting with Windows 2000. The three exploits are EternalChampion, EternalRomance, and EternalSynergy; all three leaked last April by a hacking group known as The Shadow Brokers who claimed to have stolen the code from the NSA. Several exploits and hacking tools were released in the April 2017 Shadow Brokers dump, the most famous being EternalBlue, the exploit used in the WannaCry, NotPetya, and Bad Rabbit ransomware outbreaks.

95 comments

  1. What about Eternal Death Slayer by HumanWiki · · Score: 1

    4.... "It's EDS 4."

  2. Windows always excelled at backward compatibility by JoeyRox · · Score: 5, Funny

    That's called taking care of your installed base.

  3. Penguin by Anonymous Coward · · Score: 1

    I guess Linus and his penguin flock will be having a field day.

  4. At least I don't use Windows by Anonymous Coward · · Score: 0

    A growing set of problems I don't have.

  5. Joke's on him by Anonymous Coward · · Score: 0

    I never upgraded from Windows 98. Also haven't turned that machine on in 18 years. Totally secure!

  6. Are any of these true 'remote explots'? by Anonymous Coward · · Score: 1

    Or must you visit a malicious web site, or firewalls be down, open shares and what not? I'm generally only worried about true remote exploits, the last I knew of for Windows was in 2001ish, "MS Blast".

  7. So we were right all along by Anonymous Coward · · Score: 0

    It's been discussed for years about the NSA key in windows since, like, ever... same as it was discussed about echolon (a computer which monitors all internet communications).

    Both are true. No one cares these days.

    1. Re:So we were right all along by julian67 · · Score: 1

      This can be mitigated via echolonic irrigation. Pro Tip: take good care of your phat pipe.

    2. Re:So we were right all along by Anonymous Coward · · Score: 0

      People who actually write "like" in a sentence like that are truly retarded. It's bad enough hearing it dropped in every fourth spoken word, now we have to also read it.

  8. The good old days by DNS-and-BIND · · Score: 2, Funny

    Remember when we chalked the NSA up on our side? They might have been a secretive government agency, but no matter what they did they had our interests at heart. Those were the days, weren't they?

    --
    Shutting down free speech with violence isn't fighting fascism. It IS fascism!
    1. Re:The good old days by Anonymous Coward · · Score: 0

      Why would the fact that they are able to hack into Windows computers change that? I'm just curious, do you think they should be constrained in their job to not use any type of hacking to perform their function? Wouldn't that seem to sort of hamstring them? I guess we could mandate a 'nice' NSA, our foes would really appreciate that.

    2. Re: The good old days by Anonymous Coward · · Score: 0

      They should cease to exist as an entity. On balance, they are a greater threat to peace and security globally than not.

    3. Re:The good old days by Anonymous Coward · · Score: 0

      Remember when we chalked the NSA up on our side? They might have been a secretive government agency, but no matter what they did they had our interests at heart. Those were the days, weren't they?

      What makes you think that the NSA had our interests at heart in the past? What makes you think they don't now?
      Do you know how annoying posts comprised solely of questions are?

    4. Re:The good old days by DNS-and-BIND · · Score: 4, Insightful

      They no longer regard themselves as under the control of the elected government. James Clapper was director of National Intelligence when he lied under oath to Congress and the American people saying we were not spying on innocent Americans. Good thing Scandal Free Obama was in charge and the media didn't care.

      --
      Shutting down free speech with violence isn't fighting fascism. It IS fascism!
    5. Re:The good old days by Anonymous Coward · · Score: 0

      Must have been before I was born.
      I never felt that way.

    6. Re:The good old days by Anonymous Coward · · Score: 0

      Eh, they just made a mistake and let hackers get in. Not that they are supposed to be the best of the best at preventi.. oh wait

    7. Re:The good old days by Anonymous Coward · · Score: 0

      Remember when we chalked the NSA up on our side? They might have been a secretive government agency, but no matter what they did they had our interests at heart. Those were the days, weren't they?

      Ok, you've got me, can't tell if you're serious or not here but as far as some of us were concerned, the NSA were never on our side....I'm not an USian.
      Mind you, our equivalent, GCHQ, I've never thought that they're on our side either...

    8. Re:The good old days by DNS-and-BIND · · Score: 1, Insightful

      Yeah, we know. You hate us Americans. Don't think that you need to repeat yourself: I'm here to tell you, your message has been received, loud and clear.

      All I'm hearing is that non-Americans want Americans to act not in the best interests of themselves, but the best interests of non-Americans and special interests. I don't really give a rat's ass, and it's particularly hilarious coming from Europeans.

      "Americans cannot care more for your childrenâ(TM)s future security than you do."

      -- Maddog Mattis

      --
      Shutting down free speech with violence isn't fighting fascism. It IS fascism!
    9. Re:The good old days by Anonymous Coward · · Score: 0

      A gun can be used against anyone---domestic or foreign, criminal or innocent. The same is true of these exploits in particular and hacking in general.

      The fact that the NSA has exploits should not be surprising at all. As long as they don't use them against innocent Americans, they are living up to their responsibilities, their mandate.

    10. Re:The good old days by Anonymous Coward · · Score: 0

      No the old good days never existed, people were just more ignorant back then.

    11. Re:The good old days by HiThere · · Score: 3, Insightful

      Given the currently known evidence, it actually does appear that in the 1960's the NSA was partially on the side of secure communications. It's true they argued for a key short enough that they could break it, but they also argued for some program changes that nobody else understood, but which eventually turned out to patch the program to make it more difficult to break.

      The problem is that the NSA is inherently two different organizations with conflicting goals. One is supposed to secure communications, and the other is supposed to spy on them. (Nevermind that it's only supposed to spy on foreigners. That's irrelevant to the point.) Unfortunately the spys are more adept at politics than the security researchers, so they appear have come to totally dominate the agency...and as a result nobody sensible trusts anything related to it.

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
    12. Re: The good old days by Anonymous Coward · · Score: 0

      See: Falcon and the Snowman

    13. Re:The good old days by Anonymous Coward · · Score: 0

      The point is that they would have achieved more for the security of the US if they'd worked to eliminate the vulnerabilities rather than devising more efficient methods of exploiting them.

      An analogy might be discovering the lock on your front door is broken and deciding you should therefore buy a gun rather than fixing the lock.

    14. Re:The good old days by sjames · · Score: 1

      Neither of them are supposed to act like bumbling fools and release 0 day exploits to hacker groups. Three of the most damaging crypto locker type attacks out there can be directly attributed to the idiots at the NSA that couldn't secure their weapons.

      I'm pretty sure irresponsible idiots running around with weapons isn't in anyone's interest.

    15. Re:The good old days by Anonymous Coward · · Score: 0

      Good thing Scandal Free Obama was in charge and the media didn't care.

      The Obama administration was full of scandal and the media reported it. The public just didn't care. Just like they didn't care from all the same sort of things Bush did. I'd tend to argue the reason the media didn't sensationalize all the real Obama scandals as much is indirectly the fault of the far right. That is to say, it's mostly the fault of media being mostly yellow journalism seeking the most scelestious and outlandish stories. For Bush, that was mostly the government abuses of the people in contravention of the Constitution. For Obama, that was mostly yet another story trying to question Obama's birth or turn the latest shooting into same racist diatribe about BLM or ALM.

      Put another way, it's not that respectable news media wasn't reporting all the Obama scandal. It's that the people were too busy reading all the yellow journalism to care. I'd tend to argue the same was true with Bush as well. Of course, it's quite possible it's precisely because so many people are disenfranchised to government actually working. At that point, a lot of people just divorce themselves from caring. The ones that do care end up sounding, well, insane. So long as there's a roof over their head and their bellies are full, most people want to avoid that sort of anger and just pretend nothing is going on but political slogans.

    16. Re:The good old days by Anonymous Coward · · Score: 0

      You must be proud, that's where your taxes go.

  9. Re:Windows always excelled at backward compatibili by rsilvergun · · Score: 1

    Yeah, but you get much better framerates in Win 10 thank to Direct X 12. Sadly they're a Windows Store exclusive.

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
  10. Re:yes but did you heard the eagles won the game by olsmeister · · Score: 0

    I made a fair amount of money on that game. Monopoly money, of course. Parlayed the over with an Eagles win.

  11. Dodged a bullet there... by rwbaskette · · Score: 4, Funny

    ... I'm still running NT Workstation

    1. Re:Dodged a bullet there... by IWantMoreSpamPlease · · Score: 2

      I know you jest, but I actually installed NT 4.0 workstation last year onto a laptop built in the post 2000 era.
      *Very* challenging (drivers being a huge issue), but in the end, I had a laptop that booted in seconds, and was quite useless online (but it was funny to see webpages attempt to render on a platform that didn't recognize the web-programming languages.)

      One of the biggest challenges was simply finding SPs and patches. MS of course wiped them all out, and many websites were simply pointing back to MS's site for the files. In the end I found all the patches and tricks I needed, but my we have come a long way from NT days...

      --
      So rise up, all ye lost ones, as one, we'll claw the clouds.
    2. Re:Dodged a bullet there... by Anonymous Coward · · Score: 0

      ... I'm still running NT Workstation

      Windows ME for the win! Just try and h4x0rz me.

    3. Re:Dodged a bullet there... by Anonymous Coward · · Score: 0

      *Very* challenging (drivers being a huge issue)

      was quite useless

      vmware workstation runs NT 4.0 SP6A perfectly, no muss no fuss

      but apparently you're too stupid to know that

    4. Re:Dodged a bullet there... by AmiMoJo · · Score: 1

      I'm surprised it booted so fast. I used one of the Alpha versions of NT (v3?) which was pretty slow, but Server was far worse. Had one machine doing Lotus that took 30 minutes to reboot, although that might have been IBM's fault.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    5. Re:Dodged a bullet there... by IWantMoreSpamPlease · · Score: 1

      This was a naked NT 4 Workstation. It was such a chore getting everything working right, that I really didn't bother putting any software on it. Opera and ad-muncher, and that was it.

      So once you went past the BIOS load-up screens, yeah, NT zipped right along.

      --
      So rise up, all ye lost ones, as one, we'll claw the clouds.
    6. Re:Dodged a bullet there... by IWantMoreSpamPlease · · Score: 1

      Whoosh.
      That's the sound of the post going over your head.
      But apparently you're too stupid to realize that.

      --
      So rise up, all ye lost ones, as one, we'll claw the clouds.
    7. Re:Dodged a bullet there... by aliquis · · Score: 1

      I boot Windows 10 in seconds. And I don't even have a fast SSD.

      i7 8700K on Z370-F Strix with Samsung EVO 850 SATA 250 GB.

    8. Re:Dodged a bullet there... by Anonymous Coward · · Score: 0

      You're safe from this Malware, but wide open to tons of other malware.

  12. The NSA has ruined the internet by Anonymous Coward · · Score: 0

    If the NSA and other agencies worked on making US telecoms infrastructure and software more secure instead of developing weaponised tools to exploit vulnerabilities, well, you know, we wouldn't be in this security nightmare that's getting worse, not better right now.

    1. Re:The NSA has ruined the internet by mnemotronic · · Score: 1

      If the NSA and other agencies worked on making US telecoms infrastructure and software more secure instead of ....

      I must be missing something. Isn't it the purview of the US telecoms and other companies that are creating, deploying and selling the infrastructure and software to ensure that it's secure, reliable and cost-effective, not the US government? That is, if they want customers.

      --
      The Russians have won. They have made the world a cesspool of distrust, greed, fear and hate.
    2. Re:The NSA has ruined the internet by suutar · · Score: 1

      The NSA's charter has two goals: improve the security of US stuff, and penetrate the security of non-US stuff. They've apparently decided that attack is more important than defense and it's biting them (and everyone else) in the butt.

    3. Re:The NSA has ruined the internet by mnemotronic · · Score: 1

      The NSA's charter has two goals: improve the security of US stuff, and penetrate the security of non-US stuff...

      From what I can tell, their "improvement" is restricted to "national security information and systems". I didn't know that included Windows XP.

      From NSA story:
      NSA Mission
      NSA's Mission is to help protect national security by providing policy makers and military commanders with the intelligence information they need to do their jobs. NSA's priorities are driven by externally developed and validated intelligence requirements, provided to NSA by the President, his national security team, and their staffs through the National Intelligence Priorities Framework.

      From the NSA website:
      Mission Statement
      The National Security Agency/Central Security Service (NSA/CSS) leads the U.S. Government in cryptology that encompasses both Signals Intelligence (SIGINT) and Information Assurance (IA) products and services, and enables Computer Network Operations (CNO) in order to gain a decision advantage for the Nation and our allies under all circumstances.

      More from the NSA website:
      What is Information Assurance?
      Information Assurance involves preventing unauthorized access to sensitive or classified national security information and systems. The purpose of the Information Assurance mission is to keep others from stealing or tampering with our national security systems and information. This work not only keeps our vital information out of unauthorized hands, but helps ensure that the information our decision makers need is available and reliable when they need it.

      Under National Security Directive 42, the Director of NSA has responsibility for the security of national security information systems, covering the Department of Defense and other Federal departments and agencies. NSA/CSS also helps improve the security of critical operations and information by providing know-how and technology to suppliers and clients.

      Who are NSA/CSS' Customers?
      NSA/CSS provides intelligence products and services to the White House, executive agencies (such as CIA and the State Department), the Chairman and Joint Chiefs of Staff (JCS), military combatant commanders and component commands, military departments, multinational forces, and U.S. allies. In addition, we provide Information Assurance products and services to users of national security information systems and to government contractors, as required.

      --
      The Russians have won. They have made the world a cesspool of distrust, greed, fear and hate.
    4. Re:The NSA has ruined the internet by suutar · · Score: 1

      Fair enough. You have a lot more detail there than wikipedia (their source is from 2014 anyway; it's been modified since then). Thanks for the references :)

  13. Good news everyone! by Virtucon · · Score: 3, Funny

    At least the NSA won't be able to use those exploits anymore.

    --
    Harrison's Postulate - "For every action there is an equal and opposite criticism"
    1. Re:Good news everyone! by Anonymous Coward · · Score: 0

      the funny thing will be, of course, when these exploits get used against *them* instead.....

  14. What about new zero day exploits? by Anonymous Coward · · Score: 0

    So is there a firewall there between the NSA and Trump's people, or does his appointee get access to the exploit data?

    I only ask because 2 Russians, an FSB man and ex FSB man, confirmed the existence of the piss tape and once Trump got in (26th Jan), two Russians, an FSB man, and ex FSB man (the Kaspersky one) were arrested for spying for a foreign power.

    So any zero day exploits the NSA has, assume Putin's men have them too, better safe than sorry. You cannot rely on the oversight committee at this point, Nunes is busy undermining the CIA, and Ryan is as spineless as ever.

    1. Re:What about new zero day exploits? by HiThere · · Score: 1

      Rather than "spineless", I would say "complicit".

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
  15. When are they releasing the Windows 2000 patch? by jfdavis668 · · Score: 1

    This could turn into a big issue unless Microsoft releases a patch for all those older versions.

    1. Re:When are they releasing the Windows 2000 patch? by mnemotronic · · Score: 2

      Consider Microsoft's position:
      Many of the operating systems are on End-of-Life status which means this product will no longer receive assisted support or security updates from Microsoft. These OSs are still widely used and are now even more vulnerable, if that's possible.
      Microsoft is in a bind. They could provide patches for these vulnerabilities, or restate their policy: "Your're on your own bucko". How many people left at Microsoft worked on the Windows 2000 software or remember it? If MS does somehow figure out how to patch these OSs, then I can see that as setting a precedent that says they will provide security fixes in certain situations. That's the kind of vague context that lawyers love and could lead to future class action lawsuits when they refuse to fix a bug that caused problems for someone. "Hey Microsoft, you did a fix for Eternal Blue but didn't do one for Never Ending Orange and my data got stolen! It's your fault."

      --
      The Russians have won. They have made the world a cesspool of distrust, greed, fear and hate.
    2. Re:When are they releasing the Windows 2000 patch? by jfdavis668 · · Score: 1

      If someone else can port the exploit to Windows 2000, Microsoft should be capable of porting the fix.

    3. Re:When are they releasing the Windows 2000 patch? by mnemotronic · · Score: 1

      If someone else can port the exploit to Windows 2000, Microsoft should be capable of porting the fix.

      Possibly, but is it cost-effective and can it be achieved within reasonable time constraints? IMHO, information warfare, like terrorism, is asymmetric. It's easier to burn a bridge than to design and build it.

      --
      The Russians have won. They have made the world a cesspool of distrust, greed, fear and hate.
  16. NK sucks by Anonymous Coward · · Score: 0

    So it turns out that the famous NK ransomware was actually based on USA tech. I am both relieved and appalled.

  17. You don't steal from the NSA unless... by Viol8 · · Score: 2

    ... you worked there. The chances of Mr A Random Hacker gaining access to their core systems are as close to zero as makes no difference. If original code is truly from the NSA then it was leaked by an employee.

    1. Re:You don't steal from the NSA unless... by Anonymous Coward · · Score: 0

      Unless they used the Wannacry exploit or Meltdown?

    2. Re:You don't steal from the NSA unless... by Anonymous Coward · · Score: 1

      two things every IT veteran knows:
      1. never discount the improbable
      2. shit happens

    3. Re:You don't steal from the NSA unless... by Anonymous Coward · · Score: 0

      Given how many people have left the NSA over the years due to the dodgy shit they have been doing, it would not be surprising.
      Many of them went on to make their own companies for security products, went in to other industries, but there is very likely a significant percentage that went full blackhat.

    4. Re:You don't steal from the NSA unless... by Anonymous Coward · · Score: 0

      "...Random Hacker gaining access to their core systems are [...] close to zero..."

      Most computer security people now believe that all computer networks of any size are compromised. I'm betting that the NSA has a very substantially sized network, and it's full of goodies worth stealing.

      The issue isn't "any Random Hacker", it's that secrets get progressively less secret (and valuable) the more people know them. Thus even one hacker gaining access degrades the value of secret information. And very likely makes it easier for the next hacker who comes along.

      By the way, the NSA knows all this and is nearly powerless to stop it. I don't doubt that the NSA has 'pretty good' network security, as far as that goes. The issue is, a quarter century of IT security in the internet age has taught us one thing for sure. All computer security can and will be penetrated. Often at will, and by any Random Hacker too.

    5. Re:You don't steal from the NSA unless... by AHuxley · · Score: 1

      Contractors changed all that. The days of compartmentalization ended in Vietnam. After that it was all about budget and showing political leaders its was all private sector savings and using advanced products and market forces.
      Lots of contractors and private sector networks rented their services back to the NSA per mission. The US mil/gov "contractor" staging servers held out for many years online but someone finally tracked some bot, automated network back to a NSA contractor.
      With correct US gov compartmentalization that would have been an empty front company with nothing more than what was needed for one mission.
      With the contractor it was the full cyber tool set on a server because a contractor is allowed to have all the tools they need for any mission, ready to rent back to the US gov.

      --
      Domestic spying is now "Benign Information Gathering"
    6. Re:You don't steal from the NSA unless... by sjames · · Score: 1

      Or some idiot violated security protocols.

  18. Re:Joke's boner him by Anonymous Coward · · Score: 0

    Windows ME came out afterward, idiot. Joke's on you.

  19. Re:Impossible for them to work on my setup... apk by Anonymous Coward · · Score: 0

    SMB/LanMan: I thinks you meant NetBIOS if you're looking for equivalency to the TCP/IP transport.

  20. Thanks, Obama. by Anonymous Coward · · Score: 0

    [rolls eyes]

    1. Re:Thanks, Obama. by HiThere · · Score: 1

      I think you can fairly blame every president since Eisenhower...and possibly him.

      It's a systematic problem. When some gets into a position of power, they almost inevitably try to consolidate the power. If they weren't the kind of person who would do that, they wouldn't have schemed for the power in the first place. And the election system guarantees that only those nearly psychotically driven to gain power will be willing to put themselves through the process.

      So I recommend selecting government officials by lottery with minimal qualifications. (At least 2/3 of the adults in the country should be in the lottery.) We could hardly do worse than the current selection, and it would prevent "politicians" being pre-bribed before they took office. And it would ensure that all minorities were fairly represented (on the average). Then there's the need to address regulatory capture, so office holders should be forbidden from any gainful employment after retiring ... which means they need a decent retirement package...say, twice the median income.

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
  21. "All versions", yeah right by ET3D · · Score: 3, Interesting

    Interesting that he went for a 2 year old version of Windows 10. Would have been much more interesting if he tested the latest patched versions of all OS's. If he did that for Windows 10, won't surprise me if he also used unpatched versions of Windows 8.1 and 7.

    1. Re:"All versions", yeah right by Anonymous Coward · · Score: 0

      you didn't even read the article did you?

    2. Re:"All versions", yeah right by Anonymous Coward · · Score: 2, Informative

      Interesting that he went for a 2 year old version of Windows 10. Would have been much more interesting if he tested the latest patched versions of all OS's.

      He did, although you have to read the article linked in the article linked from the summary to know this.

      He tested on FOUR different versions of Windows 10:
      10.10240 - vulnerable
      10.10586 - vulnerable
      10.14393 - vulnerable
      10.16299 - NOT VULNERABLE

      Also 10.16299 is from October 2017, which is only 5 months old right now, not 24 months as you imply.
      10.10586 and 10.14393 are both not 24 months old yet either.
      Only one version in that list, 10.10240, is more than 24 months old. But seeing as four isn't one as you claim, I'm not counting that as a correct statement either.

      If he did that for Windows 10, won't surprise me if he also used unpatched versions of Windows 8.1 and 7.

      Of course he did, and says so. He also tested the fully patched versions along with them.

      Windows 7: Release version, SP0, SP1, and SP1 with the KB3020369 rollup.
      The first ones are older unpactched versions, or specifically for SP0 and SP1, they are patched just not the latest patches.
      The latest would be the KB3020369 rollup, which is also vulnerable.

      Windows 8.1: Release version, Evaluation 9600, and SP1.
      The first is unpatched, the second is the beta for SP1 so is patched but not the latest patches, and SP1 is the latest. All are vulnerable.

  22. I think you need to learn to read... apk by Anonymous Coward · · Score: 0

    See subject: I covered NetBIOS over TCP/IP (in your network connection item TCP/IP properties) in my post you replied to...

    APK

    P.S.=> It works (for security & efficiency) vs. this threat (& many others before it)... apk

    1. Re:I think you need to learn to read... apk by Anonymous Coward · · Score: 0

      Silly, AC, don't you understand?

      APK never, ever admits to a mistake or a fault no matter what. That way, he never makes mistakes ever!

      Meanwhile he enjoys using "bridges" to switch IP addresses and evade posting limits. We all saw him say that back in the day, but if you ask him, he never said that and you're a big dummy for thinking that he did. Therefore he somehow never completely misunderstood what a bridge is or what it does. See? Simple.

      In fact, if APK walks up some stairs and accidentally stubs his toe, the problem is definitely faulty stairs. Stupid contractor/carpenter should have made that one step recessed just for him.

    2. Re:I think you need to learn to read... apk by Anonymous Coward · · Score: 0

      Apk did cover netbios and you said he did not. You made the mistakes not apk. We all see you stalk him and tell lies about him. You have serious mental issues.

    3. Re:I think you need to learn to read... apk by Anonymous Coward · · Score: 0

      Nice try APK...

    4. Re:I think you need to learn to read... apk by Anonymous Coward · · Score: 0

      No nice try for you unidentifiable anonymous. You do need to learn to read. Apk covers netbios. You said he didn't https://tech.slashdot.org/comments.pl?sid=11704569&cid=56070977/ and I'm not apk.

  23. Re:yes but did you heard the eagles won the game by mnemotronic · · Score: 3, Funny

    I made a fair amount of money on that game. Monopoly money, of course ...

    Exchange it for BitCoins.

    --
    The Russians have won. They have made the world a cesspool of distrust, greed, fear and hate.
  24. They are a government agancy first by Excelcia · · Score: 5, Interesting

    It's not the fact that the NSA isn't allowed to hack. It's the fact that they discovered multiple critical vulnerabilities in an OS used by hundreds of millions of American citizens and other American agencies and governments, and instead of disclosing it responsibly so that Americans would be protected, they sat on that information. Worse, they weaponized it, then they let the weapon escape out into the wild. NSA exploits are responsible for more billions of dollars in ransomeware attacks than any single source.

    The NSA failed to protect Americans, weaponized a weakness shared by virtually every citizen, and then failed to keep their weapons locked up. Imagine if the US Air Force lost a few nukes. The property damage by NSA leaks is about akin to dropping a nuke on medium sized city. The NSA leadership responsible for those decisions shouldn't just be fired, they should be hauled (in chains) before congress to answer publicly for those decisions. I cannot fathom why the American people aren't still howling for their arrest.

    1. Re:They are a government agancy first by Anonymous Coward · · Score: 1

      My generation stopped the NSA Clipper chip. What’s your generation’s excuse?

    2. Re:They are a government agancy first by humankind · · Score: 1

      How many phone calls did you make to your elected representatives demanding they do something about this? Oh wait, you expected someone else to solve the problem for you?

      Even if you're not in the states, like any citizen, part of your responsibility is to regularly lobby the government to represent your interests. This stuff happens everywhere, in every country where people expect some annointed king-like leader to solve all their problems and read their minds.

    3. Re:They are a government agancy first by VeryFluffyBunny · · Score: 3, Insightful

      How many phone calls did you make to your elected representatives demanding they do something about this? Oh wait, you expected someone else to solve the problem for you?

      Even if you're not in the states, like any citizen, part of your responsibility is to regularly lobby the government to represent your interests. This stuff happens everywhere, in every country where people expect some annointed king-like leader to solve all their problems and read their minds.

      Yes, that's the typical response of victim blamers and it's a load of bollocks.

      How are citizens supposed to do something when their political representatives actively avoid them, and everything that matters to people is taken out of democratic control, or made secret, e.g. that the NSA was spying on American citizens in the US without reasonable suspicion or probable cause?

      How would you like to blame voters who've been forced into a captive 2 party system dominated by corporate funding?

      And how about all the US citizens and party members who are denied their right to vote by closing down polling stations and disqualifying large numbers of votes? How would you like to blame them?

      When you have a participatory democracy instead of a representative one, you can blame the electorate for lack of participation. Don't shit on the unfortunate and disenfranchised.

      --
      Debate is a form of harassment. Do not question my truth.
    4. Re:They are a government agancy first by Anonymous Coward · · Score: 0

      Nice try Ivan

  25. Retard APK isn't spouting complete BS for once by Anonymous Coward · · Score: 0

    For once retard Alexander Peter Kowalski isn't spouting complete BS.
    He is following advise of others which is to shut down and if possible remove any unused services and features.
    Too bad he is trying to make himself out to be smarter than he actually is as others have said you should disable things you aren't using long before he wrote his article for a publication no one has ever heard of.

  26. Re:Joke's boner him by Immerman · · Score: 1

    What does Windows ME have to do with anything? Even at the time everybody recognized it as a bad joke. The only people to use it were the suckers that bought a new computer without first making sure it was running 98 instead.

    --
    --- Most topics have many sides worth arguing, allow me to take one opposite you.
  27. Will work on all elections. by Anonymous Coward · · Score: 0

    Remember the only time Dems get the national because the Republicans have been mathematically proven to cheat so bad that landslide turnouts are the only way.

  28. U did security guides 4 Windows before me? by Anonymous Coward · · Score: 0

    See subject: Prove it & that you were paid for it as I was. Stalking me again too? You're under a delusion you're a 'security guru' https://tech.slashdot.org/comments.pl?sid=11579085&cid=55887967/ & I easily shot you down on whitelists + on NoScript inferiority vs. hosts https://developers.slashdot.org/comments.pl?sid=11549257&cid=55843151/!

    IF you are a security guru (you're not, you're a LYING WANNABE)?

    Then you're full of shit & we are in DEEP shit if you are representative of them!

    YOU ALSO SAID YOU WRITE "REAL 'SECURITYWARE'? https://yro.slashdot.org/comments.pl?sid=11606243&cid=55924893/??

    Then where the "F" is it bigshot blowhard liar???

    Point-blank/bottom-line: It's not... pure 'vaporware' bs!

    * Mine's VERIFIABLY liked & used (+ praised even by our /. peers, registered ones, unlike your lame hiding ass you inferior one) https://tech.slashdot.org/comments.pl?sid=11595279&cid=55903895/ as well as hosted by malwarebytes & yes, REAL SECURITY PROS (both current & past) SAY HOSTS = GOOD SECURITY https://developers.slashdot.org/comments.pl?sid=11549257&cid=55839269/

    The deluded unidentifiable stalking wannabe that you are = a JEALOUS JOWIE "ne'er-do-well" DO-NOTHING ZERO & you not only KNOW it, you PROVE it - period (you pitiful little fuck).

    APK

    P.S.=> You're a pitiful sicko & I've written those security guides for Windows most likely BEFORE YOU WERE BORN & before anyone else I've seen try it, you bullshitter - not YOU douchebag (your lack of security know-how's in those links above proving you INCOMPETENT)... apk

  29. Re:Windows always excelled at backward compatibili by NettiWelho · · Score: 1

    Yeah, but you get much better framerates in Win 10

    This experience isn't universal, in fact theres a thread on nvidia driver forums thousands of responses long complaining about massive performance issues in general on windows 10 but not a similar complaint mountain on windows 7(many people actually note that performance issues is not present on windows 7 on exactly same hardware setup) which was the most popular windows until literally a few days ago

  30. Re: Suuuure you did by Anonymous Coward · · Score: 1

    Intel ME is just a mirage!

  31. The NSA exploits don't work on my setup... apk by Anonymous Coward · · Score: 0

    See subject: I cut off Server, Workstation, File & Print sharing + netbios over tcp/ip so SMB attacks don't work (I have no need of those services running w/ only a single system here @ home) thus BOTH securing myself + saving cpu cycles/RAM & other forms of I/O no longer wasted on those services & extra packets encapsulated in my network packet trains too.

    * Been doing this since the EARLY NT days (bit different then as tcpip wasn't the 'primary network carrier' then, SMB/LanMan was) & it works for security + efficiency even today decades later...

    APK

    P.S.=> Proof of my statements in security guides I wrote in 2006 (that actually began life @ NTCompatible.com in 1997) that even got me PAID for them (nice surprise) per https://www.bing.com/search?FORM=INCOH2&PC=IFJ1&PTAG=ICO-c9d0fc87&q=how%20to%20secure%20Windows%202000%2FXP/ ... apk

    1. Re:The NSA exploits don't work on my setup... apk by Anonymous Coward · · Score: 0

      (I have no need of those services running w/ only a single system here @ home)

      *biting the hook*
      But what if you have more than one computer or a network printer and need those services?

      On a similar note. My computer is currently totally secure against all remote attacks since it's turned off.

  32. The perils of outsourcing :] by najajomo · · Score: 1

    Illustrating the perils of outsourcing your stuff to the private sector :]

    1. Re:The perils of outsourcing :] by AHuxley · · Score: 1

      That is what started all the problems. The NSA held up well against the Soviet Union and all its attempts into the 1980's.
      With the use of contractors the compartmentalization was finally lost.
      Every contractor had its own new ways and full tool lists. Staging servers could do anything for any mission at any time for a price.
      Contractors got let into more and more US gov secrets until the esprit de corps within the US gov, mil was replaced by contractors rent seeking.
      Political leaders backed the private sector as they got "results" for the same budget. States got new private sector consulting jobs and that was good for reelection.
      It all held together until the staging servers with all the tools got found. Why put so many tools in one staging server? Convenience for the private sector? Profit? It always just worked in the past?

      --
      Domestic spying is now "Benign Information Gathering"
  33. Screw those guys! by Anonymous Coward · · Score: 0

    That tears it! I'm loading Windows ME!

  34. Re: Joke's boner him by Brockmire · · Score: 1

    There was a hybrid 98/me build you could make that added the few ME features and improvements and run on a 98 install. I think I cleared that shit from my local drives years ago and forget the name of that project.

  35. It's your & MS' problem (not mine)... apk by Anonymous Coward · · Score: 0

    See subject: & I'm "off the hook" - There's more 'stand-alone' systems like mine connected to the net via TCP/IP vs. lan/wan setups out there & yes my method works vs. threats like this via the simplest method of all for security + efficiency (getting rid of the PROBLEM AREA itself that I just plain DO NOT NEED, period).

    * My security guide I posted links to IS GEARED TO SETUPS LIKE MINE ONLY (the majority in a single system @ home, no LAN/WAN involved using MS protocols (SMB/LanMan/NetBIOS) but connected to the internet via TCP/IP).

    Lastly - you being turned off means your system's useless - mine isn't.

    Addtionally/Unfortunately & iirc/afaik?

    YOU'RE NOT SAFE Not vs. Intel AMT/ME (even turned off it can get to you but I cut that off via port filtering in my router EXTERNAL to my motherboard too where AMT/ME operates from).

    APK

    P.S.=> Onwards & UPWARDS + I hope MS corrects it for those of you w/ lans-wans to take care of... apk

  36. I still have my Win98SE CD... by Anonymous Coward · · Score: 0

    It works great in VirtualBox, so Plan B (if this exploit gets loaded with, say, the next Windows Update) is to wipe, install Linux, and then the Win98 VHD for those few things I can't do without from Windows and that won't work quite right in Wine. As long as they don't need network access, of course.