Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSA Exploits Ported To Work on All Windows Versions Released Since Windows 2000 (bleepingcomputer.com)

Posted by msmash on from the security-woes dept.

Catalin Cimpanu, reporting for BleepingComputer: A security researcher has ported three leaked NSA exploits to work on all Windows versions released in the past 18 years, starting with Windows 2000. The three exploits are EternalChampion, EternalRomance, and EternalSynergy; all three leaked last April by a hacking group known as The Shadow Brokers who claimed to have stolen the code from the NSA. Several exploits and hacking tools were released in the April 2017 Shadow Brokers dump, the most famous being EternalBlue, the exploit used in the WannaCry, NotPetya, and Bad Rabbit ransomware outbreaks.

9 of 95 comments (clear)

  1. Windows always excelled at backward compatibility by JoeyRox · · Score: 5, Funny

    That's called taking care of your installed base.

  2. Dodged a bullet there... by rwbaskette · · Score: 4, Funny

    ... I'm still running NT Workstation

  3. Good news everyone! by Virtucon · · Score: 3, Funny

    At least the NSA won't be able to use those exploits anymore.

    --
    Harrison's Postulate - "For every action there is an equal and opposite criticism"
  4. Re:The good old days by DNS-and-BIND · · Score: 4, Insightful

    They no longer regard themselves as under the control of the elected government. James Clapper was director of National Intelligence when he lied under oath to Congress and the American people saying we were not spying on innocent Americans. Good thing Scandal Free Obama was in charge and the media didn't care.

    --
    Shutting down free speech with violence isn't fighting fascism. It IS fascism!
  5. "All versions", yeah right by ET3D · · Score: 3, Interesting

    Interesting that he went for a 2 year old version of Windows 10. Would have been much more interesting if he tested the latest patched versions of all OS's. If he did that for Windows 10, won't surprise me if he also used unpatched versions of Windows 8.1 and 7.

  6. Re:yes but did you heard the eagles won the game by mnemotronic · · Score: 3, Funny

    I made a fair amount of money on that game. Monopoly money, of course ...

    Exchange it for BitCoins.

    --
    The Russians have won. They have made the world a cesspool of distrust, greed, fear and hate.
  7. They are a government agancy first by Excelcia · · Score: 5, Interesting

    It's not the fact that the NSA isn't allowed to hack. It's the fact that they discovered multiple critical vulnerabilities in an OS used by hundreds of millions of American citizens and other American agencies and governments, and instead of disclosing it responsibly so that Americans would be protected, they sat on that information. Worse, they weaponized it, then they let the weapon escape out into the wild. NSA exploits are responsible for more billions of dollars in ransomeware attacks than any single source.

    The NSA failed to protect Americans, weaponized a weakness shared by virtually every citizen, and then failed to keep their weapons locked up. Imagine if the US Air Force lost a few nukes. The property damage by NSA leaks is about akin to dropping a nuke on medium sized city. The NSA leadership responsible for those decisions shouldn't just be fired, they should be hauled (in chains) before congress to answer publicly for those decisions. I cannot fathom why the American people aren't still howling for their arrest.

    1. Re:They are a government agancy first by VeryFluffyBunny · · Score: 3, Insightful

      How many phone calls did you make to your elected representatives demanding they do something about this? Oh wait, you expected someone else to solve the problem for you?

      Even if you're not in the states, like any citizen, part of your responsibility is to regularly lobby the government to represent your interests. This stuff happens everywhere, in every country where people expect some annointed king-like leader to solve all their problems and read their minds.

      Yes, that's the typical response of victim blamers and it's a load of bollocks.

      How are citizens supposed to do something when their political representatives actively avoid them, and everything that matters to people is taken out of democratic control, or made secret, e.g. that the NSA was spying on American citizens in the US without reasonable suspicion or probable cause?

      How would you like to blame voters who've been forced into a captive 2 party system dominated by corporate funding?

      And how about all the US citizens and party members who are denied their right to vote by closing down polling stations and disqualifying large numbers of votes? How would you like to blame them?

      When you have a participatory democracy instead of a representative one, you can blame the electorate for lack of participation. Don't shit on the unfortunate and disenfranchised.

      --
      Debate is a form of harassment. Do not question my truth.
  8. Re:The good old days by HiThere · · Score: 3, Insightful

    Given the currently known evidence, it actually does appear that in the 1960's the NSA was partially on the side of secure communications. It's true they argued for a key short enough that they could break it, but they also argued for some program changes that nobody else understood, but which eventually turned out to patch the program to make it more difficult to break.

    The problem is that the NSA is inherently two different organizations with conflicting goals. One is supposed to secure communications, and the other is supposed to spy on them. (Nevermind that it's only supposed to spy on foreigners. That's irrelevant to the point.) Unfortunately the spys are more adept at politics than the security researchers, so they appear have come to totally dominate the agency...and as a result nobody sensible trusts anything related to it.

    --

    I think we've pushed this "anyone can grow up to be president" thing too far.