Skip to content

Davey Winder

delivering award-winning technology journalism since 1991

  • home
  • about me
  • follow me on mastodon
  • privacy policy
  • Toggle search form
people with TV screen heads

WannaCry fallout: is hoarding exploits, delaying fixes ever justified?

Posted on May 20, 2017May 20, 2017 By Davey Winder

Government agencies hoard undisclosed vulnerabilities in order to aid surveillance, but what about the consequences as exposed by WannaCrypt0r attack?

The fallout from the WannaCry attack continues to spread fear, uncertainty and doubt across the globe. However, there are a couple of interesting issues that have emerged from this pretty unprecedented (in scale at least) cyber-attack, so we set out to discover, is vulnerability hoarding ever acceptable, and ditto for the patches that fix them? Here’s the thing: despite all the government denials over the years, pretty much everyone and their aunt in the security business knows that it isn’t just the criminal element that swallows up zero days. Stuxnet put that particular argument to bed a few years back now.

Pertinent to this case, the EternalBlue vulnerability exploit that had been hoarded (along with others) by the NSA swiftly bit them and us on the behind by enabling the rapid spread of WannaCry (or WannaCrypt0r). You could blame the Shadow Brokers group for releasing the code, although it’s more tempting to blame the lack of code security at an agency – which has an S in its name, after all. So what does the industry think about the whole state-sponsored hoarding of vulnerability data? SC Media has been asking if national security surveillance capability should take priority over the data security of citizens?

Click here to read complete article

Analysis Tags:exploits, ransomware, vulnerabilities, WannaCrypt0r

Post navigation

Previous Post: Ransomware risk to NHS was well known, and totally avoidable…
Next Post: Has WannaCry trashed reputations of leading cybersecurity vendors?

Related Articles

Wordcloud with Cyber Security at centre No, PayPal Hasn’t Been Hacked: Yet Almost 35,000 Accounts Were Breached Analysis
You Need To Fix Google Chrome’s Mojo, Here’s How & Why Analysis
Windows 10 and 11 Security Feature Alerts Bypassed By Attackers Analysis
Elite Hackers Made Almost $1 Million Last Week, Here’s How Analysis
Why You Must Force Update Google Chrome Now: New 0Day Threat Confirmed Analysis
What Twitter Users Need To Know About Mastodon Privacy Analysis

Categories

Post Archive

Tags

0day Analysis Android Apple Apps breach bug bounty Business Chrome crime Cybercrime Data Protection Encryption Enterprise Google Government hack Hackers Hacking healthcare industry iOS IoT iPhone Malware Microsoft News NHS Opinion passwords Phishing Privacy ransomware Research Russia Samsung threat intelligence Threatscape Update Vulnerabilites vulnerabilities Vulnerability Windows Windows 10 zero-day

Copyright © 2023 Davey Winder .

×
Cookies
We serve cookies. If you think that's ok, just click "Accept all". You can also choose what kind of cookies you want by clicking "Settings". Read our cookie policy
Settings Refuse all Accept all
Cookies
Choose what kind of cookies to accept. Your choice will be saved for one year. Read our cookie policy
  • Necessary
    These cookies are not optional. They are needed for the website to function.
  • Statistics
    In order for us to improve the website's functionality and structure, based on how the website is used.
  • Experience
    In order for our website to perform as well as possible during your visit. If you refuse these cookies, some functionality will disappear from the website.
  • Marketing
    By sharing your interests and behavior as you visit our site, you increase the chance of seeing personalized content and offers.
Save Refuse all Accept all
GDPR Cookie Policy