D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] nhs cyber attack

 


> On 13 May 2017, at 09:20, Trevorexwick.com <Trevor@xxxxxxxxxx> wrote:
> 
> I wonder about busybox based NAS boxes with open SMB shares...

I wondered similar.

Without dissecting the Shadowbroker dump further - there were many critical issues 
fixed with SMB in MS-17-010 so it would take hours and days to be sure, but it looks 
like nearly all these are basic coding errors by Microsoft rather than flawed by 
design so it is likely clean implementations of SMB won't have these issues.

Also there have been many other DoS and memory corruption flaws in the SMB component 
affected, but by publishing the exploit tool ShadowBrokers removed the deep Windows 
hacking expertise barrier to exploiting the bad code.

Remember this is stuff Microsoft didn't have documentation for when the EU demanded 
it. 

There will be some serious soul searching after this.

I'm already pondering if this, and the Defender fiasco is reason enough to cull the 
few remaining Windows boxes we have. That will be a tougher call for the government. 
Mac OS is bad, but it's not THIS bad.

-- 
The Mailing List for the Devon & Cornwall LUG
https://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq