Also, a gentle reminder that Microsoft is a business, not a charitable entity.
"Financial spying by the NSA is probably the most important and least liberty-infringing bulk-style program possible - and I doubt anyone outside the targeted countries would have a problem with the NSA spying on foreign WMD and missile programs", Weaver wrote.
Had the NSA notified Microsoft at the time of discovery, hospitals would have had years not weeks to patch their systems. But they could still linger as low-grade infections that flare up from time to time. After all, peoples' lives could be in danger if, say, medical practitioners cannot access health records.
IT teams of several firms have been asked to work overtime and on the weekends, to ensure that WannaCry attack does not lead to loss of data, said a report by The New Indian Express.
Is any system particularly vulnerable? .
According to the company, "customers who are running supported versions of the operating system (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, Windows 10, Windows Server 2012 R2, Windows Server 2016) will have received the security update MS17-010 in March".
Use the latest Operating System.
It should be noted the WannaCry ransomware, which exploits the EternalBlue vulnerability in Microsoft's Windows OS, doesn't impact devices running on Linux or Apple's MacOS.
On the other hand, the attack has served as a live demonstration of a new type of global threat, one that could encourage future hackers.
The virus spread quickly because the culprits used a digital code believed to have been developed by the US National Security Agency - and subsequently leaked as part of a document dump, according to researchers at the Moscow-based computer security firm Kaspersky Lab.
Washington has banned Chinese tech firms in the United States in the days after the attack, but the newspaper said there was "no credible evidence" to support the ban. The WannaCry attack shows this may not be the case with many organisations. Project Zero's established guidelines specifically state that they will sit on the information until the manufacturer comes up with a patch, lest any bad guys want to exploit it. This is not to be ignored, because clearly hackers have tools to exploit this security vulnerability, and could carry out a different attack later on.
In fact, David Powner, director of IT at the Government Accountability Office, says some federal agencies pay programmers more to learn outdated languages, just to keep old systems functioning.
"It's a fine balancing act to develop offensive capabilities while protecting our own infrastructure".
Too many users of pirated software can be found in India a well so cyber-criminals easily target the country. "Disclosure of vulnerabilities in my opinion remains the best strategy and let offensive capabilities be develop using other methods".
"If you have anything to patch, patch it", the researcher said in a blog post.
"There is a lack of transparency in India, in-spite of a mandatory requirement for banks and listed companies to disclose cyber-attack, however, very few banks and companies do that", Tushar Ajinkya, Partner, DSK Legal, told ET.
Cran said any government vulnerability remediation and disclosure process needs to have public safety as the priority.
- Chelsea Manning Posts Photo of Pizza After Release From Prison
- Kawhi Leonard expected to play Sunday against Warriors
- Spurs Return to Western Conference Finals
- Trump denies asking Comey to end Flynn investigation
- Cyber-security experts bracing themselves for new ransomware attacks
- Celtics Win Draft Lottery for #1 Pick in the June Draft
- GM to end sales in India, manufacturing in South Africa
- Trump should thank Rosenstein for naming a special counsel
- Chinese media blame the United States of America for WannaCry ransomware cyber-attack
- Seoul raises possibility of war in Korea as missile crisis builds