Mike Kerner wrote:
So back to what happened on Friday, in the western world, firms that have
large investments in large and very expensive pieces of gear (which, I
forgot to mention also carry lead times of 12-18 months in many cases), and
large and very expensive software systems weren't paranoid enough. I can't
speak to what happened in the former Eastern Bloc, since they were hit much
harder than everyone else, but I suspect that glasnost has not been as good
for them as they may have hoped. No one has mentioned it, but I have to
wonder what happened behind PRC's Great Firewall, and in DPRK.
Good luck getting any verifiable information about what goes on inside
DPRK.
As for PRC, it seems the Great Firewall only protects them from
ideological dangers, like the risks of reading the Federalist Papers,
while leaving infrastructure vulnerable:
Tens of thousands of Chinese firms, institutes affected in WannaCry
global cyberattack
<http://www.scmp.com/news/china/policies-politics/article/2094377/tens-thousands-chinese-firms-institutes-affected>
I would also be curious to see, over the coming weeks, how severe the effect
was in
Africa.
Less so than elsewhere:
Africa least hit by WannaCry ransomware cyber-attack
<http://www.africanews.com/2017/05/15/africa-least-hit-by-wannacry-ransomware-cyber-attack/>
I'd guess this is likely because they have less traditional Internet
infrastructure and fewer PCs per capita. Like parts of S. America, many
parts of Africa have skipped the whole POTS phase to go directly to
mobile networks, with far more phones than PCs:
Looking ahead, one way to mitigate such risks would be to share
information on known vulnerabilities as they're discovered.
Remember, WannaCry is a variant of a tool made by the US NSA, who
discovered the vulnerability but chose not to disclose it to Microsoft,
who was able to patch it shortly after it was discovered through the NSA
hack by the "Shadow Brokers" group and the NSA toolkit posted online.
Microsoft had some words over the weekend about the need for better
vulnerability reporting:
Microsoft president and chief legal officer Brad Smith said by
keeping software weaknesses secret, vendors are left in the dark,
can't issue updates, and their customers are left vulnerable to
attacks such as the one that exploded this weekend. He compared
the leak of NSA exploits to the theft of missiles from the American
military, pointing also to the Wikileaks dump of CIA hacking tools.
"An equivalent scenario with conventional weapons would be the U.S.
military having some of its Tomahawk missiles stolen. And this most
recent attack represents a completely unintended but disconcerting
link between the two most serious forms of cybersecurity threats in
the world today – nation-state action and organized criminal
action," Smith wrote in a blog post published Sunday.
"The governments of the world should treat this attack as a wake-up
call. They need to take a different approach and adhere in
cyberspace to the same rules applied to weapons in the physical
world. We need governments to consider the damage to civilians that
comes from hoarding these vulnerabilities and the use of these
exploits."
Microsoft Just Took A Swipe At NSA Over The WannaCry Ransomware Nightmare
<https://www.forbes.com/sites/thomasbrewster/2017/05/14/microsoft-just-took-a-swipe-at-nsa-over-wannacry-ransomware-nightmare/>
--
Richard Gaskin
Fourth World Systems
Software Design and Development for the Desktop, Mobile, and the Web
____________________________________________________________________
ambassa...@fourthworld.com http://www.FourthWorld.com
_______________________________________________
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
