SOME MRI machines run Microsoft. MANY do not. I believe that Siemens and Philips run Microsoft. GE runs Linux. I’m not saying that Linux is invulnerable, but at least it doesn’t have all the security issues characteristic of the Microsoft operating system(s). Your description shouldn’t be limited to MRI, either. CT machines also run software on their hosts. You would be surprised how many medical devices run vulnerable operating systems and are connected to a network.
You should probably be concerned about the software running in automobiles, especially if they support Bluetooth and/or WiFi. If your cellphone works through your car, that could be a vulnerability.
In any event, good companies are already addressing cybersecurity issues in their software, and that very definitely includes medical device manufacturers.
And you have your own versions so don’t act all high and mighty.
Meanwhile YOUR country hosts the Ecuadoran embassy where Assange is and HE attacked us and gave us Trump so that’s all YOUR fault if you want to follow your useless logic.
The US has to answer for this indeed. One would think you’re so busy screwing up your own country you should maybe just fix yourselves first.
Wrong. You’re ignorant about the issue, presumably because most media barely covers it. The NSA wrote the program to that used the vulnerability to spread with incredible pace between computers. That program was released a few months ago because the NSA didn’t secure it problem. A hacker group has taken that incredibly powerful too and built some simple crypto malware on top of it. The NSA is 100% responsible.
No doubt. But we haven’t been stupid enough to let it leak out. Snowden did not steal these files, a hacking group called the shadow brokers did. Assange and Snowden are not the problem. The NSA is.
I’m not sure why anyone even uses windows because it’s so vulnerable to attacks. Jesus, download the latest Linux mint version for free and never fear any of this crap ever again.
It’s complicated. By the nature of its transaction model, bitcoin is completely traceable in the sense that you can know which bitcoin wallet(s) a particular payment goes to, which wallet(s) get the money from there, and so on. But you don’t know – without other detective work – whom those wallets belong to. And there are folks who make a business of turning bitcoin into real money and then back again to muddy the trails. Meanwhile,on the physical-money side (say the huge wire-transfer theft last year) casinos seem to be the anti-detection method of choice: someone buys $5 Million worth of chips, someone else cashes in $5 Million worth of chips and officially there’s no way to connect the two transactions. [The other thing about bitcoin is that it’s not a huge currency market, so any really big flow in or out (millions or more) would be pretty visible.]
It is absolutely criminal that the NHS uses software (Windows XP) which its vendor stopped supporting three years ago. Having a critical system running XP on a network in this day and age is simply criminally negligent.
“Runs embedded XP” does not equal “is vulnerable”. But if it’s more or less a standard XP and is connected to the network then yeah.
Older cars, even if they run a lot of software, are typically relatively secure because they are offline and only a service technician can mess with the firmware when the car is stopped. In other words, physical access required, which is not the same thing as being secure, but in practice severely limits how much damage a criminal can do.
You’re ignorant… That program was released a few months ago because the NSA didn’t secure it…
Which to choose?
It ain’t what you don’t know that gets you into trouble. It’s what you know for sure that just ain’t so.
Mark Twain
Or
Beware of false knowledge; it is more dangerous than ignorance.
George Bernard Shaw
NSA did not write the WannaCry worm. NSA is not in the business of ransoming data. You’re referring to WannaCry’s reliance on a Microsoft SMB vulnerability (MS17-010), for which a security patch was pushed out in March. This particular vulnerability allows execution of remote code. In the case of WannaCry, the attackers executed a ransom-attack.
What made WannaCry so damaging is not that it exploited a vulnerability that allowed it to execute remote code, but rather the choice of remote code that it executed – the ransom attack.
WannaCry is hardly the first bit of malware to exploit SMB vulnerabilities to execute remote code. In 2008, the Conficker worm infected something like a million PCs by exploiting an SMB vulnerability to execute remote code. The difference is that Conficker didn’t carry a ransom-attack payload. That was a choice made by the attackers and has zero to do with the NSA.
If you wander over to the CVE list and search with keyword SMB, you’ll get several hundred results, several of which allow exectuion of remote code. Obviously, no one needs software from the NSA to exploit Microsoft SMB vulnerabilities that allow execution of remote code. All one need do is to subscribe to Microsoft’s Security Bulletins, wait for a patch to be released that fixes a vulnerability allowing execution of remote code, download and reverse engineer that patch to create an exploit, weaponize it with a payload, then hope there are a ton of people stupid enough to have turned off security updates for their PCs.
Even though it’s longer, I like Mark Twain’s quip better. I’m guessing you prefer the less witty and more ponderous George Bernard Shaw. Am I right?
I wasn’t trying to suggest that it does. I do see that my post could be read that way though. The point is that the os for these machines can’t be updated nor patched – at least that’s what I’m hearing from people who were hit by this.
Victim blaming, eh? Well done you. Do you also blame women wearing provocative clothing if they’re assaulted on a night out?
You also could do with educating yourself on what ‘criminal’ means. Facilitating mass criminality like the NSA is doing? Criminal. Being a victim of said crime? Not criminal.
Oh dear. It was the NSA-written tool exploiting the security hole to directly spread between computers that is the core technology enabling the success of the malware. If you keep researching I’m certain you’ll understand eventually.
Once it was clear it had been stolen and released on the web, the NSA informed MS about the exploit they’d discovered years ago but, of course, didn’t tell anyone, and MS then released the patch in March.
The issue here isn’t the security flaw itself, but the incredibly sophisticated tool the NSA wrote to exploit it which is now being used by criminal gangs.
It was the NSA-written tool exploiting the security hole to directly spread between computers that is the core technology enabling the success of the malware.
You could say that about the internet, but not about the NSA code. The NSA code was a convenience, not a necessity. But without the internet, the exploit couldn’t have occurred.
If you keep researching I’m certain you’ll understand eventually.
Researching exploits is part of what I do these days. I’m starting a pentesting business. So yeah I reckon I’ll keep researching.
But I already understand you very well – unfortunately.
No, that’s an inept analogy, though I agree with the broader point. Here’s an analogy exemplifying your reaction:
The NSA create a completely new virus targeting ethnic Russians and arabs. They leave it lying around, it’s stolen by terrorists who realise a lot of people around the world have a bit of Russian or Arabic in them. They combine the virus with the common 'flu. The NSA panics, tells the WHO who develop a vaccine, and offer it to whoever wants it without making much of an effort to distribute it, probably not realising themselves just how deadly the virus could be. The NSA doesn’t help either, feeling they have zero responsibility for creating the weapon. A mere two months later the virus is released, when a lot of people still hadn’t even heard about the vaccine. Could the victims who didn’t get vaccinated in time have acted better? certainly. Should they be blamed for the NSA creating and then carelessly releasing an entirely new type of virus? No.
I love it when folks attack me at a personal level because it’s an admission they know they were wrong. If you could discredit me with facts and logic you would have done so instead of resorting to personal attacks.
