The NSA’s hack on old Microsoft operating systems is weaponised and released to the internet, most publicly massively impacting the UK’s NHS, which had taken the decision not to move forward from Windows XP, a product for which support by its authors ceased in 2012. This was meant to be quick and a source list for a blog article, but as ever it took too long.
This is a storify I made at the time and have transferred it to this blog and published as at the date created. …
Having done my best to ensure that my personal systems are as safe as I can make them, I am preparing a personal response to the #wannacry attack last weekend. Meanwhile, I consider this by John Elliot, a great response on the public policy side, and this by David Thomas, a useful look at the IT Security response where he argues that it’s not just about “Vulnerability Management” and that Technical Debt is not just a funky word to get money for the maintenance budget. Neither of them major on the NHS IT Security failings that made them such a target but David makes the points that the UK & NHS weren’t the only victims with Taiwan, Russia, Ukraine and India all suffering from attacks. This is from Microsoft’s Chief Legal Officer, Brad Smith and is also important, He re-states Microsoft’s commitment to all its customers and calls for better government response including the idea of a digital Geneva convention. The Washington Post describes the discussions inside the NSA and reveals aspects of how they decide whether to release security vulnerabilities or weaponise them. It’s argued that the cyber weapon was like “Fishing with dynamite”, but as ever no public evidence to allow the people that pay for this to evaluate their claims. …
A public information announcement, the Microsoft web page on their #wannacry response. This is their customer guidance notice and has links to the Security Bulletin detailing the vulnerability and the patch together with its availability. …
Prompted by the ORG, last week I wrote to the DCMS to argue that 3rd Party organisations, like ooh!, the ORG should be allowed to initiate ICO investigations into corporate privacy breaches. The #wannacry worm attack is a proof point that campaigning organisations should be able to pursue class actions; as I said in my evidence, the right of private prosecution is the flip side of this coin. …