- Joined
- Aug 20, 2007
- Messages
- 20,787 (3.41/day)
System Name | Pioneer |
---|---|
Processor | Ryzen R9 7950X |
Motherboard | GIGABYTE Aorus Elite X670 AX |
Cooling | Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans... |
Memory | 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30 |
Video Card(s) | XFX RX 7900 XTX Speedster Merc 310 |
Storage | 2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs |
Display(s) | 55" LG 55" B9 OLED 4K Display |
Case | Thermaltake Core X31 |
Audio Device(s) | TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED |
Power Supply | FSP Hydro Ti Pro 850W |
Mouse | Logitech G305 Lightspeed Wireless |
Keyboard | WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps |
Software | Gentoo Linux x64 |
Samba, the open source implementation of the Windows CIFS file sharing protocol found on Linux and many home NAS-systems, now has its own version of a "WannaCry" grade bug ready to cause users grief. Like WannaCry, Sambas bug enables remote code execution and is totally wormable. Unlike WannaCry however, it does require write access to the SMB share, limiting it's effect unless you run an unauthenticated share on the internet.
So why is this newsworthy at all? It is of course newsworthy in its own right because of bad security practices that run rampant in our industry, I would argue, but that's not really why I posted this, I will confess. Yes, I'm trying to make a point again with that blunt instrument we call "editorial." I do apologize for the inconvenience (not really).
Moving onwards to my point, what I found interesting about this particular report was that the issue was reported by none other than a government agency, and not one known for being exactly a beacon of exploit reporting: The U.S. Department of Homeland Security.
Maybe I'm jumping the gun a bit, just maybe, but could it be that after WannaCry, the government is starting to realize stockpiling exploits is not good for cyber security as a whole, and beginning to report them instead? Certainly interesting to see a government agency report an issue like this that could be used for monitoring people or something. Maybe the impact of WannaCry was to wake our government up a bit in a positive way?
I'm a positive thinking man, but even I find that a bit hard to believe from just one incident. Maybe though, this is the start of something new. I can hope. Let's keep watching and see if this trend continues.
How do you feel about this? Is the stockpiling of exploits a legitimate strategy in cyber-warfare? Should it be stopped? Expanded? If so, how far is too far? And is this evidence of a change of governmental policy in the US? Let us know what you think below.
View at TechPowerUp Main Site
So why is this newsworthy at all? It is of course newsworthy in its own right because of bad security practices that run rampant in our industry, I would argue, but that's not really why I posted this, I will confess. Yes, I'm trying to make a point again with that blunt instrument we call "editorial." I do apologize for the inconvenience (not really).
Moving onwards to my point, what I found interesting about this particular report was that the issue was reported by none other than a government agency, and not one known for being exactly a beacon of exploit reporting: The U.S. Department of Homeland Security.
Maybe I'm jumping the gun a bit, just maybe, but could it be that after WannaCry, the government is starting to realize stockpiling exploits is not good for cyber security as a whole, and beginning to report them instead? Certainly interesting to see a government agency report an issue like this that could be used for monitoring people or something. Maybe the impact of WannaCry was to wake our government up a bit in a positive way?
I'm a positive thinking man, but even I find that a bit hard to believe from just one incident. Maybe though, this is the start of something new. I can hope. Let's keep watching and see if this trend continues.
How do you feel about this? Is the stockpiling of exploits a legitimate strategy in cyber-warfare? Should it be stopped? Expanded? If so, how far is too far? And is this evidence of a change of governmental policy in the US? Let us know what you think below.
View at TechPowerUp Main Site