“To understand why it is so difficult to defend computers from even moderately capable hackers, consider the case of the security flaw officially known as CVE-2017-0199,” Joseph Menn reports for Reuters.
“The bug was unusually dangerous but of a common genre: it was in Microsoft software, could allow a hacker to seize control of a personal computer with little trace, and was fixed April 11 in Microsoft’s regular monthly security update,” Menn reports. “But it had traveled a rocky, nine-month journey from discovery to resolution, which cyber security experts say is an unusually long time.”
“While Microsoft investigated, hackers found the flaw and manipulated the software to spy on unknown Russian speakers, possibly in Ukraine,” Menn reports. “And a group of thieves used it to bolster their efforts to steal from millions of online bank accounts in Australia and other countries… It is unclear how many people were ultimately infected or how much money was stolen.”
Read more in the full article here.
MacDailyNews Take: Macintosh unaffected.
SEE ALSO:
USB Kill 2.0 can destroy any Windows PC in seconds, Apple Macintosh unaffected – September 12, 2016
I do believe Microsoft should make restitution to all businesses and people ripped off or financially distressed by problems from using their swiss cheese OS. (Problem is they would probably then be in the hole trillions despite billions currently in the bank if it did so.) Windows has caused more human misery probably than the combined human history of abject misfortune (now I’m overstating!).
O M G – the amount of money spent at my workplace on 3rd party products to try and protect Winblows is staggering.
Antivirus, Malicious Code Execution Monitoring and Prevention, Vulnerability Scanning and Anaylsis, Elevated Account Access Control and Monitoring, eMail Scanning and Isolation, 3rd Party AD management tool, Application Whitelisting, Blacklisting, Graylisting, and Sandboxing, etc . . . The software agents installed to do all these things suck system resources like crazy. Administration is a mess of processes and red tape. That, on top of the millions spent on the Micro$oft Enterprise Agreement. We actually had one good tool that was trashed for a “free” one included in the MS Enterprise Agreement so the money could be spent on another non-MS management product.
Don’t get me wrong, I like getting my paycheck but geez, too many middle managers and bean counters making the decisions and disregarding valuable input and views from the people who make it work.
One more thing . . . Bring your own device. What a crock, you still have to use a Windows session in a VDI environment. So much for people who would rather work on a Mac natively (or *nix).
Nobody is forcing them to use Windows. Making any company, even MS pay for its users stupid mistakes, is lame. That goes for Apple too.
I beg to differ. If there was liability involved in creating these products perhaps they would be better vetted before being unleashed on an unsuspecting public. Creating expense for others in fixing problems instead of having done it right to begin with. ESPECIALLY reckless OS products like Windows.
Somebody must have turned off security features in their MS Windows 10!
I don’t see the big deal. Eventually Windows 10 Update 300 is going to fix everything. Lol
Spot on, really – you’re really right! Except I have it on good Mary-Jo-Thurrauthority that it will all actually be fixed in Update 301.
Only 295 updates to go – not long now!
Hang on! It’ll be fixed in the next version!
Microsoft promotes Flaws in their softwares. First they send out flawed product and then allow Anti Virus companies to make softwares for protection. It’s Microsoft controlling both the market. How the hell does Microsoft justify themselves when they are proven incompetent software developers when they can’t even make a properly protected software.
All software contains bugs. It’s impossible to not have bugs. the mark of a professional is how quickly they acknowledge the bugs found and repair them. Microsoft engineers are amateurs even after 40 years.
It is unclear how many people were ultimately infected or how much money was stolen.”
There are various estimates of the number of computers infected. As of early this past week, we knew that millions of PCs on the Internet are vulnerable, despite Microsoft’s March patching of the security hole. We also know that somewhere in the range of 10s of thousands of PCs are currently infected.
Paranoia: One wonders if Microsoft’s delay in patching was suggested to them by the NSA, etc., in order for them to get to PCs they wanted to surveil, legally or not.