If you’re surprised the NSA can hack your computer, you need a reality check – IT PRO

Category: NSA

Colour me shocked. It appears the NSA has been collecting a treasure trove of hacks for Windows, both desktop and servers, covering all versions of the OS bar Windows 10. And this toolbox of capabilities, which also included ways to get into banking and other related systems, has leaked to the public.

I suspect your jaw isnt gaping in surprise. Whats followed has been just as predictable.

First, theres shock that the NSA might have built such a collection of exploits. Sorry, what doyou expect the NSA to be doing? Creating toolkits that can be used against undesirables is what it exists for. Injecting custom spyware onto the laptop of a terrorist could bring up incredibly useful intelligence information, after all.

Then theres the public horror that the NSA didnt tell Microsoft about the exploits. Why is anyone surprised? Sure, its good practice for security researchers to tell Microsoft (or Apple, Facebook, Google, whoever) that theyve uncovered a security hole. There are processes inplace by which such reports are made, the vendor is given time to patch things and issue anupdate, and then the exploit is made public once the patch has been issued. Its all very gentlemanly, and some companies even offer financial rewards.

Would I expect the NSA to tell Microsoft about the exploits? Of course not. Keeping such flaws hidden from Microsoft meant they were exploitable for as long as possible.

No-one is suggesting the NSA, or any other equivalent organisation, is using these tools against the wider population. I dont think there have been mass deployments of EmeraldThread or EternalRomance or EclipsedWing or any of the other rather charming codenames. (Nasty1 and Nasty2 and ReallyNasty3 just dont have the same ring to them.)

But then we come onto the real problems. The tools have now been released into the wild, and it doesnt take much effort to download them. Thismeans there will be a flood of script kiddies trying them out and targeting everyone from NASA to the takeaway down the street. Thats a whole pile of grief no-one needed.

It would be interesting to analyse which antivirus packages would protect you against these exploits. My hunch, backed by discussions with friends in the industry, is almost none. As they say about financial results, past performance is no guarantee of future results.

Even so, now the toolkit has leaked, its of much less use to the NSA, and any other organisations that might have had access to it. That cant be a good thing. Dont confuse that statement with any desire on my part to see government-mandated encryption backdoors being forced into end user applications. I see a differencebetween what an organisation such as the NSA or GCHQdoes and thefar more widespread misuse of data-snooping that we have seen in the UK. And my distrust of the ability of government departments, including the NHS, to keep massive datasets secure has almost no limits.

Then we come to Microsofts interesting claim that these exploits have been patched already, but only very recently. One wonders whether the NSA told Microsoft about the leak once it knew its toolkit was compromised and Microsoft went into top gear to get fixes out as soon as possible.

It does mean, of course, that the old mantra about running only the most current and fully patched versions of applications and operating systems is as true today as it has ever been. Microsoft rather coyly states that Of the three remaining exploits, EnglishmanDentist, EsteemAudit, and ExplodingCan, none reproduces on supported platforms, which means that customers running Windows 7 and recent versions of Windows or Exchange 2010 and newer versions of Exchange are not at risk. So if youre on XP, youre on your own.

Its also true that weve managed to get ourselves into a situation where OSes are so complex that it is now effectively impossible to ensure they are secure. The approach taken by Apples iOS, forcing a walled garden approach on the developers and the execution of code, is arguably the most secure widespread end user platform available. But that still doesnt mean that the core OS itself is secure. Is open source the answer? Maybe, but exploits are found there too.

You may be thinking Ill use this final paragraph to deliver the answer. Sadly, there isnt one. If GCHQ or the NSA want to access my computers, they will either hack their way in, use a backdoor that we dont know about, or just turn up with a warrant and remove every device fitted with a mains plug. And there is nothing I, or you, can do.

This article originally appeared in PC Pro.

View post:
If you're surprised the NSA can hack your computer, you need a reality check - IT PRO

The NSA says do these 5 things with your phone right now - Fox News - January 30th, 2025 [January 30th, 2025]
NSA: Iraqi territory will not be used to attack neighboring countries Iraqi News Agency - ina.iq - January 30th, 2025 [January 30th, 2025]
NDC is not here to witch-hunt - Opare Addo to NSA staff - GhanaWeb - January 30th, 2025 [January 30th, 2025]
NSA Warns iPhone And Android UsersDisable Location Tracking - Forbes - January 19th, 2025 [January 19th, 2025]
Trumps incoming NSA: Hamas must have no role in governing Gaza - JNS.org - January 19th, 2025 [January 19th, 2025]
Trump NSA Disputes Report That Neocons Are Influencing MAGA Staffing - RealClearDefense - January 19th, 2025 [January 19th, 2025]
US NSA lauds Ajit Doval for pivoting ties to advanced future tech - The Times of India - January 9th, 2025 [January 9th, 2025]
Auto insurtech Clearcover expands into Texas NSA market with CGA launch - Re-Insurance.com - January 9th, 2025 [January 9th, 2025]
"Cannot Think Of A Better Way To End My Tenure": US NSA On His India Visit - NDTV - January 9th, 2025 [January 9th, 2025]
Heightened Security At U.S. Naval Academy And NSA Annapolis: Public Access Suspended Amid Increased Force Protection Measures - Bay Net - January 9th, 2025 [January 9th, 2025]
From The Seabed To The Stars: 10 Takeaways From U.S. NSA Sullivans Visit - Strategic News Global - January 9th, 2025 [January 9th, 2025]
NSA Sullivan to visit India to finalise important ongoing initiatives: White House - The Hindu - January 9th, 2025 [January 9th, 2025]
What NSA Jake Sullivans India Visit Signals For Nuclear And Tech Ties As US Lifts Curbs On Indian Entities - Swarajya - January 9th, 2025 [January 9th, 2025]
NSA Sullivan arrives today, seeks to strengthen AI, space, tech ties - The Tribune India - January 9th, 2025 [January 9th, 2025]
CISA, NSA, and Partners Issue Annual Report on Top Exploited Vulnerabilities - HSToday - December 5th, 2024 [December 5th, 2024]
Where Will The Top Amateurs at NSA Yamaha Land After the Team Closes? - Vurbmoto - December 5th, 2024 [December 5th, 2024]
CISA, NSA, FBI and International Partners Publish Guide for Protecting Communications Infrastructure - HSToday - December 5th, 2024 [December 5th, 2024]
Main players backing Syrian government have been weakened by other conflicts, NSA Sullivan says - NBC News - December 5th, 2024 [December 5th, 2024]
Trump's incoming NSA Mike Waltz wants US to dance cheek-to-check with India - The Times of India - November 14th, 2024 [November 14th, 2024]
What Trump's NSA Nominee Said On India's Pivotal Role In The 21st Century - NDTV - November 14th, 2024 [November 14th, 2024]
Exclusive: Nakasone on exploding pagers, life after the NSA and another possible government job - The Record from Recorded Future News - November 14th, 2024 [November 14th, 2024]
FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023 - BleepingComputer - November 14th, 2024 [November 14th, 2024]
CISA, NSA, and Partners Issue Annual Report on Top Exploited Vulnerabilities - National Security Agency - November 14th, 2024 [November 14th, 2024]
6 Principles of Operational Technology Cybersecurity released by joint NSA initiative - Security Intelligence - November 14th, 2024 [November 14th, 2024]
It's official FBI, CISA, and NSA reveal the most exploited vulnerabilities of 2023 - TechRadar - November 14th, 2024 [November 14th, 2024]
Donald Trump picks Mike Waltz as US NSA: What it means for China and India - The Times of India - November 14th, 2024 [November 14th, 2024]
Who is Mike Waltz, Donald Trump's new NSA pick? What are his ties to India Caucus? - Firstpost - November 14th, 2024 [November 14th, 2024]
NSA should not oversee the management of national facilities RexDanquah - Citi Sports Online - November 14th, 2024 [November 14th, 2024]
Trudeaus NSA admits to leaking secret intel alleging Indias interference to Washington Post - Firstpost - October 31st, 2024 [October 31st, 2024]
White House dials NSA Ajit Doval: Here's what happened in the call - The Economic Times - October 31st, 2024 [October 31st, 2024]
NSA Doval Stresses Need For Stable Indo-Pacific In Phone Call With US Counterpart Sullivan - News18 - October 31st, 2024 [October 31st, 2024]
Director-General of NSA calls for continued support from government - GhanaWeb - October 21st, 2024 [October 21st, 2024]
5G Non Standalone Nsa Architecture Market to Reach USD 240.0 - openPR - October 21st, 2024 [October 21st, 2024]
NSA meets with Minister Muir and DAERA to discuss industry concerns - Meat Management - October 21st, 2024 [October 21st, 2024]
NSA cyber chief: Espionage is now Russias focus for cyberattacks on Ukraine - The Record from Recorded Future News - October 11th, 2024 [October 11th, 2024]
NSA Investigating If Chinese Hackers Breached US Telecoms - Yahoo Finance - October 11th, 2024 [October 11th, 2024]
NSA Issues Updated Guidance on Russian SVR Cyber Operations - National Security Agency - October 11th, 2024 [October 11th, 2024]
News - Honoring the Stars and Stripes: NSA Philadelphia Hosts Dignified Flag Disposal Ceremony - DVIDS - October 11th, 2024 [October 11th, 2024]
NSA's Program for Nursing Mothers in the Workplace Considered a Model for USG - National Security Agency - October 11th, 2024 [October 11th, 2024]
NSA investigating hack of three major telecommunications companies - Baltimore Sun - October 11th, 2024 [October 11th, 2024]
Honoring the Stars and Stripes: NSA Philadelphia Hosts Dignified Flag Disposal Ceremony [Image 8 of 8] - DVIDS - October 11th, 2024 [October 11th, 2024]
NSA Hiring Over a Thousand in the Next Year - ClearanceJobs - October 4th, 2024 [October 4th, 2024]
What Its Really Like to Work at NSA - National Security Agency - October 4th, 2024 [October 4th, 2024]
US Elections: Former NSA John Bolton Claims Both Harris And Trump Do Not Qualify To Be President | NewsX Exclusive - NewsX - October 4th, 2024 [October 4th, 2024]
Honoring the fallen: Bells toll for Americas heroes at NSA Mechanicsburg - American Military News - October 4th, 2024 [October 4th, 2024]
How often should you turn off your phone? Heres what the NSA says - PCWorld - October 4th, 2024 [October 4th, 2024]
NSA and Allies Issue Advisory about PRC-Linked Actors and Botnet Operations - HSToday - September 28th, 2024 [September 28th, 2024]
NSA warns that Active Directory is an "exceptionally large and difficult to defend" attack surface - The Stack - September 28th, 2024 [September 28th, 2024]
News - Honoring the Fallen: Bells Toll for Americas Heroes at NSA Mechanicsburg - DVIDS - September 28th, 2024 [September 28th, 2024]
National Storage Affiliates Trust (NYSE:NSA) Given Average Recommendation of "Reduce" by Brokerages - MarketBeat - September 28th, 2024 [September 28th, 2024]
Lack of Standard Stadiums: NSA boss sacked, facilities closed - What has been said and done so far - GhanaWeb - September 21st, 2024 [September 21st, 2024]
NSA and Allies Issue Advisory about PRC-Linked Actors and Botnet Operations - National Security Agency - September 21st, 2024 [September 21st, 2024]
UTEP Establishes Collaboration with DoD, NSA to Help Enhance U.S. Semiconductor Workforce - The University of Texas at El Paso - September 21st, 2024 [September 21st, 2024]
The NSA advises you to turn off your phone once a week - here's why - ZDNet - September 21st, 2024 [September 21st, 2024]
NSA Publishes Cyber Advisory on China-Linked Threat Actors - Executive Gov - September 21st, 2024 [September 21st, 2024]
Former NSA Director Nakasone opens new institute at Vanderbilt to train right type of leader - Washington Times - September 21st, 2024 [September 21st, 2024]
ACR lauds legislation that would fine insurers for delayed NSA payments - AuntMinnie - September 16th, 2024 [September 16th, 2024]
NSA threatens lawsuit over election rigging allegation, demands apology - Pulse Nigeria - September 16th, 2024 [September 16th, 2024]
NSA explains its work with private sector on election security and fighting foreign cyber threats - Washington Times - September 16th, 2024 [September 16th, 2024]
NSA to debut podcast to boost public awareness of classified missions - Nextgov/FCW - August 31st, 2024 [August 31st, 2024]
In Beijing, Bidens NSA Calls Out Chinas Destablising Actions, Openly Supports Philippines - Hindustan Times - August 31st, 2024 [August 31st, 2024]
Why the NSA advises you to turn off your phone once a week - ZDNet - August 31st, 2024 [August 31st, 2024]
Getting into rhythm: NSA places high expectations on themselves for 2024 - Suffolk News-Herald - August 31st, 2024 [August 31st, 2024]
NSA readying podcast to share untold stories of codebreakers missions - Washington Times - August 31st, 2024 [August 31st, 2024]
Trump govt stopped aid to Pakistan over ISI's 'undeniable complicity' with terrorists: Ex-US NSA - Hindustan Times - August 31st, 2024 [August 31st, 2024]
Top NSA researcher tapped to lead Pentagons UAP investigation hub - DefenseScoop - August 27th, 2024 [August 27th, 2024]
NSA Releases Guide to Combat Living Off the Land Attacks - Infosecurity Magazine - August 27th, 2024 [August 27th, 2024]
With a little help from the National Archives, NSA finally releases Grace Hopper lecture. Watch it here. - MuckRock - August 27th, 2024 [August 27th, 2024]
Trump administration NSA H.R. McMaster says there was "inconsistency" in foreign policy - CBS News - August 25th, 2024 [August 25th, 2024]
'Putin exploited Trump's ego and insecurities': Former NSA in new book - The Times of India - August 25th, 2024 [August 25th, 2024]
NSA calls for urgent Government action on illegal sheep imports - Meat Management - August 14th, 2024 [August 14th, 2024]
Sheikh Hasina Resignation LIVE Updates: Ex Bangladesh PM Sheikh Hasina Meets NSA Ajit Doval At Hindon Airbase - NDTV - August 5th, 2024 [August 5th, 2024]
NSA Claims It Cant Watch an Important Tape It Recorded in the 1980s - Gizmodo - July 17th, 2024 [July 17th, 2024]
Letter to NSA Sullivan Requesting Assessment of Information Russia Has Shared with the PRC on U.S. Weapons Capabilities in Ukraine - Select Committee... - July 17th, 2024 [July 17th, 2024]
The NSA Is Defeated By A 1950s Tape Recorder. Can You Help Them? - Hackaday - July 17th, 2024 [July 17th, 2024]
Letter to NSA on Microsoft's Billion Dollar Partnership with UAE Firm G42 - Select Committee on the CCP | - July 17th, 2024 [July 17th, 2024]
NSA Fast Pitch World Series kicks off with Skills Competition & Heavy Hitters Camp, featuring College World Series Champions from the University... - July 17th, 2024 [July 17th, 2024]
NSA contractor bilked government for hundreds of hours she never worked - Washington Times - July 6th, 2024 [July 6th, 2024]
Signals intelligence has become a cyber-activity - The Economist - July 6th, 2024 [July 6th, 2024]
OpenAI adds former NSA chief to its board - CNBC - June 15th, 2024 [June 15th, 2024]

August 29th, 2017

No comments yet

Comments are closed.

Mediaboss Marketing

If you’re surprised the NSA can hack your computer, you need a reality check – IT PRO

About

Pages

Categories

Media Sites

Recommended Sites

Archives