I want to interpret this as a good thing. However MSM and the gang play a lot of mind games. What do you guys make about these headlines? It is supposedly a pretty huge hack. Big tech and other cybersecurity firms are taking a big L today in the market.
You're viewing a single comment thread. View all comments, or full comment thread.
Comments (33)
sorted by:
It wasn't today. This was discovered / proven a couple weeks ago. MS publicly announced it last week, only after they had patches ready.
It's nasty, don't get me wrong, but the number of companies actually affected is about 1/10 of what the MSM is reporting. This particular group likes to go after civilian entities with ties to USGov contracts to try and grab sensitive data... weapons systems plans, test data, kompromat, etc. Your dentist's office, for instance, is probably affected. But doubtful it would be targeted.
Zero days are zero days. Can't do shit about them directly, but build fortifications around critical systems. That's why you now hear terms like microsegmentation, zero-trust and behavioral analytics- minimize the compromise and tell when something strays from baseline.
Is it better than no revealed hack though?
I'm a big fan of responsible disclosure, but it's a pretty complex question.
I get the need to find / have 0day as part of a cyberwarfare arsenal, but that crap's becoming like nuclear proliferation. Vault 7 was only the latest "broken arrow", and what it spawned has kept us in CyberSec busy for like two years and going.
And PS, Microsoft wasn't hacked; its customers were- because of shoddy MS programming. Kind of a different set of rules.