It’s time again for our bimonthly meeting. We’ll be meeting at Rudolphs Bar-B-Que again starting at 18:30 (6:30 p.m.).
Last week a perfect storm of security failures resulted in one of the largest ransomware attacks in history. WannaCry is a ransomware program that encrypts the files on a computer and demands an extortion fee of $300 in Bitcoin to decrypt the files again.
What makes WannaCry fascinating is how the vulnerability was discovered, how quickly the ransomware spread, and the fact this attack was entirely preventable.
The security vulnerability used by WannaCry was apparently first discovered by the National Security Agency (NSA). Instead of disclosing the vulnerability to Microsoft so it could be patched, the NSA sat on the vulnerability. Its existence was made public by a leak of NSA attack tools released by The Shadow Brokers group on April 14th. Then on May 12th the vulnerability was being exploited by WannaCrypt. However, the attack was entirely preventable because Microsoft had released a patch that fixed the vulnerability a month before the leak was made public.
This week’s topic will use WannaCry to touch on several important computer security topics. The first of which will be to illustrate the dangers of failing to apply security updates to computers. We will also discuss the dangers of the practice of discovering and sitting on vulnerabilities instead of reporting them to software developers as well as the dangers to human life that software vulnerabilities possess in our modern world where almost everything has a computer in it.