If "Zero Day: The story of MS17-010" is meant to be an accurate report of facts regarding MS17-010, then there is at least one inaccuracy in it:
> someone calling themselves "the Shadow Brokers" leaks a huge trove of classified NSA documents to WikiLeaks, who in turn dump it on the internet.
Shadow Brokers didn't leak to Wikileaks. Shadow Brokers uploaded the trove of NSA documents to `mega.nz`, and someone else downloaded the trove to GitHub[1]. Wikileaks merely tweeted about this after it happened.[2]
Correction: As per well-sourced Wikipedia article[3], this was not the `mega.nz` leak, this was another subsequent one. The main point still stand: Wikileaks has nothing to do with publishing the MS17-010 vulnerability.
Would be nice to stop pushing the false narrative that Wikileaks was involved in that one NSA leak.
It's generally people with an agenda to downplay something they've published, often by insinuating without evidence that the documents have been faked.
Wikileaks has problems, but they have a surprisingly good record for a small, amateur operation.
They used to have a very good position as an independent source of data but they have started editorialising with their releases and they certainly seem to take some political positions regarding their releases, which calls into question their impartiality. I am still a fan but not as much as I used to be.
You could say that but when it's impartiality to Russia or North Korea (not so much by Wikileaks, the MSM already covered that market) nobody gives a bleep, but when it's towards the USA it's suddenly questionable? Most of the world (including Wikileaks) is not the USA, and for them it's three external parties to look at from outside (and yes, hold a mirror to their own, if they're honest).
Yes RU/NK are doing worse things. But the USA just elected Trump. And unlike RU or NK, who sort of keep it to themselves, the USA's election spectacle has been broadcast on worldwide media, there was no escaping seeing the USA dig its way further down through rock-bottom every week, for over half a year. Everybody has been made to look and the USA's gov doesn't really look good or even sane at all right now, from any outside point of view.
Just a question, are they going to let Trump rule for these whole four years? Or will someone say "ok enough's enough, this guy is crazy as fuck, let's get rid of him"? Surely, before it's too late? How does this process work? AFAIR Clinton got impeached for way less than what Trump has already done on public record (not literally the same, but it's not far either, and frankly the other offenses--ignorance and stupidity in the light of global politics, not just a little, also not political-discourse "fake ignorance", he honestly doesn't seem to be aware of basic 20th century history facts--way worse from a political POV)
Sorry that's a bit off topic cause what you refer to is not really about Trump--much (it was about the elections a little, though). The point is, one of the largest powers in the world just put a crazy person in charge. Trump's probably not really dumb, no he's very savvy, but the people should expect more from their political leaders. It's not supposed to be an easy job.
I get the feeling that complaints about Wikileaks' editorialising also just contains a lot of saying what it is, and people don't like to hear that when it's about them. Because they love America. Thing is, it's not really about them, so don't worry. It's not like the people got a lot of democratic choice in the matter. Could they have done more? Maybe but the system's big and complex and controlled by other parties than the people. Even before, when it was between Hillary or Trump, you gotta wonder, out of all the population, were these the two best candidates in the country?
I guess I expect editorialising from MSM and it was refreshing to have a source of info that was neutral and justs published the information, inevitably the MSM reported on it and add their bias but that was easier to identify when you had access to the original information.
> Correction: As per well-sourced Wikipedia article[3], this was not the `mega.nz` leak, this was another subsequent one.
Is it too humiliating to write, "Oops, sorry, I just realized that this was not the `mega.nz` leak, but a subsequent one"?
Why do people like to switch to passive third-person voice to avoid admitting the tiniest little error? I see this a lot with lawyers. It doesn't really fool anyone and makes the little mistake look worse.
The entire comment is written in third-person. The correction is simply following the same pattern as the original text. I really don't think the author was trying to avoid any blame on the mistake. This is maybe reading a little too deeply into it.
That "Oops, sorry, I just realized" is all implied by that "Correction:". It's more pithy like that.
Your parent is not saying "mistake was made", "I was led to believe" or what not, which would be passive third-person voice, sneakily trying to shift the blame. Instead, the fact that a mistake was made is clearly communicated through an additional corrective edit. Seems appropriate for a correction of such minor point.
The wikileaks hysteria is ridiculous, it's on par with lunatics believing Jews control the world. Since when spreading conspiracy theories became normal? The stupid American elections have ruined everything, everything is fake news, everything is fascism, everything is Kremlin.
People do not know the history of Assange, so they'll assume there are witting RU ties, whereas in reality he just apparently hates the USA and would like to cause as much damage as possible by publishing content with no journalistic value + posting misleading analysis.
To be clear, I am not saying I don't understand his motivation in that position, only pointing out that it explains the senseless disclosures more than the theory of WL doing it to benefit Russia.
You're brainwashed, Assange is more "American" in his values than any of the politicians you have had, and have provided more journalistic value, for the past 20 years.
Absolutely fabulous. Best part: "NSA hoard their knowledge of weaknesses in Microsoft Windows, a vitally important piece of their own nation's infrastructure, in case they'll come in handy againt some hypothetical future enemy. (I'm sorry, but this just won't wash; surely the good guys would prioritize protecting their own corporate infrastructure?"
Yep - way too implausible, even for hacker fiction.
Anyway, sounds like your book was Nostradamus-esque in depicting recent events. Maybe a bit too good :D
(I'm sorry, but this just won't wash; surely the good guys would prioritize protecting their own corporate infrastructure?)
Yeah, this is a great bit. Of course the good guys would would prioritize protecting their own infrastructure; one of the most important bits of this whole situation isn't about what the good guys would do, it's who is a good guy.
I'd say it's plenty possible. The mission of the NSA is collecting information and providing that information to the government and military. They are not in the business of defending infrastructure, whether public or private. It makes perfect sense that they would collect information about back doors they could use later against identified targets.
"NSA's mission is to help protect national security by providing policy makers and military commanders with the intelligence information they need to do their jobs."
For the NSA to hand over information about identified back doors in Windows to Microsoft directly would be clearly outside this mission. That said, the NSA should have informed someone in the government of these back doors, at least in a general sense, so policy makers could have decided whether it would have been better to convey it to Microsoft or to let the NSA continue to keep them secret. Maybe they did. Who knows?
To the extent their mission doesn't involve making us more secure, why are my taxes paying for them? The NSA sounds like a swamp that needs draining, in the parlance of our times. They're breeding mosquitoes.
"NSA hoard their knowledge of weaknesses in Microsoft Windows, a vitally important piece of their own nation's infrastructure, in case they'll come in handy againt some hypothetical future enemy. (I'm sorry, but this just won't wash; surely the good guys would prioritize protecting their own corporate infrastructure?"
Lol. I'd hate to rebutted by a publisher under any circumstance, but under ignorance would hurt more.
Edit: I think this went over my head while the Guinness was going down.
> I'm sorry, but this just won't wash; surely the good guys would prioritize protecting their own corporate infrastructure?"
No, why would they?
Not a single nation in the world is speaking with a united voice; there are groups with different interests. See Clinton vs Trump. Why would either of them help fix the infrastructure belonging to other's clan? Both of them would prefer the exploitable one at the other side.
Because in the prequel, when a whistleblower leaked a trove of secrets regarding the NSA's global spying program, the outrage and backlash from the technical community led to the government issuing assurances that it would do just that.
I still have vivid memories of, as a kid, stumbling upon this network of GeoCities pages about "Echelon" and how the US could read all of the worlds email and search for trigger words - and how absurd and tinfoil-hat-y it was made to sound by the rest of the internet.
Having this memory absolutely changed the way I've been viewing NSA related leaks in the past few years.
I remember reading The Right to Read by Richard Stallman, published in 1997 issue of Communications of the ACM and thinking that it was too pessimistic. Society would never accept that kind of new business model.
We had a plan to send copies of our mail encrypted in an enigma cipher to a Mr. Liam Pukcab figuring that with the encryption and a foreign sounding recipient it would always be stored on a server somewhere.
I've been tempted to seed multi-GB torrents, comprising random data encrypted to long random passphrases, with intriguing names. Or maybe use LUKS-encrypted virtual disks.
> surely the good guys would prioritize protecting their own corporate infrastructure?"
Let us not forget the used to be part of the NSA's mission. A part that was essentially abandoned early in the 21st century.
For example, the NSA required mysterious changes to be made to the DES s-box; many assumed at the time (as did I) that the agency wanted to weaken security, but it turned out, to quote Bruce Schneier, "It took the academic community two decades to figure out that the NSA 'tweaks' actually improved the security of DES."
It's astonishing that Brunner was not only prescient about this event in The Shockwave Rider, but also predicted sophisticated high-tech terroristic attacks in Stand on Zanzibar and The Sheep Look Up.
If you haven't read this trio of dystopian novels (you can read them in any order) you really should. Still mind blowing today.
(Admittedly he wrote them at a time, unlike today, when the US appeared to face an existential threat from terrorism. A threat that of course never materialized).
Of the three "The Sheep Look Up" was the most interesting to me. Read that and then read Benford's "Timescape". You won't be able to sleep for at least a week :-)
I usually like satire, but this felt too obvious. Subtlety is in my opinion a key part of good satire. Otherwise it feels too forced or too in-your-face.
But as the specialist external reader said: "Stross can clearly write workmanlike, commercial prose". I can definitely agree with that!
Interesting, though, that the concepts expressed in this narrative, had they been written in 2010, and promptly rejected, might have provided all the more grist for the paranoia mill.
I found this explanation pretty convincing as to why there was such a dumb kill switch embedded in the malware:
"I believe they were trying to query an intentionally unregistered domain which would appear registered in certain sandbox environments, then once they see the domain responding, they know they’re in a sandbox the malware exits to prevent further analysis"
It is funny to me no one ever talks about Mark Russinovich of Sysinternals fame and now reigning engineer of Azure cloud systems wrote a novel about such doomsday scenarios before the trend in the last 5 years or so.
That he wrote premier system introspection tools for Windows makes me think he must have been privy to the complexity of such things by colleagues discretely long before DREAD and SDLC fruits were born out in the Vista/7 era.
"ETERNALBLUE was part of a release of code that also gave us such interesting names as EDUCATEDSCHOLAR, ETERNALROMANCE, and ERRATICGOPHER. Oh to be a fly on the wall at the classified NSA committee meetings discussing the deployment of their weaponized ERRATIC GOPHER ..."
Any one know what the E means in code names? There's a list somewhere, but I can't remember where now.
It seemed more like a device for mocking people who are unwilling to consider conspiracy theories, but... Somehow it didn't feel like satire to me. Can't put a finger on why.
It is satirizing current events. The joke is that the story of the WannaCrypt ransomware attack is so full of improbable developments that, if it had been written as fiction, no publisher would accept it.
This has been another episode of the Hacker News Joke Explainer™
The author of this is a professional fiction writer. He does a lot of near-future SF/F, often involving assorted spy agencies - some real, some fictional. He's made up a lot of crazy Secret Plots.
All of the events described in this theoretical book proposal happened recently.
So by imagining this book being rejected, Stross is essentially saying "truth is stranger than fiction". Which is an old truism, but we all need to be reminded of it now and then.
“... The TL:DR is that I have had to trash an entire draft of the next Laundry novel because I tried to satirize British politics, and British politics is beyond satire.”
You know that technical reviewer's past it. Thirty years ago he was planning world war three from bunkers underneath volcanos, and holding the world to ransom with diamond-encrusted lasers in space. Whereas last year all he could come up with was a grand scheme to become a multinational government IT contractor, while moonlighting a side business clearing derelict buildings for redevelopment.
> ... However, instead of helping Microsoft fix them, we are supposed to believe that the NSA hoard their knowledge of weaknesses in Microsoft Windows ...
> I'm sorry, this is just silly.
This only goes to show that reality doesn't have to make sense to a literature critic. Only novels do.
And in a matter of hours, the new malware, known as Wanna Decryptor, infects the entire British National Health Service, a Spanish cellphone company, FedEx, and over a third of a million computers whose owners had lazily failed to enable automatic security updates from Microsoft.
Besides the false association of TSB and Wikileaks that others have mentioned, I have a huge problem with this. Someone who gets kidnapped by pirates (The Shadow Brokers) while running from a press gang (Microsoft) is still a victim. Calling them "lazy" is an easy way to avoid the hard work of apportioning blame correctly.
A hell of a lot of that blame goes to Microsoft themselves, for turning an important security update service into a marketing channel. Maybe Stross gets around to pointing that out, but I stopped reading there.
I must admit I agree with the publisher's review as a whole. What's the point in publishing a fiction hacked together so quickly that it can't withstand any artistic criticism?
Or was it an experiment aiming to show that fiction and documentary are two very different genres? Well than it was successful.
You may be aware of this by now, but there was no publisher. This is a short form dramatization of the events leading up to yesterday's Wanna Crypt attack.
The "criticism" was Stross imagining how absurd the truth of the whole situation played out and how if it was instead a work of fiction it wouldn't be well received for the reasons state in the work.
> someone calling themselves "the Shadow Brokers" leaks a huge trove of classified NSA documents to WikiLeaks, who in turn dump it on the internet.
Shadow Brokers didn't leak to Wikileaks. Shadow Brokers uploaded the trove of NSA documents to `mega.nz`, and someone else downloaded the trove to GitHub[1]. Wikileaks merely tweeted about this after it happened.[2]
Correction: As per well-sourced Wikipedia article[3], this was not the `mega.nz` leak, this was another subsequent one. The main point still stand: Wikileaks has nothing to do with publishing the MS17-010 vulnerability.
Would be nice to stop pushing the false narrative that Wikileaks was involved in that one NSA leak.
[1] https://github.com/x0rz/EQGRP
[2] https://twitter.com/wikileaks/status/850783902616625152
[3] https://en.wikipedia.org/wiki/The_Shadow_Brokers#Fifth_Leak:...