The latest NSA dump from the Shadow Brokers tells you how to break into banks


#1

Originally published at: http://boingboing.net/2017/04/14/windows-0-days-too.html


#2

This is convenient for solving my cashflow problems…


#3

I’m not clever enough to read Borat, let alone COBOL.


#4

I dunno I could parse it well enough when I worked the university mainframe lab desk and the business majors would come ask for debugging help even though that wasn’t what we were there for. Somewhere between Pascal and FORTRAN in syntax.


#5

is there a reason the screen capture is from a default install of windows xp that hasn’t had updates or firewall/antivirus installed?


#6

probably old. or god help us it could be some “business critical” system that cant be updated and will only run on XP.
one of the security fun times going on when I got laid off was the process of isolating and seriously locking down all w2k3 servers that had applications that could not move to w2k8/12.


#7

Rather ancient stock image i’d presume.

Looking at the image itself, it appears to be an XP system trying to hack an XP system, which dates it to a very long time ago IMHO.


#8

Makes you wonder why they didn’t spend the time/money updating or replacing the application instead. Trying to isolate an insecure app seems to be the method of just kicking the problem back a few years down the line, whilst doing nothing to actually solve it.


#9

I find it is often the difference between a operating cost and a capital expense.

Sure, the time and expense my coworkers and I spend sandboxing and protecting old ass software may exceed what a fresh, new application install and porting of data, etc. would cost. But my salary is already factored in. The other most like will result in third party contractors rewriting code, drivers and the like. That’s a big check someone has to write and the powers that be are not going to jump on that.


#10

because there is no budget to replace it and the customer has bigger management hammers than IT does. welcome to corporate IT support. also could be there isn’t a replacement, vendor has gone under, bought out and no longer supports the package. replacing big databases and systems with a completely new system can take years,

ETA there could be planes that depend on the software or the records that it keeps and those have to be kept for 10 years after it leaves the company.


#11

The genius of vulnerability disclosure is that security holes get fixed. This stuff needs to get processed through bugtraq.


#12

This topic was automatically closed after 5 days. New replies are no longer allowed.