The Eternal Blue Exploit: A Wake-Up Call for Cybersecurity

In recent months, a devastating cyber attack known as Eternal Blue has been making headlines worldwide. This exploit, discovered by researchers at Microsoft, was initially used to target Windows XP systems, but it soon spread to other operating systems, including Windows Vista and 10. The fact that this exploit was already known to the NSA for some time and had been patched, yet many people still haven't installed updates as vigorously as they should have, highlights a critical issue in cybersecurity.

Microsoft's Move: A Rare Action

In a rare move, Microsoft has pushed an update to Windows XP due to the severity of this exploit. This decision is a significant departure from the company's usual patching schedule for older operating systems. The fact that Microsoft is now taking action against a vulnerability they themselves created raises questions about accountability and responsibility in cybersecurity.

A Car Without Parts: The Legacy Problem

The Eternal Blue exploit is often compared to having a car without parts, which becomes obsolete when new technology emerges. Similarly, the lack of updates for older operating systems like Windows XP has left many organizations with legacy software that cannot be easily replaced. This creates a significant problem for large organizations like the NHS, which still relies on outdated systems.

Government Agencies and Exploits: A Complex Issue

The NSA's involvement in this exploit highlights the complex relationship between government agencies and cybersecurity. While the NSA is responsible for monitoring and mitigating threats to national security, their actions can sometimes create new vulnerabilities. The fact that the CIA has a back catalog of exploits that they keep on hold raises questions about the ethics of sharing sensitive information.

The Problem with Backdoors

The use of backdoors in software can introduce significant security risks, as it allows unauthorized access to systems. The NSA's decision to keep this exploit private for so long highlights the potential for backdoors to be used for nefarious purposes. This is exactly what happened when another group hacked into their system and released the exploit, demonstrating the devastating consequences of such actions.

A Wake-Up Call

The Eternal Blue exploit serves as a wake-up call for individuals and organizations alike. The fact that this exploit was known to the NSA for some time and had been patched yet still caused significant harm highlights the need for aggressive updates and patching schedules. It also underscores the importance of end-to-end encryption, which can prevent the kind of backdoor exploitation seen in this case.

Microsoft's Response

In response to the Eternal Blue exploit, Microsoft has acknowledged their responsibility in creating the vulnerability. The company's decision to push an update to Windows XP demonstrates a commitment to addressing these issues and ensuring that users are protected from such exploits.

A Call for Action

The Eternal Blue exploit serves as a reminder that cybersecurity is everyone's responsibility. Individuals must take an active role in keeping their systems up-to-date, while organizations must prioritize the security of their legacy software. By working together, we can create a more secure future and prevent similar incidents from occurring in the future.

Conclusion

The Eternal Blue exploit is a sobering reminder of the vulnerabilities that exist in our modern world. It highlights the need for aggressive updates and patching schedules, as well as the importance of end-to-end encryption. As individuals and organizations, we must take action to address these issues and create a more secure future. By working together, we can prevent similar incidents from occurring and ensure that our systems are protected against such exploits.

"WEBVTTKind: captionsLanguage: enwhat steps have you taken to find out about this I I ran it uh on my own machine um actually that's not quite true I ran it on a virtual machine so I installed a virtual XP machine unpatched from this current patch it wasn't connected to the internet I downloaded the W to cry XE and ran it and my fathers encrypted and it popped up the warning message this isn't something people should try at home right I no I would I would advise against it right so there's nothing there's nothing inherently scary about the software in the sense that if it's not connected to the net it won't propagate and if you don't have anything valuable on your machine you aren't going to lose any files but on the other hand I'm not running it here on a university Network because I don't want to be the first person to introduce it to nothing him so you know just on the off chance right so uh let's not let's not open that door so where do we start on this mess what what is it okay first of all what's it called um so I call it w a decrypter or w a crypter it's been w a cry one a cry one a cry w a crypter w a decrypt one to decryptor 2 um as far as I can tell the source code has one A Cryptor in it a lot of people shorten this to one a cry um and there's this sort of wnc Y extension that it uses for its encrypted files which are which kind of spells one cry so yeah okay so I don't know I'm calling it wac crypter but I might just not mention it by name again because we all know what we're talking about it's ransomware right so ransomware is any troan or worm or virus that in essence encrypts your files and then tries to charge you money to reverse that process without giving them too much credit for obvious reasons it's a fairly smart way of of uh performing crime because if an antivirus is not immediately on the ball then the damage is already done and a lot of the time you won't get the key back unless you pay and so you have to then either restore from backup which a lot of people don't have and or you have to accept that your files are gone or you have to pay um and so it's no surprise that sort of the biggest stuff in the news recently in terms of attacks have been ransomware because of the immediate impact they have on standard users there are lots and lots of other kinds of malware you know banking fraud malware and key loggers and things and botn net code which is also a really big problem but perhaps to seize less news because it doesn't attack the NHS for those of you that don't live in England you might you know not know a huge amount about the NS V National Health Service is our taxpayer funded Health Service right so we all pay taxes and then those taxes contribute to health Health Service and we all get health care perhaps we all need to calm the rhetoric down slightly you know the NHS itself is not under attack the nice thing for the media is if you if you can have your headline say attack on the Health Service then you're going to get a lot of hits right so that's the first thing that's happened um and in fact actually only a small subset of of healthcare machines have been taken down by this ransomware and a lot of it's been precautionary so bring down a server just on the off chance it gets it until we can be sure but nothing on the same network has The has the uh Trojan AI worm on it so yeah so it's it's a big deal and it's infected a lot of machines but there are a lot of other big ransomwares out there right crypto wall had made millions of develop um of dollars for its Developers for example so this isn't the only one it's not the first and regrettably probably won't be the last let's talk about a bit about what happened right so on Friday um various machines started being infected by this now the exact nature of the initial infection I don't think is known right now it might be by the time this video goes out right so um maybe I'll be out of date already but probably emails right so which makes it essentially a troan um because an email goes out with a with a spear fishing attack or a fishing attack that sort of says you should click this for whatever reason um and tricks a user into doing it now you don't need to trick many users to get a return on your investment in some sense because once they get infected that's a lot of money this um trojen or this worm is a little bit unusual in that it actually carries a self-replicating payload most ransomware doesn't do this most ransomware the idea is basically to email as many people as possible some of them some small subset of them will be tricked into clicking it they will be the ones that hopefully pay the ransom that's the the logic of it um this one uses an exploit that was first found by the NSA and exploited windows so this vulnerability has existed in Windows for quite a while I mean it's exists in Windows XP that was around in 2001 and so on um and it seem to have disappeared sometime around Windows 10 right so it was patched in March um and we don't know if I think the vulnerability doesn't already exist in Windows 10 so so it was patched in March in in Windows 7 yes and for any for any operating system that Microsoft is currently actively rolling out patches for which is to say Windows 7 I don't think Windows V anymore there are plenty of copies of Windows rightly or wrongly but still have this vulnerability now this is a vulnerability in the SMB protocol which is usually used for uh file sharing across networks very common because you imagine large organizations like to share files from a central server to all their smaller machines rather than having everyone store all the files all the time um so what happens when this worm lands is so this worm will start with uh an email probably or someone will actually deliver it by USB that seems less likely um but um but probably an email you only need one person on the network to click on it and they get the ransomware and then it starts to sniff out on Port 445 for other unpatched installations so this is a directed exploit which will be able to run this same code on the target machine and then they spread and so on and that's why it spread so quickly this runability was discovered by the NSA quite a while ago five or six years ago we think we don't know exactly because they don't tell us and rather than tell Microsoft about this exploit they decided to sit on it with the uh with the idea that they could then use it in their own exploit so their exploit kit became um Eternal blue um that's that's the code name for this particular exploit and in some sense no more was heard about it right for for a while it probably got used by the government agencies to perform their C terrorism tasks and so on um until they were themselves hacked by another group called The Shadow brokers who decided to try and sell some of these tools and then just released them on the Internet so Microsoft patched this vulnerability in March and then in April the shadow Brokers released Eternal blue the code for it onto the net it was only a matter of time before someone put this onto a self replicating piece of ransomware right because and the quicker you do it the more people who are still unpatched that you get right and then damage and shoes the key difference really with this from this ransomware to the previous ransomware that we've seen is the fact that it can self-propagate right sometimes these things get built into uh self-replicating programs but in this one um this eternal blue exploit essentially means that your machine if it's not patched you you don't have to click yes right another machine will will upload the payload to it and it will run it no questions asked and it might if you're running a server which has Shadow volume copies and things and uh backs up back up and restore it might ask you for a a yes or no response later in the process but a bit late you know after a lot of things have already been encrypted so most Trojans if you're very Vigilant about running email attachments you'll never get them because you just see oh it's a troan or it's it's I don't want to go go to that website it looks malicious and so you don't you don't get them even if you don't have an antivirus but if you haven't got this update you can still get it despite the fact that you haven't done anything uh apart from perhaps being a bit lazy about your updates sometime over the weekend obviously lots of researchers were looking into this into this not um so I I was looking into it and running it purely for interest right you know I don't um I'm not writing any tools to get rid of it or anything anything clever um but there are lots of researchers so what they will do is they will run this in a virtual machine or in a special sort of samp box where it's isolated find out what it does and try and work out how they could stop it try and work out how they could take the role of a command and control server for example and tell it just to to stop or something like this now a researcher uh malware Tech um who whose blog is really interesting and we'll link to it in the bottom um they basically stumbled across for kill switch for this because they were looking at what it did and it pulled this it checked for the existence of this unregistered internet address so it basically said it did a DNS look up and said who is this who's got this internet address and no one had it so their first response was well if we register that internet address we then get communication from all the installations of this and we can sort of track how many people have got this it's it's interesting from a research point of view we can see how it's spread um but in fact what actually happened within the code was if it if this web address existed it just stopped running um the hypothesis is that it's doing a kind of um Volkswagen emission uh situation where it realizes it's running in some kind of lab environment and shuts down um but basically as soon as they registered this web address all future installations of W crypta uh W decrypto shut down immediately upon starting up uh which was obviously quite good news so inadvertently they they saved a lot of people um a lot of time and effort and maybe money that isn't the end to this story I mean presumably people have seen that that yeah so there's been multiple versions of this with tweak settings and different um where they probably REM I think they've essentially just tried to hexedit out the kill switch and run it again right and um and yes that's that's not unexpected maare Tech said this was going to come it's very uh it's to be expected because the code is not difficult to change to avoid the whole kill switch right obviously their their attempt at circumventing some of the researchers abilities has failed and it's inadvertently reduced the impact of the virus or the worm um so they'll just release it again and they'll send out another huge bunch of emails now hopefully people are now aware this exists and people are aggressively updating their systems and it will have less impact but some people are bound to get it again I think China is being hit pretty hard today it's going through China at the moment so it tends to sort of hit networks and spread about until people sort of realize what's going on and put a stop to it not everyone has got this right I haven't got it right you haven't got it no one are Notting as far as we know has got it um and that's because these SMB ports are blocked internally by our firewall as they're coming in they're blocked so you an an infected NHS machine can't Target a university of not computer because the ports are blocked many of the networks would have been compromised and networks where a machine inside the network has been compromised and it's spread around the internals of a network the majority of ransomware is aosion in the sense that it it masquerades as something else and appears on your computer usually through an email attachment um this one is both aosion in that sense because that probably is probably what happened here but it's also a worm in the sense that it can propagate out itself using this exploit so this eternal blue exploit already exists and was known to the NSA for some time it's already been patched but a lot of people aren't installing updates as vigorously as they should be and also Microsoft aren't routinely putting out updates for Windows XP so anyone running Windows XP and also now Windows Vista and so on will won't have had that update um because it that's not what happens now in in a sort of unusual move Microsoft has pushed an update to XP um because of this of severity of this um but that's unusual um if you're running XP the first thing you should do is turn off your machine because you've got no business running XP but um you aren't going to get many updates because that's not what Microsoft are doing this is a bit like having a car that nobody makes parts for anymore it's exactly like that in fact a good analogy I think is is so people are blaming Microsoft for this there's a lot of blame to go around Microsoft shares some of the blame um but in some ways what's happened is we're all driving around in 1940s Fords and then when we have an accident we're complaining that the airbag didn't go off well there isn't an airag in the 1940s for that's why right so unless you take it into the garage and have one installed you know um It's that kind of principle so yes Microsoft wrote an operating system with this bugin right all operating systems have bugin all software has bugs in they patched it quickly and they they found it they patched it in March it's not in Windows 10 anyway um and they've aggressively put out patches for leg operating systems to try and combat it so they've at least trying to take all the steps they can to solve this um the problem is that organiz big organizations like the NHS have Legacy software let's say that drivers for scanners and you know MRI machines and so on that maybe they bought 10 20 years ago that are still running XP because the software isn't compatible with modern versions of Windows that's a whole a whole political issue that I I don't you know I don't know I don't have all the answers for so the CIA leaks a few months ago showed the CIA also has a sort of should we say um a back catalog of exploits that they keep a hold of so the NSA and the CIA will disclose some problems they find but if they find a bug a normal security researcher will privately disclose it to the company for them to release a patch and then will publicize it later um partly for sort of media purposes and partly because then it encourages people to install the updates um the NSA and other government agencies don't operate this policy all the time because they view some of these exploits as useful for combating terrorism and other criminal activity now that may be may or may not be the case but what's happened in this case is they've allowed themselves to be hacked by another group who has had no ethical concerns in just releasing all of it right so um this actually goes neatly back to our endtoend encryption talk because I said that what you're doing with with introducing a back door is introducing a very big point of failure well that's exactly what's happened here right the NSA didn't tell anyone about this because they felt they could privately use it for the of of their country and that may have been the case but it's not the case anymore because someone's hacked them and released it so that's a huge problem when that sort of thing happens so there are already people I mean Microsoft themselves in their blog have mentioned this already um and Ross Anderson mentions it in his blog and we'll link both of those in the bottom that you know you can't they can't wipe their hands of this entirely they can say well you know we're doing this to counterterrorism but in some ways this is also their fault because it was their exploit that's been used the headlines today are all saying it's a wakeup call well really people like Ross Anderson and other Security Experts have been saying this for years right this isn't the first time we've noticed that old machines are vulnerable to attack so yeah maybe it's a wakeup call but people need to be aggressively installing the latest operating systems and updating um as far as I know you can't turn off updates in Windows 10 and that strikes me as quite a good idea because people will turn them off oh I don't want it to reset right now I'll turn it off and I'll resume it later and that's when they get hit by buy a piece of ransomware emergency breaking who sell in future the robo chauffeur which will actually drive you to work while you're sitting there packing some code and so you've then got the technical problems and the business problems of how do you produce software upgrades which marrywhat steps have you taken to find out about this I I ran it uh on my own machine um actually that's not quite true I ran it on a virtual machine so I installed a virtual XP machine unpatched from this current patch it wasn't connected to the internet I downloaded the W to cry XE and ran it and my fathers encrypted and it popped up the warning message this isn't something people should try at home right I no I would I would advise against it right so there's nothing there's nothing inherently scary about the software in the sense that if it's not connected to the net it won't propagate and if you don't have anything valuable on your machine you aren't going to lose any files but on the other hand I'm not running it here on a university Network because I don't want to be the first person to introduce it to nothing him so you know just on the off chance right so uh let's not let's not open that door so where do we start on this mess what what is it okay first of all what's it called um so I call it w a decrypter or w a crypter it's been w a cry one a cry one a cry w a crypter w a decrypt one to decryptor 2 um as far as I can tell the source code has one A Cryptor in it a lot of people shorten this to one a cry um and there's this sort of wnc Y extension that it uses for its encrypted files which are which kind of spells one cry so yeah okay so I don't know I'm calling it wac crypter but I might just not mention it by name again because we all know what we're talking about it's ransomware right so ransomware is any troan or worm or virus that in essence encrypts your files and then tries to charge you money to reverse that process without giving them too much credit for obvious reasons it's a fairly smart way of of uh performing crime because if an antivirus is not immediately on the ball then the damage is already done and a lot of the time you won't get the key back unless you pay and so you have to then either restore from backup which a lot of people don't have and or you have to accept that your files are gone or you have to pay um and so it's no surprise that sort of the biggest stuff in the news recently in terms of attacks have been ransomware because of the immediate impact they have on standard users there are lots and lots of other kinds of malware you know banking fraud malware and key loggers and things and botn net code which is also a really big problem but perhaps to seize less news because it doesn't attack the NHS for those of you that don't live in England you might you know not know a huge amount about the NS V National Health Service is our taxpayer funded Health Service right so we all pay taxes and then those taxes contribute to health Health Service and we all get health care perhaps we all need to calm the rhetoric down slightly you know the NHS itself is not under attack the nice thing for the media is if you if you can have your headline say attack on the Health Service then you're going to get a lot of hits right so that's the first thing that's happened um and in fact actually only a small subset of of healthcare machines have been taken down by this ransomware and a lot of it's been precautionary so bring down a server just on the off chance it gets it until we can be sure but nothing on the same network has The has the uh Trojan AI worm on it so yeah so it's it's a big deal and it's infected a lot of machines but there are a lot of other big ransomwares out there right crypto wall had made millions of develop um of dollars for its Developers for example so this isn't the only one it's not the first and regrettably probably won't be the last let's talk about a bit about what happened right so on Friday um various machines started being infected by this now the exact nature of the initial infection I don't think is known right now it might be by the time this video goes out right so um maybe I'll be out of date already but probably emails right so which makes it essentially a troan um because an email goes out with a with a spear fishing attack or a fishing attack that sort of says you should click this for whatever reason um and tricks a user into doing it now you don't need to trick many users to get a return on your investment in some sense because once they get infected that's a lot of money this um trojen or this worm is a little bit unusual in that it actually carries a self-replicating payload most ransomware doesn't do this most ransomware the idea is basically to email as many people as possible some of them some small subset of them will be tricked into clicking it they will be the ones that hopefully pay the ransom that's the the logic of it um this one uses an exploit that was first found by the NSA and exploited windows so this vulnerability has existed in Windows for quite a while I mean it's exists in Windows XP that was around in 2001 and so on um and it seem to have disappeared sometime around Windows 10 right so it was patched in March um and we don't know if I think the vulnerability doesn't already exist in Windows 10 so so it was patched in March in in Windows 7 yes and for any for any operating system that Microsoft is currently actively rolling out patches for which is to say Windows 7 I don't think Windows V anymore there are plenty of copies of Windows rightly or wrongly but still have this vulnerability now this is a vulnerability in the SMB protocol which is usually used for uh file sharing across networks very common because you imagine large organizations like to share files from a central server to all their smaller machines rather than having everyone store all the files all the time um so what happens when this worm lands is so this worm will start with uh an email probably or someone will actually deliver it by USB that seems less likely um but um but probably an email you only need one person on the network to click on it and they get the ransomware and then it starts to sniff out on Port 445 for other unpatched installations so this is a directed exploit which will be able to run this same code on the target machine and then they spread and so on and that's why it spread so quickly this runability was discovered by the NSA quite a while ago five or six years ago we think we don't know exactly because they don't tell us and rather than tell Microsoft about this exploit they decided to sit on it with the uh with the idea that they could then use it in their own exploit so their exploit kit became um Eternal blue um that's that's the code name for this particular exploit and in some sense no more was heard about it right for for a while it probably got used by the government agencies to perform their C terrorism tasks and so on um until they were themselves hacked by another group called The Shadow brokers who decided to try and sell some of these tools and then just released them on the Internet so Microsoft patched this vulnerability in March and then in April the shadow Brokers released Eternal blue the code for it onto the net it was only a matter of time before someone put this onto a self replicating piece of ransomware right because and the quicker you do it the more people who are still unpatched that you get right and then damage and shoes the key difference really with this from this ransomware to the previous ransomware that we've seen is the fact that it can self-propagate right sometimes these things get built into uh self-replicating programs but in this one um this eternal blue exploit essentially means that your machine if it's not patched you you don't have to click yes right another machine will will upload the payload to it and it will run it no questions asked and it might if you're running a server which has Shadow volume copies and things and uh backs up back up and restore it might ask you for a a yes or no response later in the process but a bit late you know after a lot of things have already been encrypted so most Trojans if you're very Vigilant about running email attachments you'll never get them because you just see oh it's a troan or it's it's I don't want to go go to that website it looks malicious and so you don't you don't get them even if you don't have an antivirus but if you haven't got this update you can still get it despite the fact that you haven't done anything uh apart from perhaps being a bit lazy about your updates sometime over the weekend obviously lots of researchers were looking into this into this not um so I I was looking into it and running it purely for interest right you know I don't um I'm not writing any tools to get rid of it or anything anything clever um but there are lots of researchers so what they will do is they will run this in a virtual machine or in a special sort of samp box where it's isolated find out what it does and try and work out how they could stop it try and work out how they could take the role of a command and control server for example and tell it just to to stop or something like this now a researcher uh malware Tech um who whose blog is really interesting and we'll link to it in the bottom um they basically stumbled across for kill switch for this because they were looking at what it did and it pulled this it checked for the existence of this unregistered internet address so it basically said it did a DNS look up and said who is this who's got this internet address and no one had it so their first response was well if we register that internet address we then get communication from all the installations of this and we can sort of track how many people have got this it's it's interesting from a research point of view we can see how it's spread um but in fact what actually happened within the code was if it if this web address existed it just stopped running um the hypothesis is that it's doing a kind of um Volkswagen emission uh situation where it realizes it's running in some kind of lab environment and shuts down um but basically as soon as they registered this web address all future installations of W crypta uh W decrypto shut down immediately upon starting up uh which was obviously quite good news so inadvertently they they saved a lot of people um a lot of time and effort and maybe money that isn't the end to this story I mean presumably people have seen that that yeah so there's been multiple versions of this with tweak settings and different um where they probably REM I think they've essentially just tried to hexedit out the kill switch and run it again right and um and yes that's that's not unexpected maare Tech said this was going to come it's very uh it's to be expected because the code is not difficult to change to avoid the whole kill switch right obviously their their attempt at circumventing some of the researchers abilities has failed and it's inadvertently reduced the impact of the virus or the worm um so they'll just release it again and they'll send out another huge bunch of emails now hopefully people are now aware this exists and people are aggressively updating their systems and it will have less impact but some people are bound to get it again I think China is being hit pretty hard today it's going through China at the moment so it tends to sort of hit networks and spread about until people sort of realize what's going on and put a stop to it not everyone has got this right I haven't got it right you haven't got it no one are Notting as far as we know has got it um and that's because these SMB ports are blocked internally by our firewall as they're coming in they're blocked so you an an infected NHS machine can't Target a university of not computer because the ports are blocked many of the networks would have been compromised and networks where a machine inside the network has been compromised and it's spread around the internals of a network the majority of ransomware is aosion in the sense that it it masquerades as something else and appears on your computer usually through an email attachment um this one is both aosion in that sense because that probably is probably what happened here but it's also a worm in the sense that it can propagate out itself using this exploit so this eternal blue exploit already exists and was known to the NSA for some time it's already been patched but a lot of people aren't installing updates as vigorously as they should be and also Microsoft aren't routinely putting out updates for Windows XP so anyone running Windows XP and also now Windows Vista and so on will won't have had that update um because it that's not what happens now in in a sort of unusual move Microsoft has pushed an update to XP um because of this of severity of this um but that's unusual um if you're running XP the first thing you should do is turn off your machine because you've got no business running XP but um you aren't going to get many updates because that's not what Microsoft are doing this is a bit like having a car that nobody makes parts for anymore it's exactly like that in fact a good analogy I think is is so people are blaming Microsoft for this there's a lot of blame to go around Microsoft shares some of the blame um but in some ways what's happened is we're all driving around in 1940s Fords and then when we have an accident we're complaining that the airbag didn't go off well there isn't an airag in the 1940s for that's why right so unless you take it into the garage and have one installed you know um It's that kind of principle so yes Microsoft wrote an operating system with this bugin right all operating systems have bugin all software has bugs in they patched it quickly and they they found it they patched it in March it's not in Windows 10 anyway um and they've aggressively put out patches for leg operating systems to try and combat it so they've at least trying to take all the steps they can to solve this um the problem is that organiz big organizations like the NHS have Legacy software let's say that drivers for scanners and you know MRI machines and so on that maybe they bought 10 20 years ago that are still running XP because the software isn't compatible with modern versions of Windows that's a whole a whole political issue that I I don't you know I don't know I don't have all the answers for so the CIA leaks a few months ago showed the CIA also has a sort of should we say um a back catalog of exploits that they keep a hold of so the NSA and the CIA will disclose some problems they find but if they find a bug a normal security researcher will privately disclose it to the company for them to release a patch and then will publicize it later um partly for sort of media purposes and partly because then it encourages people to install the updates um the NSA and other government agencies don't operate this policy all the time because they view some of these exploits as useful for combating terrorism and other criminal activity now that may be may or may not be the case but what's happened in this case is they've allowed themselves to be hacked by another group who has had no ethical concerns in just releasing all of it right so um this actually goes neatly back to our endtoend encryption talk because I said that what you're doing with with introducing a back door is introducing a very big point of failure well that's exactly what's happened here right the NSA didn't tell anyone about this because they felt they could privately use it for the of of their country and that may have been the case but it's not the case anymore because someone's hacked them and released it so that's a huge problem when that sort of thing happens so there are already people I mean Microsoft themselves in their blog have mentioned this already um and Ross Anderson mentions it in his blog and we'll link both of those in the bottom that you know you can't they can't wipe their hands of this entirely they can say well you know we're doing this to counterterrorism but in some ways this is also their fault because it was their exploit that's been used the headlines today are all saying it's a wakeup call well really people like Ross Anderson and other Security Experts have been saying this for years right this isn't the first time we've noticed that old machines are vulnerable to attack so yeah maybe it's a wakeup call but people need to be aggressively installing the latest operating systems and updating um as far as I know you can't turn off updates in Windows 10 and that strikes me as quite a good idea because people will turn them off oh I don't want it to reset right now I'll turn it off and I'll resume it later and that's when they get hit by buy a piece of ransomware emergency breaking who sell in future the robo chauffeur which will actually drive you to work while you're sitting there packing some code and so you've then got the technical problems and the business problems of how do you produce software upgrades which marry\n"