re: Microsoft is absolutely at fault for WannaCry VIEW POST

re: two months ago, nobody had "proof" of this backdoor. except the government (for sure), and maybe microsoft. now we "blame" microsoft because "it s...

I think nobody with a minimal understanding of software development thinks Microsoft "should have known" - bugs happen, unbeknown to their developers, period. And blaming Microsoft for having developed SMB the way it did is also generally disagreed with, because it doesn't take historic reasons into account.

As far as it's not religion, what I believe must be supported by facts. Otherwise I don't believe and even less I speak. Yet you speak while providing no facts. I have no idea why you think it's reasonable.

so you disagree with this article's point. that's fine.

but the government knew about this vulnerability.

so, what you believe is that the government knows more about microsoft's code than microsoft itself, more than the programmers who wrote that code.

and you believe the government explicitly decided not to inform microsoft about its code's deficiency.

who knows? you might be right. i certainly don't know.

but you don't have any more "proof" for your position than i have for mine, and it's disingenuous to imply so.

i think it's far more likely that both the government and microsoft knew about this hole in the fence, and rather than patch it, they decided to monitor it closely instead, to catch any bad guys who might try to slip through it... (and yes, use it themselves, also to catch the bad guys.)

of course, once the hole was widely known to the public, and thus garden-variety criminals, they had to patch it.

but up until that time, it was more useful as a honeypot.

and once you see a "vulnerability" can be used this way, it doesn't take a whole lot of imagination to propose that you introduce a few of them, or a few dozen, as tools...

but, of course, you'd have to be very careful to not leave any "proof" that you'd done that. and you would have to publicly disavow such efforts, and have plausible deniability. maybe even have a law that you are not allowed to admit it. you could call it a "national security letter", or some such.

and now i doff my tin-foil hat to all of you, and exit...

but again, please believe whatever you need to believe.


code of conduct - report abuse