[3chelon]

I agree completely. People can blame MS for their insecure OS, or users who don't know any better for running outdated systems (or even for running Windows at all), but the stark reality is that all OSes have vulnerabilities because they are huge and complex and it is impossible to make them 100% secure.

But the NSA are - by definition - supposed to be security experts, so what are they doing letting themselves get hacked? They have effectively given away the nuclear football.

I'm shocked we're not seeing more blame in their direction on this one.

[nthcolumn]

A bit rich from Microsoft to talk about hoarding when the patches they released over the weekend were all signed back in February... i.e. they are hoarding fixes to their own shit for their $$$ extended support agreements.

[ralphie02]

"The chaos surprised many security watchers because Microsoft issued an update in March that patched the underlying vulnerability in Windows 7 and most other supported versions of Windows. (Windows 10 was never vulnerable.)"

source: https://arstechnica.co.uk/security/2017/05/wcry-microsoft-is...

So I don't really know what you mean by 'hoarding the fix'. The patch was not initially released to some OS versions because they are NO LONGER supported.

[bm98]

I believe the "hoarding the fix" comment was in reference to the patches for Server 2003, XP, and Windows 8 that were released publicly for the first time over the weekend (but had been distributed previously to customers paying for custom support) [0].

[0] https://news.ycombinator.com/item?id=14329914

[ralphie02]

I guess I don't see it that way. Extended support (which includes security patches) are only for paying customers.

[SmellyGeekBoy]

The "$$$ extended support agreements" funded the development of those fixes. Why would anyone pay the agreements if Microsoft just developed and released those fixes for free? If organisations are stupid enough to lock themselves in to 16-year-old software and create more work for Microsoft I'd say they were well within their rights to charge.

[yread]

maybe they were testing them?

[rbanffy]

For three months? That says a lot about the overall testability of their stuff.

[324324133]

I blame Microsoft, not for having a shitty OS, but for colluding directly with the NSA. Anyone who believes that Microsoft was not aware of the exploits in their system is naive.

Microsoft has done NOTHING to show that things have changed since they colluded with the NSA on PRISM (https://www.theguardian.com/world/2013/jul/11/microsoft-nsa-...), and so anyone who believes that things have changed is a moron.

Remember, head executives at Microsoft are essentially part of the "shadow government" as they were privy to 1984-style surveillance that even much of congress was unaware of until the Snowden leaks. People at MS knew and said nothing. Executives at MS are closer to the NSA than most of congress. Let that sink in.