Windows 10: Hacking tools were stolen from NSA - Almost all Windows affected

Should I shift to Linux? Recently I have concerns of data on my PC being stolen by a business competitor whom I know he is personally a software programmer/engineer as well.

 

Very disturbing news indeed!

Cheers

 

Stay extra careful who you trust and what to click. And be prepare to change you online passwords. No need to do it now, ...

 

MS responded to Softpedia article (or somewhere) and I think they'll provide some fixes. Hope it'll be quick enough...

 

I like ENGLISHMANSDENTIST lol

 

WinBeta reported that MS responded and some security fixes are available...





Update: here is direct link to MS blog article with the list of security fixes..

 

Based on the comprehensive leaked list posted over at BleepingComputer, it appears that MS have only addressed the ones they have an acceptable answer for; many still remain unanswered, and therefore active vulnerabilities:

EASYBEE appears to be an MDaemon email server vulnerability [source, source, source]

EASYPI is an IBM Lotus Notes exploit [source, source] that gets detected as Stuxnet [source]

EWOKFRENZY is an exploit for IBM Lotus Domino 6.5.4 to 7.0.2 [source, source]

EXPLODINGCAN is an IIS 6.0 exploit that creates a remote backdoor [source, source]

EMPHASISMINE is a remote IMAP exploit for IBM Lotus Domino [source, source]

ENGLISHMANSDENTIST sets Outlook Exchange WebAccess rules to trigger executable code on the client's side to send an email to other users [source, source]

ERRATICGOPHER is a SMBv1 exploit targeting Windows XP and Server 2003 [source, source]
Addressed prior to the release of Windows Vista

ETRE is an exploit for IMail 8.10 to 8.22 [source]

FUZZBUNCH is an exploit framework, similar to MetaSploit [source, source], which was also part of the December-January "Windows Tools" Shadow Brokers auction [source]

DOUBLEPULSAR is a RING-0 multi-version kernel mode payload [source]
EquationGroup had scripts that could scrape Oracle databases for SWIFT data [source, source]

ODDJOB is an implant builder and C&C server that can deliver exploits for Windows 2000 and later [source, source], also not detected by any AV vendors [source]

 

A good tool for a complete system inventory, including any missing updates and security vulnerabilities is Belarc Advisor (free).
Products: Belarc Advisor
.

 

Thanks for the info and link, I'll for sure going to check it out!

Cheers

 

PSI (personal software inspector) from Flexera, formerly Secunia was once one and only tool for system vulnerability checking. It's not updated so frequently and has a bit more false positives lately, but is still a good choice.

Link points to Bleeping Computer site...

 

Thank you, additional trial-and-error software for testing this is more than welcome!



Cheers

 

Thanks for all your work here to address this rather unpleasant issue, simrick and Andre. *Thumbs

 

Thanks HG. Really, this is HUGE, and I don't think people are taking this seriously enough.

 

They don't seem to be, do they? Every member should take precautions on this.

 

From here: Leaked NSA point-and-pwn hack tools menace Win2k to Windows 8 • The Register

Make of that what you will.