WannaCry? Not really

If you’re overwhelmed by all the good, bad and simply awful reporting of the WannaCry ‘ransomware’ attack, here are links to two sane and well-informed pieces.

  • Ross Anderson’s post on Light Blue Touchpaper — “Bad Malware, Worse Reporting”.
  • Ben Thomson’s long and thoughtful post on his Strachery blog — “WANNACRY ABOUT BUSINESS MODELS”.


The Economist had a useful briefing a while back on the general topic of our chronic insecurity — “Computer security is broken from top to bottom”.

And of course it goes without saying that this whole debacle provides a salutary confirmation of the foolishness of demanding that there should be ‘backdoors’ in encryption ‘for government use only’. WannaCry was turbocharged by some software written by the NSA (which knew about the Windows XP vulnerability but didn’t tell Microsoft) to exploit it. The moral: if the government knows about a vulnerability, then other people will too. And some of them will be more even more unscrupulous.