back to article It's not every day the NSA publicly warns of attacks by Kremlin hackers – so take this critical Exim flaw seriously

The NSA has raised the alarm over what it says is Russia's active exploitation of a remote-code execution flaw in Exim for which a patch exists. The American surveillance super-agency said [PDF] on Thursday the Kremlin's military intelligence hackers are actively targeting some systems vulnerable to CVE-2019-10149, a security …

  1. David Shaw

    do you want me to post the email embedded javascript obfuscated code that was included in an email from the BBC to a child of mine?, I attribute it to Gloucestershire.

    Or I could add the mail-bomb script that the NSA embedded in a fake email to me "from the ITU"?

    The Russian/GRU attack that I noticed was much more subtle, such that nobody seemed particularly interested - it involved a special offer on software, a slow social engineered creep of app permissions, to a full MITM - whilst pretending to be a cloud AV, over six months....

    this information war stuff is very multilateral, read wider

    1. Anonymous Coward
      Anonymous Coward

      Agreed. But it's even worse than that, it's very widespread these days, in fact, I'd say it's totally pervasive.

      My default position now is that all email systems and cloud services have backdoors / hacked by 3/4 letter agencies. Even antivirus software. A very puzzling series of events during this month led me to the ultimation conclusion regarding the latter. I think anyone who disagrees is being naive.

      And then there's firmware and bios hacks...

      1. amanfromMars 1 Silver badge

        The bigger story ..... to relentless exploit and engage with

        Agreed. But it's even worse than that, it's very widespread these days, in fact, I'd say it's totally pervasive.

        My default position now is that all email systems and cloud services have backdoors / hacked by 3/4 letter agencies. Even antivirus software. ..... Anonymous Coward

        What one fails to do to remedy anything from global conflict to domestic strife with all of that information available at one's fingertips is surely the result of a lack of human intelligence rather than any exercise of it.

        Does such indicate most all human intelligence systems are corrupted and perverted and subversive .... and be totally unfit for Future Lead with Greater IntelAIgent Games Use Employing Virtually Remote Core Instructions?

        And that is at least six questions be answered if you can be bothered to be bothered. :-) ...... for apathy is a constant companion to both ignorance and arrogance alike.

  2. Steve Graham

    incredible blunder

    The Exim developer who caused the bug needs to be taken aside for some "re-education" in the old KGB style.

    1. HildyJ Silver badge
      FAIL

      Re: incredible blunder

      OMG! A developer released code with a bug in it!

      If we reeducated every developer who ever did this the Gulag would be full and the IT departments would be empty .

      The blame lies with those who put off patching their instance of the software for a year.

      I also assume the NSA knew about this bug before the developer and exploited it. They mentioned it now because the Ruskies found it.

  3. Graham Dawson Silver badge

    Oh, this is what got my mail server last year. They used it to install crypto miners.

  4. Claverhouse Silver badge
    Meh

    All Things Decline

    The GRU is a lot less fearsome now.

    1. Throatwarbler Mangrove Silver badge
      Happy

      Re: All Things Decline

      I dare you to say that to their face.

  5. Kev99

    But, but, it's perfectly safe to send confidential or prorietary information to another using that bunch of holes held together with vapor. Just ask Capital One.

  6. John Brown (no body) Silver badge

    I assume

    ...this means the NSA have a new toy to play with and no longer need this one.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020