back to article The seven deadly sins letting hackers hijack America's govt networks: These unpatched bugs leave systems open

If you're wondering which bugs in particular miscreants are exploiting to break into, or attempt to break into, US government networks, wonder no more. And then make sure you've patched them. Uncle Sam's Dept of Homeland Security has this month identified at least six possible routes into the nation's computer systems, and the …

  1. Blackjack Silver badge

    Microsoft is partly at fault...

    If you are using Windows 10, leaving automatic updates on could (and has) literally wreck your system, erase data, break compatibility and automatically install stuff you don't want or is forbidden to have in the office.

    Maybe just maybe, if Microsoft was a tad more careful with updates then System Administrators could just let automatic updates on and set them to update during non office hours... but The Register has repeatedly shown in several articles why that's a terrible idea.

    Even if you do daily backups, reverting everything back to before the update borked things costs time and makes the company lose money.

    And of course that's how things are... without a pandemic going on that just complicates things even more.

    1. Anonymous Coward
      Anonymous Coward

      Re: Microsoft is partly at fault...

      One does not own Windows 10. It owns you.

      1. NetBlackOps Bronze badge

        Re: Microsoft is partly at fault...

        Directly or indirectly, time spent mucking in its guts eliminating all the ways it tries to own you.

    2. sabroni Silver badge

      Re: Microsoft is partly at fault...

      What do you mean 'partly'?

      On this site MS are responsible for fucking everything up, whoever wrote the code.

    3. veti Silver badge

      Re: Microsoft is partly at fault...

      There is no plausible level of care from Microsoft that would make it safe for every sysadmin to leave auto update on.

      https://xkcd.com/1172/

  2. Gene Jones

    Microsoft is not completely at fault. There is no single entity overseeing the administration of government computers. Thousands of systems, thousands of administrators who protect their turf rather than protect the data. What I mean here is there are thousands of holes because every agency runs their own show. They hire their own administrators, nepotism and cronyism rule the day, rather than the very best administrators available. The VA appointed a CIO a few years back who didn't last more than a few months. He tossed up his hands and resigned because he couldn't fix the fractured nature of the installed systems. Why? Because every regional and local administrator viewed him as a threat to their fiefdom. One example out of thousands, I'm sure.

  3. Stuart Castle Silver badge

    Love the way people are focusing on Microsoft here. That was one of the 7 faults listed, and had to be used in conjunction with one of the other 6.

    I'm not defending MS, as they are quite capable of fucking up security, and have done some many times in the past.

    However, the thing I think the US government need to address is not the fact that there are bugs in the software (something which will likely always occur), but the fact there appear to be problems testing and distributing patches quickly There is also the problem that this is not the first time this has happened.

    Still, the US government doesn't seem to have a sane procedure for IT governance, and I've no doubt they have thousands of IT department heads all trying to protect their own empire.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021