Re: The real blame goes to..
> The problem I have with this blame attribution, is it isn't quite true ...
Correct and a little perspective is useful here - at least four months since Microsoft patched anything from the NSA that has been used in this attack. Plenty of references to the timelines (toolkit compromised last year, MS patches in Feb, toolkit dumped public April/May, first 'public' exploit mid-May).
Do the spooks have form in using any weakness to attack perceived enemies of their respective state with little concern for moral/legal scruples? Yes. Are they responsible for the failure of commercial organisations to implement basic, proper IT maintenance when the necessary defenses have been in the public domain for months? No.
Whether the motivation behind NotPetya turns out to be criminal or political will be far more interesting than ideological blame games (although a definitive answer on motive seems like it will be challenging to confirm).
Biting the hand that feeds IT
