Read the summary. The issue with Swift is that the libraries are not locked down yet. Each app has to static link - or include the libraries as part of the installation - as it can't rely on the different versions being compatible.

Office macros are one of the most notorious attack vectors...

It's in Variety. You expect an entertainment magazine to understand and report on the technical details? They'd get them wrong anyway.

From the sounds of it, the hacker group was simply port scanning and got lucky in finding that Windows 7 box that had a hole. Once on that machine, they had complete access to the internal network.

Well, not quite. But for those trying to get pregnant there are apps that will tell you the best time to copulate.

Not quite. More like "Made a readable version of Perl." There's a reason Perl tends to be disqualified from any "obfuscated code" contests.

See OpenStack for a perfect example. It's just "glue code" around various virtualization packages.

No. It means that you are free from governmental consequences. Private entities are still free to tell you to fuck off.

Coding, itself, is not fun. Seeing the results? That's the fun. It's like construction work. Swinging a hammer is not fun. Seeing the building come together and knowing you had a hand in it is fun.

The fun part about software is that we can quickly and easily - relatively speaking - change one thing and see what happens.

Call me odd, but I enjoy that role. Probably why I was in integration for 5 years....

HAH! That's exactly how I wound up running Windows 10. Left my Windows 7 machine running over the weekend and came back to Windows 10. Fuck!

Ah. Governmental IT. The government has been bitten a few times already about security so they take it a bit more seriously.

Just to clarify, I'm not arguing about the best practices. I'm just playing devil's advocate as to how this situation could have happened. I do contract development work. The shortcuts taken to fit the work into the budget are scary.

This is also why the concept of IoT scares the living shit out of me.

I'm guessing you work at a company that is IT related. I could be wrong but in my experience most companies that are not in the IT field see IT as a loss generator. As such, the lower the cost and inconvenience to users, the better.

And when it's the CEO that wants to share his daughter's Christmas choir video with the whole company - no I'm not kidding - that USB stick gets greenlit.

Sure. Those of us who have worked in network security long enough know that, but given a design requirement of "Share the diagnostic images with other servers on the network" and an OS that has a built in network sharing protocol, there's a very large incentive to just use what the OS provides.

Can a Windows XP machine use the SMB client protocol without allowing inbound packets? I don't remember. It's been too long. And I haven't gone over the SMB vulnerability in detail to know exactly how it worked.

Absolutely. The impact could have been lessened with proper security on the network but the people yelling "Get the latest OS!" are starting to get annoying. It's not all about desktop PCs, laptops and servers.

And I say "lessened," since I haven't gone in to the SMB vulnerability in depth. Any file server to which these devices attach may have been vulnerable since these devices couldn't communicate with a patched OS...but that's purely speculation on my part.

But too many people still think that security at the border is enough. If we keep the baddies out, we don't need internal security. The downside is if there is a breach, the whole network is screwed. Another example of this was the laptop that could shut down systems on a moving vehicle. That exploit went through the media center in the console and had full access to the rest of the vehicle's systems.

The trouble is there are perfectly valid reasons for using the older operating systems especially in the cases like hospitals.

Let's say, as an example, there is an ultrasound machine that was based around Windows XP. I know is sounds odd but there is a case to be made for taking an existing laptop motherboard design and tweaking it to add the special hardware needed for the ultrasound. Especially as the images can be sent to a central file server.

Now, 4 years later, update the OS.

Can you guarantee that the drivers for that hardware are available? Can you - as a user - update the OS on that hardware? Can the IT guys? Does the company support that hardware any more or will an update require buying a new machine?

Enterprise support contracts. Specifically the enterprise cloud support.

Large companies are completely wiling to pay to have a guaranteed response time for service calls. Especially when they don't have to buy the hardware.

Imitator? That's putting it lightly. I work in the telecom industry. There was a time when Huawei boards could run Nortel firmware.