Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Just that? No click somehwhere?


If someone connects to a network which has been infected and they've not applied the appropriate patch (MS17-010) it looks like they're in trouble if they're running Windows and don't have a firewall blocking incoming connections.

So first person in a network has to have fallen for the phishing attack, but once it's in the network it can spread via the ETERNALBLUE exploit.


I confirm that. Once inside network it's a carnage.


It can copy itself across a network through a vulnerability in SMB, Windows' file-sharing protocol. That's the bug that was disclosed in the NSA leaks. Microsoft released a patch in March, but of course not all computers are patched.


Clicks are for phishing and trojans, i.e. human vulnerabilities. This is due to an operating system bug, which is a technical vulnerability.

If you can get the right network packets to an unpatched machine, you can infect that machine.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: