NetBIOS resurrection

The ransomware incident is believed to related to a Microsoft Windows Vulnerability (MS17-010 – Critical) affecting Microsoft Windows SMB Server from Windows 2008 to Win7. The attack is on Microsoft Server Message Block 1.0 (SMBv1) server.

When I was an IT aduitor in banks, I always asked for justifications on using SMB services and opening of port 137. It is a standard hardening procedure to turn off NetBIOS. I would had thought after 10 years such procedures are still enforced.

The widespread of this attack may means the IT security industry and practitioners are too young to this dated protocol !


This entry was posted in Information security strategy on by .

About antonyma

Engineering trained, Antony has the qualifications of CISA, CCSP, Oracle DBA and BS7799 ISMS assessor. He also received a LLM in Intellectual Property & Information Technology Law from The University of Hong Kong. Founder of Cybersecurity Risk Assessment firm Antony was th Chairman of Professional Information Security Association (PISA) from 2009 to 2010. He also joined ISC2 workshop on developing a new cloud security certification. Current positions include: 1. Chairman of Cloud Security Alliance (Hong Kong & Macau Chapter) 2. Convenor of HK OGCIO Working Group on Cloud Security and Privacy 3. Hong Kong delegate to ISO SC 27 committee, which drafts security standards like ISO27001. email : Specialties Retail Banking System & Process, IT Security, Copyright Law, Audit & Control, Technology Risk Management, Cloud Security

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s