Bonum Certa Men Certa

Confirmed: Microsoft Tells the NSA About Back Doors in Windows

Nobody needs hardware-level back doors when Windows (or other proprietary software) is installed

Hardware



Summary: Official confirmation that the NSA is being notified about ways of hijacking Windows before Microsoft releases fixes

Half a decade ago I put together some links about backdoors in Windows. I had accumulated those links for years. Now that we know how corrupt and aggressive the NSA can be (common knowledge after the latest leak), with cracking attacks on China, espionage, and unlimited mass surveillance in a fascistic manner (with corporations fully complicit), it all seems far less improbable and hardly far-fetched.



According to a new report from the corporate press (as corporate as it can get, being Bloomberg), Microsoft tells NSA staff about universal unpatched holes before they are being addressed:

Microsoft Corp. (MSFT), the world’s largest software company, provides intelligence agencies with information about bugs in its popular software before it publicly releases a fix, according to two people familiar with the process. That information can be used to protect government computers and to access the computers of terrorists or military foes.

Redmond, Washington-based Microsoft (MSFT) and other software or Internet security companies have been aware that this type of early alert allowed the U.S. to exploit vulnerabilities in software sold to foreign governments, according to two U.S. officials. Microsoft doesn’t ask and can’t be told how the government uses such tip-offs, said the officials, who asked not to be identified because the matter is confidential.

Frank Shaw, a spokesman for Microsoft, said those releases occur in cooperation with multiple agencies and are designed to be give government “an early start” on risk assessment and mitigation.


Glyn Moody asked, "why would anyone ever trust Microsoft again...?"

Frank Shaw is not a technical man. His job is to lie, e.g. about sales of Vista 8 (quite famously and most recently). He came from Waggener Edstrom, a lying and AstroTurfing company. The above should be read as follows: when new holes exist which permit remote hijacking the unaccountable, cracking-happy NSA is being notified. What can possibly go wrong now that we have proof that the NSA is cracking PCs abroad with impunity? Germany, are you paying attention?

Here is more about this news:

Some of the back and forth is innocuous, such as Microsoft revealing ahead of time the nature of its exposed bugs (ostensibly providing the government with a back door into any system using a Microsoft OS, but since it's don't ask, dont' tell, nobody really knows). However the bulk of the interaction is steeped in secrecy: "Most of the arrangements are so sensitive that only a handful of people in a company know of them, and they are sometimes brokered directly between chief executive officers and the heads of the U.S.’s major spy agencies, the people familiar with those programs said."


In IRC, Sosumi highlighted this article and said, "tell me something that isn't known already, like PRISM is just an evolution of a previous snooping program and that the NSA has built an AI, even if rudimentary, in order to assist them sort the information... also I wonder if Keith Alexander will be at this year's DEFCOM conference" (part of the PR and recruitment exercise).

Here is an interesting new post which relates to what we know about NSA's cracking of people's PCs (the lesser-advertised role of the NSA):



Skype is said to have several back doors. Our latest post about it got updated with new information. Skype can be used as a back door on any platform (known holes left unaddressed), GNU/Linux included. Microsoft controls it and it has a monopoly on the source code.

Watch the MSN corporate press (Microsoft's pseudo 'news' site) promoting both Skype and Facebook:

Thanks to a simple inquiry on Facebook, it's now a day to celebrate with a father who didn’t know he existed for nearly three decades.


"Whitewashing of Skype and Facebook" is what iophk called this. "Notice the lack of I-told-you-so articles about FB snooping or any coverage of the snooping at all."

Skype is a Microsoft-controlled product (acquired and quickly altered to reduce decentralisation, user control, and privacy). Advertising it with the partly Microsoft-owned Facebook is too shallow a case of bogus 'journalism'.

There is also something about spying capabilities of the Xbox One, summarised by the headline "US Navy serviceman calls Xbox One’s 24-hour online check “a sin committed against all service members”" (people seem to be getting the importance of privacy, over time).

A few weeks ago we spoke about expanding the scope of coverage in Techrights to privacy-related matters. We'll soon conduct an interview with Richard Stallman (to be published later this month) as privacy becomes a central issue relating to software freedom. We should start using the privacy card to advance the Free/libre software agenda.

National Security Agency

Recent Techrights' Posts

The "Gold" Rule: Taking Money for Reputation Laundering and Openwashing Under the "Linux" Banner
Seller of expensive toilet paper, Jim Zemlin
LLM Slop Says Slop is "coming for white-collar jobs. Microsoft’s layoffs are just the start"
Look what the Web has become
Reporting Facts About Violence Against Women Deserves Awards, Not Frivolous Lawsuits and Threats
What is Microsoft's stance on women's safety?
Linux.com as Spamfarm of the Linux Foundation, Partner of the Gates Foundation
They no longer publish articles
Slopwatch: The Typical Slopfarms and the 'Brian Fagioli Dilemma'
To the Web and to society (exposed to the Web) LLMs are a net negative
Why We Support Carole Cadwalladr (Even If We Don't Agree With Everything She Said)
I first became aware of Cadwalladr's work a long time ago
 
In Some Countries the Largest OEMs Already Dump Microsoft Windows
Windows at 18.9%, Android 60.2%
Microsoft Down From 100% to 10% in Myanmar/Burma
only about 4% of Web requests in Myanmar/Burma come from Vista 11, soon to be the only "supported" version of Windows
When Fedora Said It Was Looking to Integrate "AI" It Meant Promoting Microsoft's Proprietary Spyware and GPL-Violating Slop
When they say "AI" they mean Microsoft
It Used to be IBM, Now It's Microsoft (Why You Need to Fire Microsofters or CIOs Working for Microsoft)
Typically the only effective solution is to identity and remove Microsofters from one's project/organisation (before they can bring more Microsofters in)
IBM Closes Offices and Labs in the United States to Open New Ones in India
It's not layoffs per se; they're substituting/swapping veteran employees for lesser-paid ones
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, April 15, 2025
IRC logs for Tuesday, April 15, 2025
Gemini Links 16/04/2025: IndieWeb Carnival, Tinylog RFC, "Focus, the Web and Gemini"
Links for the day
Links 15/04/2025: Touchable Volumetric Display and Resistance to American Spying Firms
Links for the day
Links 15/04/2025: Some People Cannot Read and Re-discovering of 'Web 1.0'
Links for the day
Links 15/04/2025: China Admits Targetting Critical Infrastructure Using CALEA Back Doors, NASCAR Cracked by Windows Usage
Links for the day
Microsoft's Serial Strangler Chose to Attack Techrights With SLAPP When Over 400 Victims of Mohamed Al Fayed Complained About Media's Role in Enabling Him
There is a strong element of "free press" here
A Coalition or a Coup of Sexism
In the Free software community it's hard to avoid this issue
statCounter Sees GNU/Linux at New High of 6% in Bosnia and Herzegovina
GNU/Linux is measured at all-time high
To Celebrate Git Turning 20 Linus Torvalds is 'Selling Out' to Microsoft and Proprietary Software Which Attacks Git (E.E.E.)
He makes it seem like he's endorsing his attackers
Gemini Protocol Milestone (3,000 Active Capsules)
and a total of nearly 4,500
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, April 14, 2025
IRC logs for Monday, April 14, 2025
Gemini Links 14/04/2025: Silver Pigs and more Foundation, Disliking Computers
Links for the day
Hundreds of Microsoft Layoffs (Net Headcount Decrease) in the United Kingdom
headcount decreased
Links 14/04/2025: Russian Attack on Sumy Shows No Intention of Peace, Virgin Australia Admits Overcharging People
Links for the day
The Dilemma of Web Browsers Lying About What They Are (in Order to Bypass Discriminatory Gateways Like Clownflare) Worsens Due to LLM Slop
LLM crawlers/scrapers have made sites more restrictive and hostile towards browsers that are potent but not "famous"
What Really Matters to Companies is Net Income or Profit (Bankruptcy is Possible Even With High Revenue)
We ought to stop talking about revenue without focusing on actual profit
Carole Cadwalladr Talks About How Big Business Tried to Silence Her (and Why You Might be Next)
Our story is very different from Cadwalladr's for many reasons
Companies Conspiring to Keep Salaries Down and Undermine Competition
People who do all the practical work are being paid less and made to work for much longer
Links 14/04/2025: Disinformation, Public Disdain for LLMs, and "Lessons on Tyranny"
Links for the day
LLM Slop and SEO SPAM Take Us Further Away From Facts (the Case of IBM Layoffs)
Some of these can impact Red Hat as well
Gemini Links 14/04/2025: Ween and Historic Ada Project Management
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, April 13, 2025
IRC logs for Sunday, April 13, 2025
Influencers: Red Hat, Inc's IPO, 1999, post-mortem on the directed share offer to open source developer community
Reprinted with permission from Daniel Pocock