Nobody needs hardware-level back doors when Windows (or other proprietary software) is installed
Summary: Official confirmation that the NSA is being notified about ways of hijacking Windows before Microsoft releases fixes
Half a decade ago I put together some links about backdoors in Windows. I had accumulated those links for years. Now that we know how corrupt and aggressive the NSA can be (common knowledge after the latest leak), with cracking attacks on China, espionage, and unlimited mass surveillance in a fascistic manner (with corporations fully complicit), it all seems far less improbable and hardly far-fetched.
According to a new report from the corporate press (as corporate as it can get, being Bloomberg), Microsoft tells NSA staff about universal unpatched holes before they are being addressed:
Microsoft Corp. (MSFT), the world’s largest software company, provides intelligence agencies with information about bugs in its popular software before it publicly releases a fix, according to two people familiar with the process. That information can be used to protect government computers and to access the computers of terrorists or military foes.
Redmond, Washington-based Microsoft (MSFT) and other software or Internet security companies have been aware that this type of early alert allowed the U.S. to exploit vulnerabilities in software sold to foreign governments, according to two U.S. officials. Microsoft doesn’t ask and can’t be told how the government uses such tip-offs, said the officials, who asked not to be identified because the matter is confidential.
Frank Shaw, a spokesman for Microsoft, said those releases occur in cooperation with multiple agencies and are designed to be give government “an early start” on risk assessment and mitigation.
Glyn Moody asked, “why would anyone ever trust Microsoft again…?”
Frank Shaw is not a technical man. His job is to lie, e.g. about sales of Vista 8 (quite famously and most recently). He came from Waggener Edstrom, a lying and AstroTurfing company. The above should be read as follows: when new holes exist which permit remote hijacking the unaccountable, cracking-happy NSA is being notified. What can possibly go wrong now that we have proof that the NSA is cracking PCs abroad with impunity? Germany, are you paying attention?
Here is more about this news:
Some of the back and forth is innocuous, such as Microsoft revealing ahead of time the nature of its exposed bugs (ostensibly providing the government with a back door into any system using a Microsoft OS, but since it’s don’t ask, dont’ tell, nobody really knows). However the bulk of the interaction is steeped in secrecy: “Most of the arrangements are so sensitive that only a handful of people in a company know of them, and they are sometimes brokered directly between chief executive officers and the heads of the U.S.’s major spy agencies, the people familiar with those programs said.”
In IRC, Sosumi highlighted this article and said, “tell me something that isn’t known already, like PRISM is just an evolution of a previous snooping program and that the NSA has built an AI, even if rudimentary, in order to assist them sort the information… also I wonder if Keith Alexander will be at this year’s DEFCOM conference” (part of the PR and recruitment exercise).
Here is an interesting new post which relates to what we know about NSA’s cracking of people’s PCs (the lesser-advertised role of the NSA):
In researching the stunning pervasiveness of spying by the government (it’s much more wide spread than you’ve heard even now), we ran across the fact that the FBI wants software programmers to install a backdoor in all software.
Skype is said to have several back doors. Our latest post about it got updated with new information. Skype can be used as a back door on any platform (known holes left unaddressed), GNU/Linux included. Microsoft controls it and it has a monopoly on the source code.
Watch the MSN corporate press (Microsoft’s pseudo ‘news’ site) promoting both Skype and Facebook:
Thanks to a simple inquiry on Facebook, it’s now a day to celebrate with a father who didn’t know he existed for nearly three decades.
“Whitewashing of Skype and Facebook” is what iophk called this. “Notice the lack of I-told-you-so articles about FB snooping or any coverage of the snooping at all.”
Skype is a Microsoft-controlled product (acquired and quickly altered to reduce decentralisation, user control, and privacy). Advertising it with the partly Microsoft-owned Facebook is too shallow a case of bogus ‘journalism’.
There is also something about spying capabilities of the Xbox One, summarised by the headline “US Navy serviceman calls Xbox One’s 24-hour online check “a sin committed against all service members”” (people seem to be getting the importance of privacy, over time).
A few weeks ago we spoke about expanding the scope of coverage in Techrights to privacy-related matters. We’ll soon conduct an interview with Richard Stallman (to be published later this month) as privacy becomes a central issue relating to software freedom. We should start using the privacy card to advance the Free/libre software agenda. █