EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

11.18.13

NSA-Created Malware Used Politically and Relied on Microsoft-Provided Back Doors/Weak Encryption

Posted in Action, Microsoft at 5:11 am by Dr. Roy Schestowitz

Hardware

Summary: A roundup of privacy-related news, with special focus on the role played by proprietary software in political espionage

SINCE Microsoft and the NSA are so close and we already know about NSA attempts to put back doors in operating systems, it should not be surprising that Microsoft Windows has a back door (more likely sevral) and Stuxnet was made possible to devise/deploy on Windows. Based on some news from Ars Technica [1], now that a lot of this shocking information is out there, Microsoft is trying to shift away from weak encryption (or breakable encryption), but it’s likely to be too late because Microsoft made such weakness a standard. “Microsoft is retiring two widely used cryptographic technologies that are growing increasingly vulnerable to attacks,” the article says. Further down the article notes: “The state-sponsored Flame malware that targeted Iran pulled off the only known in-the-wild collision attack earlier this decade. Using a never-before seen technique to subvert the MD5 algorithm, Flame-infected computers were able to pose as official servers belonging to Microsoft. By forging Microsoft’s digital signatures, the infected machines were able to trick uninfected computers into installing highly malicious software they otherwise would have refused. Microsoft has since decommissioned MD5 in its update system. Tuesday’s advisory indicates that the company is aiming to learn from that past incident by retiring SHA1 before it falls to the same type of attack.”

But why not assume that this weakness was the result of complicity (with the NSA) rather than an “incident” or some kind of accident? There are other bits of Microsoft software which gleefully invite the NSA in, e.g. Skype (incidentally, the researcher who showed it could be maliciously exploited has just died in an accident [2]).

We need to accept the fact that a lot of software is insecure by design. It’s designed to give power to particular parties, not the users. It’s an important distinction which helps show why proprietary software oughtn’t be trusted.

In other news, the United States’ “Internet Kill Switch” is back in the headlines [3] and countries like Germany are expected to have something to say [4]. Snowden’s E-mail provider is taking privacy up a notch [5] and Snowden’s leaks are said to be having an impact on privacy perceptions [6] because companies like Facebook [7], Google [8], and of course Microsoft do not protect users’ privacy at all. Facebook is notably worse because it helps the government train face recognition classifiers for people whose friends tag them [9]. In case of protests, for example, activists can be identified and named (which helps those who crush protests or intimidate protesters [10]).

There seems to be a shift motivating encryption of the Web [11] and rejection of proprietary software [12] because privacy rights are being misused [13-16], only making privacy advocates stronger and more popular [17]. In the UK, privacy abuses against foreign leaders [18] have been damaging, but not as damaging as the Streisand Effect caused by the attack on the press and on privacy advocates [19].

Related/contextual items from the news:

  1. Hoping to avert “collision” with disaster, Microsoft retires SHA1
  2. Security researcher Cédric ‘Sid’ Blancher dead at 37

    In 2006, while working for the EADS Corporate Research centre, he also put together a paper on how to exploit Skype to act as a botnet.

  3. EPIC Prevails in FOIA Case About “Internet Kill Switch”

    In a Freedom of Information Act case brought by EPIC against the Department of Homeland Security, a federal court has ruled that the DHS may not withhold the agency’s plan to deactivate wireless communications networks in a crisis. EPIC had sought “Standard Operating Procedure 303,” also known as the “internet Kill Switch,” to determine whether the agency’s plan could adversely impact free speech or public safety.

  4. Germany struggling to respond to NSA revelations
  5. DarkMail Alliance Wants To Upgrade Gmail’s Security
  6. Snowden effect: young people now care about privacy
  7. Friday Shame: Facebook reminds you that your posts are also its ads

    “Ads work the same way and just as with all of the content on Facebook, we show you which of your friends have interacted with something to make it more relevant to you,” Facebook chief privacy officer Erin Egan write in a post posted at 12:05PM ET on Friday

    While Facebook made a point to clarify the new privacy policy, it’s actually changing very little about it — despite all the backlash the changes caused when they were initially introduced.

  8. Google will soon display your Google+ photo when you call an Android phone
  9. US intelligence wants to radically advance facial recognition software

    Identifying people from video streams or boatloads of images can be a daunting task for humans and computers.

  10. EFF Appeals Chevron’s Speech-Chilling Subpoena

    On Halloween of this year, EFF and EarthRights International (ERI) filed an appeal in the Second Circuit (PDF) to protect the rights of dozens of environmental activists, journalists, and attorneys from a sweeping subpoena issued by the Chevron Corporation. And just last week, both the Republic of Ecuador (PDF) and a group consisting of Human Rights Watch, Automattic, a pair of anonymous bloggers, and academics Ethan Zuckerman and Rebecca McKinnon (PDF) filed amicus briefs in support of our appeal.

  11. Internet architects propose encrypting all the world’s web traffic

    A vastly larger percentage of the world’s web traffic will be encrypted under a near-final recommendation to revise the Hypertext Transfer Protocol (HTTP) that serves as the foundation for all communications between websites and end users.

  12. Revenge of the Dragon

    This could spawn migration to GNU/Linux on client and server in governments globally not just a few early adopters like Europe, China, India, Brazil and Russia. By next year there could be dozens of governments making the move. I advised Canada to do that years ago. They might have another idea now that USA is the biggest threat in the world to cybersecurity with documented attacks.

  13. Government Refusing To Say Whether Phone Tracking Evidence Came From Mass Surveillance

    In criminal cases, defendants have a right to know what evidence the government plans to use against them and how the government gathered that evidence. This basic due process principle is essential: it allows defendants to test in court whether law enforcement officers obtained evidence in violation of the Fourth Amendment. But in a new legal brief, the government has refused to confirm or deny whether it relied on constitutionally questionable mass surveillance programs to gather evidence for a criminal prosecution.

  14. Watch live: “They’re watching us: So what?” featuring Greenwald, Schneier, Bamford, Dorfman

    From Pen America, cosponsored by the ACLU and the Fordham Law School Center on National Security, a talk on surveillance with James Bamford, Ariel Dorfman, Glenn Greenwald, and Bruce Schneier.

  15. The Biggest Little CIA Shop You’ve Never Heard Of

    The CIA’s main business is sending operatives abroad to recruit spies and, especially since 9/11, chasing down terrorists for its target-hungry drone pilots. But NR, as it’s known, is the agency’s stay-at-home division. It’s nothing like Homeland, however, with operatives running about with guns in the D.C. suburbs (though its 1960s-era predecessors once spied on antiwar and civil rights activists and recruited Cuban exiles to harass Fidel Castro). It also works with the FBI and NSA in bugging foreign diplomatic missions there.

  16. The Importance of Free Websites

    For me, this has been a perfect illustration of the positive aspects of the web. With the rampart commercialization of the Internet and issues such as advertisers tracking users surfing habits, the NSA’s gathering data on nearly everything that happens online and crackers trying to break into computers at every turn, it’s easy to come to the conclusion that the public network is nothing but a virtual space fraught with danger. But it’s also a place of great promise, as Charlie’s story so aptly demonstrates.

    Twenty years ago, my roommate and her family would not be able to follow the progress being made by Charlie nearly so closely. They would’ve had to rely on bits and pieces of often unreliable, certainly incomplete, information picked up by word of mouth through phone calls. They would not have felt as involved with the situation as they now do either, which is also important.

  17. Silent Mail, FreedomMail or Lavamail. Whatever it’s called, it will offer the same benefits

    Dark Mail alliance is the non-profit group formed by the leaders of Silent Circle and Lavabit.

    Silent Circle offers a suite of secure, communication services, while Lavabit is the secure email provider used by Edward Snowden, the ex-CIA contractor now living in Russia.

  18. GCHQ Monitors Hotel Reservations to Track Diplomats

    Britain’s GCHQ intelligence service monitors diplomats’ travels using a sophisticated automated system that tracks hotel bookings. Once a room has been identified, it opens the door to a variety of spying options.

  19. UK’s reputation is damaged by reaction to Edward Snowden, says UN official
Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Links 20/11/2017: Why GNU/Linux is Better Than Windows, Another Linus Torvalds Rant

    Links for the day



  2. “US Inventor” is a “Bucket of Deplorables” Not Worthy of Media Coverage

    Jan Wolfe of Reuters treats a fringe group called “US Inventor” as though it's a conservative voice rather than a bunch of patent extremists pretending to be inventors



  3. Team Battistelli's Attacks on the EPO Boards of Appeal Predate the Illegal Sanctions Against a Judge

    A walk back along memory lane reveals that Battistelli has, all along, suppressed and marginalised DG3 members, in order to cement total control over the entire Organisation, not just the Office



  4. PTAB is Safe, the Patent Extremists Just Try to Scandalise It Out of Sheer Desperation

    The Leahy-Smith America Invents Act (AIA), which gave powers to the Patent Trial and Appeal Board (PTAB) through inter partes reviews (IPRs), has no imminent threats, not potent ones anyway



  5. Update on the EPO's Crackdown on the Boards of Appeal

    Demand of 35% increases from the boards serves to show that Battistelli now does to the 'independent' judges what he already did to examiners at the Office



  6. The Lobbyists Are Trying to Subvert US Law in Favour of Patent Predators

    Mingorance, Kappos, Underweiser and other lobbyists for the software patents agenda (paid by firms like Microsoft and IBM) keep trying to undo progress, notably the bans on software patents



  7. Patent Trolls Based in East Texas Are Affected Very Critically by TC Heartland

    The latest situation in Texas (United States District Court for the Eastern District of Texas in particular), which according to new analyses is the target of legal scrutiny for the 'loopholes' it provided to patent trolls in search of easy legal battles



  8. Alice Remains a Strong Precedential Decision and the Media Has Turned Against Software Patents

    The momentum against the scourge of software patents and the desperation among patent 'professionals' (people who don't create/develop/invent) is growing



  9. Harm Still Caused by Granted Software Patents

    A roundup of recent (past week's) announcements, including legal actions, contingent upon software patents in an age when software patents bear no real legitimacy



  10. Links 18/11/2017: Raspberry Digital Signage 10, New Nano

    Links for the day



  11. 23,000 Posts

    23,000 blog posts milestone reached in 11 years



  12. BlackBerry Cannot Sell Phones and Apple Looks Like the Next BlackBerry (a Pile of Patents)

    The lifecycle of mobile giants seems to typically end in patent shakedown, as Apple loses its business to Android just like Nokia and BlackBerry lost it to Apple



  13. EFF and CCIA Use Docket Navigator and Lex Machina to Identify 'Stupid Patents' (Usually Software Patents That Are Not Valid)

    In spite of threats and lawsuits from bogus 'inventors' whom they criticise, EFF staff continues the battle against patents that should never have been granted at all



  14. The Australian Productivity Commission Shows the Correct Approach to Setting Patent Laws and Scope

    Australia views patents on software as undesirable and acts accordingly, making nobody angry except a bunch of law firms that profited from litigation and patent maximalism



  15. EPO 'Business' From the United States Has Nosedived and UPC is on Its Death Throes

    Benoît Battistelli and Elodie Bergot further accelerate the ultimate demise of the EPO (getting rid of experienced and thus 'expensive' staff), for which there is no replacement because there is a monopoly (which means Europe will suffer severely)



  16. Links 17/11/2017: KDE Applications 17.12, Akademy 2018 Plans

    Links for the day



  17. Today's EPO and Team UPC Do Not Work for Europe But Actively Work Against Europe

    The tough reality that some Europeans actively work to undermine science and technology in Europe because they personally profit from it and how this relates to the Unitary Patent (UPC), which is still aggressively lobbied for, sometimes by bribing/manipulating the media, academia, and public servants



  18. Links 16/11/2017: WordPress 4.9 and GhostBSD 11.1 Released

    Links for the day



  19. The Staff Union of the EPO (SUEPO) is Rightly Upset If Not Shocked at What Battistelli and Bergot Are Doing to the Office

    The EPO's dictatorial management is destroying everything that's left (of value) at the Office while corrupting academia and censoring discussion by threatening those who publish comments (gagging its own staff even when that staff posts anonymously)



  20. EPO Continues to Disobey the Law on Software Patents in Europe

    Using the same old euphemisms, e.g. "computer-implemented inventions" (or "CII"), the EPO continues to grant patents which are clearly and strictly out of scope



  21. Links 16/11/2017: Tails 3.3, Deepin 15.5 Beta

    Links for the day



  22. Benoît Battistelli and Elodie Bergot Have Just Ensured That EPO Will Get Even More Corrupt

    Revolving door-type tactics will become more widespread at the EPO now that the management (Battistelli and his cronies) hires for low cost rather than skills/quality and minimises staff retention; this is yet another reason to dread anything like the UPC, which prioritises litigation over examination



  23. Australia is Banning Software Patents and Shelston IP is Complaining as Usual

    The Australian Productivity Commission, which defies copyright and patent bullies, is finally having policies put in place that better serve the interests of Australians, but the legal 'industry' is unhappy (as expected)



  24. Patent Trial and Appeal Board (PTAB) Defended by Technology Giants, by Small Companies, by US Congress and by Judges, So Why Does USPTO Make It Less Accessible?

    In spite of the popularity of PTAB and the growing need/demand for it, the US patent system is apparently determined to help it discriminate against poor petitioners (who probably need PTAB the most)



  25. Declines in Patent Quality at the EPO and 'Independent' Judges Can No Longer Say a Thing

    The EPO's troubling race to the bottom (of patent quality) concerns the staff examiners and the judges, but they cannot speak about it without facing rather severe consequences



  26. The EPO is Now Corrupting Academia, Wasting Stakeholders' Money Lying to Stakeholders About the Unitary Patent (UPC)

    The Unified Patent Court/Unitary Patent (UPC) is a dying project and the EPO, seeing that it is going nowhere fast, has resorted to new tactics and these tactics cost a lot of money (at the expense of those who are being lied to)



  27. Links 15/11/2017: Fedora 27 Released, Linux Mint Has New Betas

    Links for the day



  28. Patents Roundup: Packet Intelligence, B.E. Technology, Violin, and Square

    The latest stories and warnings about software patents in the United States



  29. Decline of Skills Level of Staff Like Examiners and Impartiality (Independence) of Judges at the EPO Should Cause Concern, Alarm

    Access to justice is severely compromised at the EPO as staff is led to rely on deficient tools for determining novelty while judges are kept out of the way or ill-chosen for an agenda other than justice



  30. Links 14/11/2017: GNU/Linux at Samsung, Firefox 57 Quantum

    Links for the day


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts