EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

11.18.13

NSA-Created Malware Used Politically and Relied on Microsoft-Provided Back Doors/Weak Encryption

Posted in Action, Microsoft at 5:11 am by Dr. Roy Schestowitz

Hardware

Summary: A roundup of privacy-related news, with special focus on the role played by proprietary software in political espionage

SINCE Microsoft and the NSA are so close and we already know about NSA attempts to put back doors in operating systems, it should not be surprising that Microsoft Windows has a back door (more likely sevral) and Stuxnet was made possible to devise/deploy on Windows. Based on some news from Ars Technica [1], now that a lot of this shocking information is out there, Microsoft is trying to shift away from weak encryption (or breakable encryption), but it’s likely to be too late because Microsoft made such weakness a standard. “Microsoft is retiring two widely used cryptographic technologies that are growing increasingly vulnerable to attacks,” the article says. Further down the article notes: “The state-sponsored Flame malware that targeted Iran pulled off the only known in-the-wild collision attack earlier this decade. Using a never-before seen technique to subvert the MD5 algorithm, Flame-infected computers were able to pose as official servers belonging to Microsoft. By forging Microsoft’s digital signatures, the infected machines were able to trick uninfected computers into installing highly malicious software they otherwise would have refused. Microsoft has since decommissioned MD5 in its update system. Tuesday’s advisory indicates that the company is aiming to learn from that past incident by retiring SHA1 before it falls to the same type of attack.”

But why not assume that this weakness was the result of complicity (with the NSA) rather than an “incident” or some kind of accident? There are other bits of Microsoft software which gleefully invite the NSA in, e.g. Skype (incidentally, the researcher who showed it could be maliciously exploited has just died in an accident [2]).

We need to accept the fact that a lot of software is insecure by design. It’s designed to give power to particular parties, not the users. It’s an important distinction which helps show why proprietary software oughtn’t be trusted.

In other news, the United States’ “Internet Kill Switch” is back in the headlines [3] and countries like Germany are expected to have something to say [4]. Snowden’s E-mail provider is taking privacy up a notch [5] and Snowden’s leaks are said to be having an impact on privacy perceptions [6] because companies like Facebook [7], Google [8], and of course Microsoft do not protect users’ privacy at all. Facebook is notably worse because it helps the government train face recognition classifiers for people whose friends tag them [9]. In case of protests, for example, activists can be identified and named (which helps those who crush protests or intimidate protesters [10]).

There seems to be a shift motivating encryption of the Web [11] and rejection of proprietary software [12] because privacy rights are being misused [13-16], only making privacy advocates stronger and more popular [17]. In the UK, privacy abuses against foreign leaders [18] have been damaging, but not as damaging as the Streisand Effect caused by the attack on the press and on privacy advocates [19].

Related/contextual items from the news:

  1. Hoping to avert “collision” with disaster, Microsoft retires SHA1
  2. Security researcher Cédric ‘Sid’ Blancher dead at 37

    In 2006, while working for the EADS Corporate Research centre, he also put together a paper on how to exploit Skype to act as a botnet.

  3. EPIC Prevails in FOIA Case About “Internet Kill Switch”

    In a Freedom of Information Act case brought by EPIC against the Department of Homeland Security, a federal court has ruled that the DHS may not withhold the agency’s plan to deactivate wireless communications networks in a crisis. EPIC had sought “Standard Operating Procedure 303,” also known as the “internet Kill Switch,” to determine whether the agency’s plan could adversely impact free speech or public safety.

  4. Germany struggling to respond to NSA revelations
  5. DarkMail Alliance Wants To Upgrade Gmail’s Security
  6. Snowden effect: young people now care about privacy
  7. Friday Shame: Facebook reminds you that your posts are also its ads

    “Ads work the same way and just as with all of the content on Facebook, we show you which of your friends have interacted with something to make it more relevant to you,” Facebook chief privacy officer Erin Egan write in a post posted at 12:05PM ET on Friday

    While Facebook made a point to clarify the new privacy policy, it’s actually changing very little about it — despite all the backlash the changes caused when they were initially introduced.

  8. Google will soon display your Google+ photo when you call an Android phone
  9. US intelligence wants to radically advance facial recognition software

    Identifying people from video streams or boatloads of images can be a daunting task for humans and computers.

  10. EFF Appeals Chevron’s Speech-Chilling Subpoena

    On Halloween of this year, EFF and EarthRights International (ERI) filed an appeal in the Second Circuit (PDF) to protect the rights of dozens of environmental activists, journalists, and attorneys from a sweeping subpoena issued by the Chevron Corporation. And just last week, both the Republic of Ecuador (PDF) and a group consisting of Human Rights Watch, Automattic, a pair of anonymous bloggers, and academics Ethan Zuckerman and Rebecca McKinnon (PDF) filed amicus briefs in support of our appeal.

  11. Internet architects propose encrypting all the world’s web traffic

    A vastly larger percentage of the world’s web traffic will be encrypted under a near-final recommendation to revise the Hypertext Transfer Protocol (HTTP) that serves as the foundation for all communications between websites and end users.

  12. Revenge of the Dragon

    This could spawn migration to GNU/Linux on client and server in governments globally not just a few early adopters like Europe, China, India, Brazil and Russia. By next year there could be dozens of governments making the move. I advised Canada to do that years ago. They might have another idea now that USA is the biggest threat in the world to cybersecurity with documented attacks.

  13. Government Refusing To Say Whether Phone Tracking Evidence Came From Mass Surveillance

    In criminal cases, defendants have a right to know what evidence the government plans to use against them and how the government gathered that evidence. This basic due process principle is essential: it allows defendants to test in court whether law enforcement officers obtained evidence in violation of the Fourth Amendment. But in a new legal brief, the government has refused to confirm or deny whether it relied on constitutionally questionable mass surveillance programs to gather evidence for a criminal prosecution.

  14. Watch live: “They’re watching us: So what?” featuring Greenwald, Schneier, Bamford, Dorfman

    From Pen America, cosponsored by the ACLU and the Fordham Law School Center on National Security, a talk on surveillance with James Bamford, Ariel Dorfman, Glenn Greenwald, and Bruce Schneier.

  15. The Biggest Little CIA Shop You’ve Never Heard Of

    The CIA’s main business is sending operatives abroad to recruit spies and, especially since 9/11, chasing down terrorists for its target-hungry drone pilots. But NR, as it’s known, is the agency’s stay-at-home division. It’s nothing like Homeland, however, with operatives running about with guns in the D.C. suburbs (though its 1960s-era predecessors once spied on antiwar and civil rights activists and recruited Cuban exiles to harass Fidel Castro). It also works with the FBI and NSA in bugging foreign diplomatic missions there.

  16. The Importance of Free Websites

    For me, this has been a perfect illustration of the positive aspects of the web. With the rampart commercialization of the Internet and issues such as advertisers tracking users surfing habits, the NSA’s gathering data on nearly everything that happens online and crackers trying to break into computers at every turn, it’s easy to come to the conclusion that the public network is nothing but a virtual space fraught with danger. But it’s also a place of great promise, as Charlie’s story so aptly demonstrates.

    Twenty years ago, my roommate and her family would not be able to follow the progress being made by Charlie nearly so closely. They would’ve had to rely on bits and pieces of often unreliable, certainly incomplete, information picked up by word of mouth through phone calls. They would not have felt as involved with the situation as they now do either, which is also important.

  17. Silent Mail, FreedomMail or Lavamail. Whatever it’s called, it will offer the same benefits

    Dark Mail alliance is the non-profit group formed by the leaders of Silent Circle and Lavabit.

    Silent Circle offers a suite of secure, communication services, while Lavabit is the secure email provider used by Edward Snowden, the ex-CIA contractor now living in Russia.

  18. GCHQ Monitors Hotel Reservations to Track Diplomats

    Britain’s GCHQ intelligence service monitors diplomats’ travels using a sophisticated automated system that tracks hotel bookings. Once a room has been identified, it opens the door to a variety of spying options.

  19. UK’s reputation is damaged by reaction to Edward Snowden, says UN official
Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Links 31/1/2015: Open Lunchbox, Librem 15 at Around $400,000

    Links for the day



  2. Links 30/1/2015: CERN Adopts 64-bit GNU/Linux, Inkscape 0.91 Released

    Links for the day



  3. Apple- and Microsoft-Friendly Media Continues Attacking Android/Linux

    Some of the latest examples where corporate media (funded and run by large corporation) distorts facts, selectively covers facts, and generally serves to protect the Apple-Microsoft duopolist world view



  4. Qualys Admits That Its Scare Campaign (So-called 'GHOST') Somewhat Baseless

    Even the company that bombarded the media with its "GHOST" nonsense admits that this bug, which was fixed two years ago, does not pose much of a threat



  5. European Unitary Patent and Court System in Trouble

    New resistance to the Unitary Patent amid allegations of misconduct in the European patent authorities



  6. Text of Ruling/Decision Against Željko Topić (Regarding Audi as a Bribe)

    The legal loss of Željko Topić laid bear for the public to see even outside Croatia



  7. Media Coverage of Demonstration Against Jesper Kongstad of the Administrative Council (EPO)

    Last week's EPO demonstration has been covered by Danish media, raising awareness of the "banana republic" state of the EPO



  8. Links 29/1/2015: Android Shipments in 2014 Exceed 1,000,000,000, LibreOffice 4.4 is Out

    Links for the day



  9. Corporate Media, Led Astray by Patent Lawyers, Continues to Distort the Reality of Software Patents Post-Alice

    The press of the rich and the powerful continues its attempt to preserve software patents, despite the US Supreme Court's decision to abolish a lot of them on the basis of abstraction



  10. An Estimated 1,000 EPO Employees-Strong Legion Engulfs Danish Consulate to Protest Jesper Kongstad's (of Administrative Council) Protection of Benoît Battistelli

    A large protest waged by staff of the EPO targets one of the key facilitators of Battistelli's terrifying tyranny



  11. Links 28/1/2015: Ubuntu Touch Windowed Mode, NVIDIA Linux Legacy Drivers Updated

    Links for the day



  12. Breaking: EPO Vice-President Željko Topić Loses Defamation Case in Croatia

    The EPO's notorious Vice-President, whose appointment at the EPO is still raising some alarming questions, has just lost his case in Croatia (one of many cases), motivating us to accelerate coverage about the persona known as Željko Topić



  13. Qualys Starts Self-Promotional FUD Campaign, Naming a Bug That Was Already Fixed 2 Years Ago and Distros Have Covered With Patches

    Responding to the media blitz which paints GNU/Linux as insecure despite the fact that bugs were evidently found and fixed



  14. The Openwashing of Microsoft is Now Threatening to Eliminate the Identity of Free Software

    More openwashing of Microsoft, including in the corporate media, shows just to what great an extent and how quickly the old "Microsoft Open Source" Big Lie grows feet



  15. Links 27/1/2015: Plasma 5.2, Dell Precision With GNU/Linux

    Links for the day



  16. Microsoft's Media Attack on Free Software and GNU/Linux

    Brainwash war is still being waged by Microsoft and its friends to convince people that Windows is universally dominant and that Microsoft is now part of the Free software world



  17. Microsoft Accounting Practices After Fire Again, After Previous Abuses and Book-Cooking

    After the infamous IRS brawl comes another confrontation between Microsoft and the SEC, which is unhappy with Microsoft for seemingly cooking the books again



  18. Links 26/1/2015: Debian 8.0 “Jessie” RC1, Linux Kernel 3.19 RC6

    Links for the day



  19. Links 25/1/2015: Android Wear 5.0, Tizen in Bangladesh

    Links for the day



  20. IRC Proceedings: January 11th, 2015 – January 24th, 2015

    Many IRC logs



  21. Links 24/1/2015: Zenwalk Linux Reviewed, Netrunner 14.1 Released

    Links for the day



  22. The Latest 'Microsoft is Open Source' Propaganda a Parade of Lies

    Microsoft myth makers continue their assault on what is objectively true and try to tell the public that Microsoft is a friend of "Open Source"



  23. Apple -- Like Microsoft -- Not Interested in the Security of Its Operating Systems

    Apple neglected to patch known security flaws in Mac OS X for no less than three months and only did something about that vector of intrusion when the public found out about it



  24. As Battistelli Breaks the Rules and Topić Silences Staff, New European Parliament Petition for Tackling the EPO's Abuses is Needed

    The neglected (by EPO) Article 4a of the European Patent Convention (EPC) and the European Parliament petition/complaint against the EPO's crooked management



  25. Links 23/1/2015: Red Hat on IBM Power, Meizu Leaks With Ubuntu

    Links for the day



  26. Links 23/1/2015: Plasma 5.2, Manjaro 0.9-pre1

    Links for the day



  27. Microsoft is Dying Due to Free Software, Tries to Infect GNU/Linux With .NET and to Infect Moodle in Schools With Microsoft Office and OOXML Lock-in

    'Free' drugs (a proprietary software analogy) the new strategy of Microsoft in its latest battle against Free software, especially in schools where choice is a rarity (if not an impossibility), with the premeditated intention of forming dependency/addiction among young people



  28. Microsoft Symptoms of a Dying Company: More Boosters Depart, Back Doors Revealed, Microsoft's Outlook Cracked

    Bad news for Microsoft shortly before the marketing extravaganza served to cover much of it up



  29. The Collapse of European Patent Office Management Culminates With Resignations

    No blood is spilled, but even the management of the EPO is falling apart as the Director of Internal Communication is said to have just resigned



  30. New LCA Talk: Open Invention Network's Deb Nicholson on Software Patents and Patent Trolls

    Deb Nicholson's LCA talk is now publicly accessible


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts