EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

11.18.13

NSA-Created Malware Used Politically and Relied on Microsoft-Provided Back Doors/Weak Encryption

Posted in Action, Microsoft at 5:11 am by Dr. Roy Schestowitz

Hardware

Summary: A roundup of privacy-related news, with special focus on the role played by proprietary software in political espionage

SINCE Microsoft and the NSA are so close and we already know about NSA attempts to put back doors in operating systems, it should not be surprising that Microsoft Windows has a back door (more likely sevral) and Stuxnet was made possible to devise/deploy on Windows. Based on some news from Ars Technica [1], now that a lot of this shocking information is out there, Microsoft is trying to shift away from weak encryption (or breakable encryption), but it’s likely to be too late because Microsoft made such weakness a standard. “Microsoft is retiring two widely used cryptographic technologies that are growing increasingly vulnerable to attacks,” the article says. Further down the article notes: “The state-sponsored Flame malware that targeted Iran pulled off the only known in-the-wild collision attack earlier this decade. Using a never-before seen technique to subvert the MD5 algorithm, Flame-infected computers were able to pose as official servers belonging to Microsoft. By forging Microsoft’s digital signatures, the infected machines were able to trick uninfected computers into installing highly malicious software they otherwise would have refused. Microsoft has since decommissioned MD5 in its update system. Tuesday’s advisory indicates that the company is aiming to learn from that past incident by retiring SHA1 before it falls to the same type of attack.”

But why not assume that this weakness was the result of complicity (with the NSA) rather than an “incident” or some kind of accident? There are other bits of Microsoft software which gleefully invite the NSA in, e.g. Skype (incidentally, the researcher who showed it could be maliciously exploited has just died in an accident [2]).

We need to accept the fact that a lot of software is insecure by design. It’s designed to give power to particular parties, not the users. It’s an important distinction which helps show why proprietary software oughtn’t be trusted.

In other news, the United States’ “Internet Kill Switch” is back in the headlines [3] and countries like Germany are expected to have something to say [4]. Snowden’s E-mail provider is taking privacy up a notch [5] and Snowden’s leaks are said to be having an impact on privacy perceptions [6] because companies like Facebook [7], Google [8], and of course Microsoft do not protect users’ privacy at all. Facebook is notably worse because it helps the government train face recognition classifiers for people whose friends tag them [9]. In case of protests, for example, activists can be identified and named (which helps those who crush protests or intimidate protesters [10]).

There seems to be a shift motivating encryption of the Web [11] and rejection of proprietary software [12] because privacy rights are being misused [13-16], only making privacy advocates stronger and more popular [17]. In the UK, privacy abuses against foreign leaders [18] have been damaging, but not as damaging as the Streisand Effect caused by the attack on the press and on privacy advocates [19].

Related/contextual items from the news:

  1. Hoping to avert “collision” with disaster, Microsoft retires SHA1
  2. Security researcher Cédric ‘Sid’ Blancher dead at 37

    In 2006, while working for the EADS Corporate Research centre, he also put together a paper on how to exploit Skype to act as a botnet.

  3. EPIC Prevails in FOIA Case About “Internet Kill Switch”

    In a Freedom of Information Act case brought by EPIC against the Department of Homeland Security, a federal court has ruled that the DHS may not withhold the agency’s plan to deactivate wireless communications networks in a crisis. EPIC had sought “Standard Operating Procedure 303,” also known as the “internet Kill Switch,” to determine whether the agency’s plan could adversely impact free speech or public safety.

  4. Germany struggling to respond to NSA revelations
  5. DarkMail Alliance Wants To Upgrade Gmail’s Security
  6. Snowden effect: young people now care about privacy
  7. Friday Shame: Facebook reminds you that your posts are also its ads

    “Ads work the same way and just as with all of the content on Facebook, we show you which of your friends have interacted with something to make it more relevant to you,” Facebook chief privacy officer Erin Egan write in a post posted at 12:05PM ET on Friday

    While Facebook made a point to clarify the new privacy policy, it’s actually changing very little about it — despite all the backlash the changes caused when they were initially introduced.

  8. Google will soon display your Google+ photo when you call an Android phone
  9. US intelligence wants to radically advance facial recognition software

    Identifying people from video streams or boatloads of images can be a daunting task for humans and computers.

  10. EFF Appeals Chevron’s Speech-Chilling Subpoena

    On Halloween of this year, EFF and EarthRights International (ERI) filed an appeal in the Second Circuit (PDF) to protect the rights of dozens of environmental activists, journalists, and attorneys from a sweeping subpoena issued by the Chevron Corporation. And just last week, both the Republic of Ecuador (PDF) and a group consisting of Human Rights Watch, Automattic, a pair of anonymous bloggers, and academics Ethan Zuckerman and Rebecca McKinnon (PDF) filed amicus briefs in support of our appeal.

  11. Internet architects propose encrypting all the world’s web traffic

    A vastly larger percentage of the world’s web traffic will be encrypted under a near-final recommendation to revise the Hypertext Transfer Protocol (HTTP) that serves as the foundation for all communications between websites and end users.

  12. Revenge of the Dragon

    This could spawn migration to GNU/Linux on client and server in governments globally not just a few early adopters like Europe, China, India, Brazil and Russia. By next year there could be dozens of governments making the move. I advised Canada to do that years ago. They might have another idea now that USA is the biggest threat in the world to cybersecurity with documented attacks.

  13. Government Refusing To Say Whether Phone Tracking Evidence Came From Mass Surveillance

    In criminal cases, defendants have a right to know what evidence the government plans to use against them and how the government gathered that evidence. This basic due process principle is essential: it allows defendants to test in court whether law enforcement officers obtained evidence in violation of the Fourth Amendment. But in a new legal brief, the government has refused to confirm or deny whether it relied on constitutionally questionable mass surveillance programs to gather evidence for a criminal prosecution.

  14. Watch live: “They’re watching us: So what?” featuring Greenwald, Schneier, Bamford, Dorfman

    From Pen America, cosponsored by the ACLU and the Fordham Law School Center on National Security, a talk on surveillance with James Bamford, Ariel Dorfman, Glenn Greenwald, and Bruce Schneier.

  15. The Biggest Little CIA Shop You’ve Never Heard Of

    The CIA’s main business is sending operatives abroad to recruit spies and, especially since 9/11, chasing down terrorists for its target-hungry drone pilots. But NR, as it’s known, is the agency’s stay-at-home division. It’s nothing like Homeland, however, with operatives running about with guns in the D.C. suburbs (though its 1960s-era predecessors once spied on antiwar and civil rights activists and recruited Cuban exiles to harass Fidel Castro). It also works with the FBI and NSA in bugging foreign diplomatic missions there.

  16. The Importance of Free Websites

    For me, this has been a perfect illustration of the positive aspects of the web. With the rampart commercialization of the Internet and issues such as advertisers tracking users surfing habits, the NSA’s gathering data on nearly everything that happens online and crackers trying to break into computers at every turn, it’s easy to come to the conclusion that the public network is nothing but a virtual space fraught with danger. But it’s also a place of great promise, as Charlie’s story so aptly demonstrates.

    Twenty years ago, my roommate and her family would not be able to follow the progress being made by Charlie nearly so closely. They would’ve had to rely on bits and pieces of often unreliable, certainly incomplete, information picked up by word of mouth through phone calls. They would not have felt as involved with the situation as they now do either, which is also important.

  17. Silent Mail, FreedomMail or Lavamail. Whatever it’s called, it will offer the same benefits

    Dark Mail alliance is the non-profit group formed by the leaders of Silent Circle and Lavabit.

    Silent Circle offers a suite of secure, communication services, while Lavabit is the secure email provider used by Edward Snowden, the ex-CIA contractor now living in Russia.

  18. GCHQ Monitors Hotel Reservations to Track Diplomats

    Britain’s GCHQ intelligence service monitors diplomats’ travels using a sophisticated automated system that tracks hotel bookings. Once a room has been identified, it opens the door to a variety of spying options.

  19. UK’s reputation is damaged by reaction to Edward Snowden, says UN official
Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Links 20/4/2018: Atom 1.26, MySQL 8.0

    Links for the day



  2. Links 19/4/2018: Mesa 17.3.9 and 18.0.1, Trisquel 8.0 LTS Flidas, Elections for openSUSE Board

    Links for the day



  3. The Patent Microcosm, Patent Trolls and Their Pressure Groups Incite a USPTO Director Against the Patent Trial and Appeal Board (PTAB) and Section 101/Alice

    As one might expect, the patent extremists continue their witch-hunt and constant manipulation of USPTO officials, whom they hope to compel to become patent extremists themselves (otherwise those officials are defamed, typically until they're fired or decide to resign)



  4. Microsoft's Lobbying for FRAND Pays Off as Microsoft-Connected Patent Troll Conversant (Formerly MOSAID) Goes After Android OEMs in Europe

    The FRAND (or SEP) lobby seems to have caused a lot of monopolistic patent lawsuits; this mostly affects Linux-powered platforms such as Android, Tizen and webOS and there are new legal actions from Microsoft-connected patent trolls



  5. To Understand Why People Say That Lawyers are Liars Look No Further Than Misleading Promotion of Software Patents

    Some of the latest misleading claims from the patent microcosm, which is only interested in lots and lots of patents (its bread and butter is monopolies after all) irrespective of their merit, quality, and desirability



  6. When News About the EPO is Dominated by Sponsored 'Reports' and Press Releases Because Publishers Are Afraid of (or Bribed by) the EPO

    The lack of curiosity and genuine journalism in Europe may mean that serious abuses (if not corruption) will go unreported



  7. The Boards of Appeal at the European Patent Organisation (EPO) Complain That They Are Understaffed, Not Just Lacking the Independence They Depend on

    The Boards of Appeal have released a report and once again they openly complain that they're unable to do their job properly, i.e. patent quality cannot be assured



  8. Links 18/4/2018: New Fedora 27 ISOs, Nextcloud Wins German Government Contract

    Links for the day



  9. Guest Post: Responding to Your Recent Posting “The European Patent Office Will Never Hold Its Destroyers Accountable”

    In France, where Battistelli does not enjoy diplomatic immunity, he can be held accountable like his "padrone" recently was



  10. The EPO in 2018: Partnering With Saudi Arabia and Cambodia (With Zero European Patents)

    The EPO's status in the world has declined to the point where former French colonies and countries with zero European Patents are hailed as "success stories" for Battistelli



  11. For Samsung and Apple the Biggest Threat Has Become Patent Trolls and Aggressors in China and the Eastern District of Texas, Not Each Other

    The latest stories about two of the world's largest phone OEMs, both of which find themselves subjected to a heavy barrage of patent lawsuits and even embargoes; Samsung has meanwhile obtained an antisuit injunction against Huawei



  12. The EPO Continues to Lie About Patent Quality Whilst Openly Promoting Software Patents, Even Outside Europe

    EPO patent quality continues to sink while EPO management lies about it and software patents are openly being promoted/advocatedEPO patent quality continues to sink while EPO management lies about it (the article above is new) and software patents are openly being promoted/advocated



  13. SCOTUS on WesternGeco v Ion Geophysical Almost Done; Will Oil States Decision Affirm the PTAB's Quality Assurance (IPRs) Soon?

    Ahead of WesternGeco and Oil States, following oral proceedings, it's expected that the highest court in the United States will deliver more blows to patent maximalism



  14. Links 17/4/2018: Linux 5.x Plans and Microsoft's 'Embrace'

    Links for the day



  15. The European Patent Office (EPO) Grants Patents in Error, Insiders Are Complaining That It's the Management's Fault

    The EPO has languished to the point where patents are granted in error, examiners aren't happy, and the resultant chaos benefits no-one but lawyers and patent trolls



  16. The European Patent Office Will Never Hold Its Destroyers Accountable

    With only one in seven EPO stakeholders believing that Battistelli's pick (António Campinos) will turn things around for the better, it certainly does not seem like people are happy and there's no real hope that Battistelli will ever be held accountable for his abuses after his immunity expires



  17. With Liars Like These...

    The European Patent Office continues to lie about the Unified Patent Court (UPC) amongst other things, still revealing its reluctance to say anything which is truthful or work to repair the damage caused by Benoît Battistelli



  18. Links 16/4/2018: Linux 4.17 RC 1, Mesa 18.0.1 RC, GNOME 3.28.1

    Links for the day



  19. IAM, Patently-O and Watchtroll (the Patent Trolls' Lobby) Try to Stop Patent Oppositions/Petitions (PTAB)

    In spite of fee hikes, introduced by Iancu's interim predecessor, petitions (IPRs) at the PTAB continue to grow in number and the patent maximalists are losing their minds over it



  20. The Patent Trial and Appeal Board (PTAB) is Ending Software Patents One Patent at a Time

    At an accelerating pace and with growing determination, PTAB (part of AIA) crushes patent trolls and software patents; the statistics and latest stories speak for themselves



  21. Academics and Think Tanks for Patent Maximalism

    Right-wing think tanks and impressionable academics continue to lobby for patent maximalism, rarely revealing the funding sources and motivations; in reality, however, such maximalism mainly helps large (already-wealthy) corporations, monopolists, and law firms



  22. Killing Patent Quality and Encouraging 'Covert' Software Patents Using the Buzzwords Du Jour

    The epidemic of buzzwords and/or hype waves that are being exploited to dodge or bypass patent scope/limitations, as seen in Europe and the US these days



  23. Crisis of Quality at the EPO Extends to Staff (Notably Examiners) and Management as Institutional Integrity is Severely Compromised

    A rather pessimistic but likely realistic outlook for the European Patent Office (EPO), which seems unable to attract the sort of staff it attracted for a number of decades



  24. The 'Blockchaining' of Software Patents (to Dodge the Rules/Guidelines) Now Coming to Europe

    A lot of software patents are being declared invalid (or not granted in the first place); having said that, using all sorts of hype waves (like calling databases “blockchains”) firms and individuals manage to still be granted software patents and sometimes patent trolls hoard these



  25. Links 14/4/2018: Wine 3.6, KDE Elisa 0.1

    Links for the day



  26. East Asia Should Have Adopted the Patent Strategy of South Asia, Notably India

    China seems to be so interested in patent maximalism that it has lost sight of the effect on foreign investment, e.g. US/European/Taiwanese/Japanese/Korean firms operating/manufacturing in mainland China



  27. Samsung is the 'New IBM', Sans the Trolling With Patents

    The 'relic' company, IBM, loses its patent leadership (as measured using some yardstick) to Samsung, a company which is relatively calm when it comes to patent activity (unless/only when sued, as happens a lot nowadays)



  28. David Barcelou May or May Not be a Patent Troll, But He is Certainly a SLAPPing Bully and Watchtroll is Fine With It

    Like a thin-skinned person/entity (which many in the patent microcosm are), David Barcelou and Automated Transactions (“ATL”) SLAPP their critics and surprisingly enough it's Watchtroll, who has been threatened by WIPO, coming to the bully's rescue (double standards)



  29. Links 12/4/2018: Stable New Kernels, Neptune 5.1

    Links for the day



  30. The USPTO Has a Nepotism and Lobbying Problem That Jeopardises the Rationality of US Patent Law

    The influence games of Washington are spilling over to the US patent office and poisoning/harming its ability to conduct professional operations without corporate influence (from either side, both corporations and law firms)


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts