Article 43
Microsoft And Windows
Thursday, April 22, 2021
Legalized Hacking 2
Judge Rules FBI Can Hack Into Exchange Servers
By Trevor Collins
Security Simplified
April 21, 2021
For the last few months, we have seen Exchange Servers fall to vulnerabilities from the HAFNIUN attacks. Even after Microsoft released patches for the serious flaws, we continue to see attacks on Exchange Servers and hear of more Exchange Servers becoming compromised. This shouldnt be news as many publications including our own have covered these vulnerabilities extensively. Additionally, Microsoft released their patches over a month ago. Yet in a recent report the FBI has found many compromised Exchange servers that still have various threat actor’s webshells installed.
Last week though, THE FBI took it a step further. In a court-approved action, the FBI identified compromised servers, connected to the servers through the webshell, and removed the malicious webshell left behind by the original threat actors. We can easily criticize the administrators who have allowed their exchange servers to stay compromised for so long, but it doesn’t excuse the FBI from connecting into these exchange servers. They don’t need individual warrants to connect to these devices according to the previously SEALED COURT DOCUMENT. This gives precedent for the FBI to access any server and make changes on these servers with just a blanket warrant. I see this as a clear violation of property rights. One could argue that the FBI helped fix the server, but property rights don’t have a stipulation that the government can access your property if they intend to help you. For example, if somebody put graffiti on the side of a business, the FBI does not have the right to cover over the graffiti without the owner’s permission.
Administrators choose their software based on the features and security it provides. A Microsoft Exchange Server and the host operating system protects the server from any unauthorized change. When we buy the software, we expect that only authorized users can make changes on the servers and unauthorized users cannot. This creates a requirement for explicit permission for access. If you must bypass the normal expected route to make changes on the Exchange Server, then you do not have explicit permission to make these changes from the owner. The FBI has performed similar attacks in the past with the Coreflood botnet. This time though, it looks like they connected directly into the Exchange Server to delete the webshell where in comparison they removed Coreflood by sending a command to delete itself from the command and control infrastructure they had previously taken over.
Ultimately the court did not agree with me and gave an excessively wide warrant to the FBI. They could have asked for a warrant to identify the owners of the servers, but they didnt do this as far as we know. We have no way of knowing exactly how the FBI did this or what IP addresses they used.
The good news is, you can protect yourself from this happening to you by keeping your infrastructure secure in the first place. Protect your servers by ensuring they are updated. More importantly though, the FBI shouldn’t access servers they don’t own and haven’t actually committed a crime.
Section Privacy And Rights • Section Microsoft And Windows •
View (0) comment(s) or add a new one •
Printable view • Link to this article •
Home •
Tuesday, June 04, 2019
Still Looking For Reasons To Keep Away From Windows? Part 22
Russia’s Would-Be Windows Replacement Gets a Security Upgrade
By Patrick Tucker
Defense One
May 28, 2019
For sensitive communications, the Russian government aims to replace the ubiquitous Microsoft operating system with a bespoke flavor of Linux, a sign of the country’s growing IT independence.
For the first time, Russia has granted its highest security rating to a domestically developed operating system deeming ASTRA LINUX suitable for communications of “special importance” across the military and the rest of the government. The designation clears the way for Russian intelligence and military workers who had been using Microsoft products on office computers to use Astra Linux instead.
There is hope that the domestic OS [operating system] will be able to replace the Microsoft product. “Of course, this is good news for the Russian market,” said German Klimenko, former IT advisor to Russian President Vladimir Putin and chairman of the board of Russia’s Digital Economy Development Fund, a venture capital fund run by the government. Klimenko spoke to the Russian newspaper Izvestia on Friday.
Although Russian officials used Windows for secure communications, they heavily modified the software and subjected Windows-equipped PCs to lengthy and rigorous security checks before putting the computers in use. The testing and analysis was to satisfy concerns that vulnerabilities in MICROSOFT OPERATING SYSTEMS could be patched to prevent hacking from countries like the United States. Such evaluations could take three years, according to the newspaper.
A variant of the popular Linux open-source operating system, Astra Linux has been developed over the past decade by Scientific/Manufacturing Enterprise Rusbitech. In January 2018, the Russian Ministry of Defense said it intended to switch to Astra Linux as soon as it met the necessary security standards. Before that, the software had been on some automated control systems, such as the kind sometimes found on air defense systems and some airborne computer systems.
It’s another example of Russia’s self-imposed IT exile, along with the efforts to disconnect the country from the global Internet by 2021 and to create its own domain name service.
“The Russian government doesn’t trust systems developed by foreign companies to handle sensitive data, due to fears of espionage through those systems,"” said Justin Sherman, Cybersecurity Policy Fellow at New America. Using domestically produced technologies to manage sensitive data is just another component of the Kremlin’s broader interest in exercising more autonomy over the digital machines and communications within its borders.
Sam Bendett, research analyst with the “Center for Naval Analyses” International Affairs Group, said, One of the main sticking points for the Russian government was the fact that imported operating systems had vulnerabilities and back doors that Moscow thought could be exploited by international intelligence agencies. This is essentially Russia ensuring its cybersecurity against potential intrusions.
It’s unsurprising that Moscow distrusts Microsoft software, given that Russian-developed malware, like the NotPetya virus used against energy targets in Ukraine, exploits vulnerabilities in Windows.
Sherman says that while the Russian government may find Astra Linux a suitable substitute for Windows, its not a serious competitor anyplace else. There’s no particular reason for others to use this bespoke variant of Linux. Also suspicion of Russian software has been rising internationally. The country’s most successful and recognized software company, Kaspersky, can no longer sell its wares to the U.S. government. Last May, the cybersecurity firm opened a “transparency lab” in Switzerland in an attempt to assuage jittery European customers.
“If this operating system were to be marketed outside of Russia, the prospects likely aren’t great,” Sherman said. Astra Linux doesn’t exactly have worldwide foothold compared to the systems its replacing within Russia, and this is only compounded by the fact that just as the Russian government has security concerns about software made in other countries - Other countries may very well have security concerns about using software made in Russia and endorsed by the Russian government.
But, says Bendett, a potential client list for Russian software does exist outside of Russia, just as there is for Russian anti-aircraft systems. “There is a growing list of nations that will probably want to have its main government and military systems run on an OS from a nation more friendly to their interest like Syria.. or other countries where Russia is seeking to make inroads. So the possibility for export definitely exists.”
Section Privacy And Rights • Section Microsoft And Windows •
View (0) comment(s) or add a new one •
Printable view • Link to this article •
Home •
Sunday, August 02, 2015
Still Looking For Reasons To Keep Away From Windows? Part 21
![]()
Microsoft collects information about you, your devices, applications and networks, and your use of those devices, applications and networks. Examples of data we collect include your name, email address, preferences and interests; browsing, search and file history; phone call and SMS data; device configuration and sensor data; and application usage.
Windows 10 spies on you by default
By Shannon Stapleton
Reuters
July 31, 2015
Microsoft’s new Windows 10 operating system is immensely popular, with 14 million downloads in just two days. The price of the free upgrade may just be your privacy, though, as changing Windows 10’s intrusive default settings is difficult.
Technology journalists and bloggers are singing Windows 10s praises, often using the words such as “amazing,” “glorious” and “fantastic.” The operating system has been described as faster, smoother and more user-friendly than any previous version of Windows. According to Wired magazine, more than 14 million people have DOWNLOADED their upgrade since the system was released on Wednesday.
While the upgrade is currently free of charge to owners of licensed copies of Windows 8 and Windows 7, it does come at a price. Several tech bloggers have warned that the privacy settings in the operating system are invasive by default, and that changing them involves over a dozen different screens and an external website.
According to Zach Epstein of BGR News, all of Windows 10s features that could be considered invasions of privacy are enabled by default. Signing in with your Microsoft email account means Windows is reading your emails, contacts and calendar data. The new Edge browser serves you personalized ads. Solitaire now comes with ads. Using Cortana - the voice-driven assistant that represents Redmond’s answer to Apple’s Siri - reportedly “plays fast and loose with your data.”
“I am pretty surprised by the far-reaching data collection that Microsoft seems to want,” web developer Jonathan Porta wrote on his blog. “I am even more surprised by the fact that the settings all default to incredibly intrusive. I am certain that most individuals will just accept the defaults and have no idea how much information they are giving away.”
As examples, Porta cited Microsoft having access to contacts, calendar details, and"other associated input data” such as “typing” and “inking” by default. The operating system also wants access to user locations and location history, both of which could be provided not just to Microsoft, but to its “trusted partners.”
“Who are the trusted partners? By whom are they trusted? I am certainly not the one doing any trusting right now,” Porta wrote, describing the default privacy options as “vague and bordering on scary.”
Alec Meer of the “Rock, Paper, Shotgun” blog POINTED OUT this passage in Microsoft’s 12,000-word, 45-page terms of use agreement:
“We will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to.”
While most people are used to ads as the price of accessing free content, writes Meer, Microsoft is not making it clear enough that they are gathering and storing vast amounts of data on your computing habits,ԓ not just browser data.
Opting out of all these default settings requires navigating 13 different screens and a separate website, the bloggers have found.
Meer was underwhelmed with Microsoft executives claims of transparency and easily understandable terms of use. ԒThere is no world in which 45 pages of policy documents and opt-out settings split across 13 different Settings screens and an external website constitutes real transparency,ӑ he wrote.
Tracking and harvesting user data has been a business model for many tech giants. Privacy advocates have raised concerns over GoogleҔs combing of emails, Apples Siri, and FacebookҒs tracking cookies that keep monitoring peoples browser activity in order to personalize advertising and content.
Section Privacy And Rights • Section Microsoft And Windows •
View (0) comment(s) or add a new one •
Printable view • Link to this article •
Home •
Saturday, June 22, 2013
Looking For A Reason Not to Buy An Xbox?
New Xbox by NSA partner Microsoft will watch you 24/7
Daily Caller
June 7, 2013
Possible privacy violations by Microsoft’s upcoming Xbox One have come under new scrutiny since it was revealed Thursday that the tech giant was a crucial partner in an expansive Internet surveillance program conducted by the National Security Agency and involving Silicon Valley’s biggest players.
7, 2013
One of the consoles key features is the full integration of the Kinect, a motion sensing camera that allows users to play games, scroll through menus, and generally operate the Xbox just using hand gestures. Microsoft has touted the camera as the hallmark of a new era of interactivity in gaming.
What Microsoft has not promoted, however, is the fact that you WILL NOT BE ABLE TO POWER ON THE CONSOLE without first enabling the Kinect, designed to detect both heartbeats and eye movement. and positioning yourself in front of it.
Disturbingly, a RECENTLY PUBLISHED Microsoft patent reveals the Kinect has the capability to determine exactly when users are viewing ads broadcast by the Xbox through its eye movement tracking. Consistent ad viewers would be granted rewards, according to the patent.
Perhaps the feature most worrysome to privacy advocates is the REQUIREMENT THAT THE XBOX CONNECT TO THE INTERNET at least once every 24 hours. Many critics have asserted that Microsoft will follow the lead of other Silicon Valley companies and use their console to gather data about its users, particularly through the Kinect, and collect it through the online connection users can’t avoid.
Microsoft has promised that customers will be able to pause the cameras function, but have put off questions on the precise specifics of their privacy policies.
Section Privacy And Rights • Section Microsoft And Windows •
View (0) comment(s) or add a new one •
Printable view • Link to this article •
Home •
Saturday, June 08, 2013
Still Looking For Reasons To Keep Away From Windows? Part 20
How NSA access was built into Windows
By Duncan Campbell
Heise Security
April 4, 1999
A careless mistake by Microsoft programmers has revealed that special access codes prepared by the US National Security Agency have been secretly built into Windows. The NSA access system is built into every version of the Windows operating system now in use, except early releases of Windows 95 (and its predecessors). The discovery comes close on the heels of the revelations earlier this year that another US software giant, LOTUS, had built an NSA “help information” trapdoor into its Notes system, and that security functions on other software systems had been deliberately crippled.
The first discovery of the new NSA access system was made two years ago by British researcher Dr Nicko van Someren. But it was only a few weeks ago when a second researcher rediscovered the access system. With it, he found the evidence linking it to NSA.
Computer security specialists have been aware for two years that unusual features are contained inside a standard Windows software “driver” used for security and encryption functions. The driver, called ADVAPI.DLL, enables and controls a range of security functions. If you use Windows, you will find it in the C:\Windows\system directory of your computer.
ADVAPI.DLL works closely with Microsoft Internet Explorer, but will only run cryptographic functions that the US governments allows Microsoft to export. That information is bad enough news, from a European point of view. Now, it turns out that ADVAPI will run special programmes inserted and controlled by NSA. As yet, no-one knows what these programmes are, or what they do.
Dr Nicko van Someren reported at last year’s Crypto 98 conference that he had disassembled the ADVADPI driver. He found it contained two different keys. One was used by Microsoft to control the cryptographic functions enabled in Windows, in compliance with US export regulations. But the reason for building in a second key, or who owned it, remained a mystery.
A second key
Two weeks ago, a US security company came up with conclusive evidence that the second key belongs to NSA. Like Dr van Someren, Andrew Fernandez, chief scientist with Cryptonym of Morrisville, North Carolina, had been probing the presence and significance of the two keys. Then he checked the latest Service Pack release for Windows NT4, Service Pack 5. He found that Microsoft’s developers had failed to remove or “strip” the debugging symbols used to test this software before they released it. Inside the code were the labels for the two keys. One was called “KEY”. The other was called “NSAKEY”.
Fernandes reported his re-discovery of the two CAPI keys, and their secret meaning, to “Advances in Cryptology, Crypto’99” conference held in Santa Barbara. According to those present at the conference, Windows developers attending the conference did not deny that the “NSA” key was built into their software. But they refused to talk about what the key did, or why it had been put there without users’ knowledge.
A third key?!
But according to two witnesses attending the conference, even Microsoft’s top crypto programmers were astonished to learn that the version of ADVAPI.DLL shipping with Windows 2000 contains not two, but three keys. Brian LaMachia, head of CAPI development at Microsoft was “stunned” to learn of these discoveries, by outsiders. The latest discovery by Dr van Someren is based on advanced search methods which test and report on the “entropy” of programming code.
Within the Microsoft organisation, access to Windows source code is said to be highly compartmentalized, making it easy for modifications to be inserted without the knowledge of even the respective product managers.
Researchers are divided about whether the NSA key could be intended to let US government users of Windows run classified cryptosystems on their machines or whether it is intended to open up anyone’s and everyone’s Windows computer to intelligence gathering techniques deployed by NSA’s burgeoning corps of “information warriors”.
According to Fernandez of Cryptonym, the result of having the secret key inside your Windows operating system “is that it is tremendously easier for the NSA to load unauthorized security services on all copies of Microsoft Windows, and once these security services are loaded, they can effectively compromise your entire operating system”. The NSA key is contained inside all versions of Windows from Windows 95 OSR2 onwards.
“For non-American IT managers relying on Windows NT to operate highly secure data centres, this find is worrying”, he added. “The US government is currently making it as difficult as possible for “strong” crypto to be used outside of the US. That they have also installed a cryptographic back-door in the world’s most abundant operating system should send a strong message to foreign IT managers”.
“How is an IT manager to feel when they learn that in every copy of Windows sold, Microsoft has a ‘back door’ for NSA - making it orders of magnitude easier for the US government to access your computer?” he asked.
Can the loophole be turned round against the snoopers?
Dr van Someren feels that the primary purpose of the NSA key inside Windows may be for legitimate US government use. But he says that there cannot be a legitimate explanation for the third key in Windows 2000 CAPI. “It looks more fishy”, he said.
Fernandez believes that NSA’s built-in loophole can be turned round against the snoopers. The NSA key inside CAPI can be replaced by your own key, and used to sign cryptographic security modules from overseas or unauthorised third parties, unapproved by Microsoft or the NSA. This is exactly what the US government has been trying to prevent. A demonstration “how to do it” program that replaces the NSA key can be FOUND on Cryptonym’s WEBSITE.
According to one leading US cryptographer, the IT world should be thankful that the subversion of Windows by NSA has come to light before the arrival of CPUs THAT HANDLES ENCRYPTED INSTRUCTION SETS. These would make the type of discoveries made this month impossible. “Had the next-generation CPU’s with encrypted instruction sets already been deployed, we would have never found out about NSAKEY.”
Section Privacy And Rights • Section Microsoft And Windows •
View (0) comment(s) or add a new one •
Printable view • Link to this article •
Home •