Windows 10 should be renamed to Spyware OS https://jonathan.porta.codes/2015/07/30/windows-10-seems-to-have-some-scary-privacy-defaults/ …
Home » Posts tagged 'windows'
Tag Archives: windows
24 Hours Later: “Unprecedented” Fallout From “Biggest Ransomware Attack In History”
24 Hours Later: “Unprecedented” Fallout From “Biggest Ransomware Attack In History”
24 hours after it first emerged, it has been called the first global, coordinated ransomware attack using hacking tools developed by the NSA, crippling over a dozen hospitals across the UK, mass transit around Europe, car factories in France and the UK, universities in China, corporations in the US, banks in Russia and countless other mission-critical businesses and infrastructure.
According to experts, “this could be one of the worst-ever recorded attacks of its kind.” The security researcher who tweets and blogs as MalwareTech told The Intercept, “I’ve never seen anything like this with ransomware,” and “the last worm of this degree I can remember is Conficker.” Conficker was a notorious Windows worm first spotted in 2008; it went on to infect over 9 million computers in nearly 200 countries.
The fallout, according to cyber-specialists, has been “unprecedented”: it has left unprepared governments, companies and security experts from China to the United Kingdom on Saturday reeling, and racing to contain the damage from the audacious cyberattack that spread quickly across the globe, raising fears that people would not be able to meet ransom demands before their data are destroyed.
As reported yesterday, the global efforts come less than a day after malicious software, transmitted via email and stolen from the National Security Agency, exposed vulnerabilities in computer systems in almost 100 countries in one of the largest “ransomware” attacks on record. The cyberattackers took over the computers, encrypted the information on them and then demanded payment of $300 or more from users in the form of bitcoin to unlock the devices.
The ransomware was subsequently identified as a new variant of “WannaCry” that had the ability to automatically spread across large networks by exploiting a known bug in Microsoft’s Windows operating system.
…click on the above link to read the rest of the article…
Latest “Shadow Brokers” Leak Reveals NSA Hacked Most Windows Platforms; SWIFT Banks
Latest “Shadow Brokers” Leak Reveals NSA Hacked Most Windows Platforms; SWIFT Banks
One week after the “Shadow Broker” hacker group re-emerged when in a Medium blog post it slammed Donald Trump’s betrayal of his core “base” and the recent attack on Syria, urging Trump to revert to his original promises and not be swept away by globalist and MIC interests, it also released the password which grants access to what Edward Snowden dubbed the NSA’s “Top Secret arsenal of digital weapons”, it has made fresh headlines by releasing data which reportedly reveals that the NSA had hacked the SWIFT banking system of several banks around the globe including in the EU and middle east.
As a reminder, last year the Shadow Brokers claimed to have stolen files from the NSA’s cyber-espionage group known as the Equation Group. After initially putting up the tools up for auction (ultimately nobody was interested in paying the price of 1 million Bitcoin, or around $570 million at the time), Last week, the Shadow Brokers dumped the password for the files they had put up for auction last summer. Missing from last week’s dump were the Windows files they put up for individual auctions over the winter.
Fast forward one week, when on Good Friday the Shadow Brokers dumped a new collection of files, containing what appears to be exploits and hacking tools targeting Microsoft’s Windows OS and evidence the Equation Group had gained access to servers and targeted banks connected to the ubiquitous SWIFT banking system.
The tools were dumped via the Shadow Brokers Twitter account and were accompanied by a new blog post. As Bleeping Computer’s Catalin Cimpanu, who first noticed the release, points out, the blog post is called “Lost in Translation,” and in addition to some premeditated ramblings in broken English…
…click on the above link to read the rest of the article…
Recently Bought a Windows Computer? Microsoft Probably Has Your Encryption Key
RECENTLY BOUGHT A WINDOWS COMPUTER? MICROSOFT PROBABLY HAS YOUR ENCRYPTION KEY
One of the excellent features of new Windows devices is that disk encryption is built-in and turned on by default, protecting your data in case your device is lost or stolen. But what is less well-known is that, if you are like most users and login to Windows 10 using your Microsoft account, your computer automatically uploaded a copy of your recovery key – which can be used to unlock your encrypted disk – to Microsoft’s servers, probably without your knowledge and without an option to opt-out.
During the “crypto wars” of the nineties, the National Security Agency developed an encryption backdoor technology – endorsed and promoted by the Clinton administration – called the Clipper chip, which they hoped telecom companies would use to sell backdoored crypto phones. Essentially, every phone with a Clipper chip would come with an encryption key, but the government would also get a copy of that key – this is known as key escrow – with the promise to only use it in response to a valid warrant. But due to public outcry and the availability of encryption tools like PGP, which the government didn’t control, the Clipper chip program ceased to be relevant by 1996. (Today, most phone calls still aren’t encrypted. You can use the free, open source, backdoorless Signal app to make encrypted calls.)
The fact that new Windows devices require users to backup their recovery key on Microsoft’s servers is remarkably similar to a key escrow system, but with an important difference. Users can choose to delete recovery keys from their Microsoft accounts (you can skip to the bottom of this article to learn how) – something that people never had the option to do with the Clipper chip system. But they can only delete it after they’ve already uploaded it to the cloud.
…click on the above link to read the rest of the article…
The Surveillance State Goes Mainstream: Windows 10 Is Watching (& Logging) Everything
The Surveillance State Goes Mainstream: Windows 10 Is Watching (& Logging) Everything
If Edward Snowden’s patriotic exposure of all things ‘super secret surveillance state’ in America were not enough, Newsweek reports that, as 10s of millions of hungry PC users download the free upgrade, Windows 10 is watching – and logging and sharing – everything users do… and we mean everything.
More than 14 million devices are already running Microsoft’s Windows 10 after its global launch on Wednesday, but it’s unclear how many of their users read the company’s Privacy Policy and Service Agreement before downloading. Tucked away in the 45 pages’ worth of terms and conditions (effective August 1) is a substantial power grab: The company is collecting data on much of what you do while using its new software.From the moment an account is created, Microsoft begins watching. The company saves customers’ basic information – name, contact details, passwords, demographic data and credit card specifics – but it also digs a bit deeper.
Other information Microsoft saves includes Bing search queries and conversations with the new digital personal assistant Cortana; contents of private communications such as email; websites and apps visited (including features accessed and length of time used); and contents of private folders. Furthermore, “your typed and handwritten words are collected,” the Privacy Statement says, which many online observers liken to a keylogger.
…click on the above link to read the rest of the article…
Microsoft Gives Details About Its Controversial Disk Encryption
Recently, I wrote a guide explaining how to encrypt your laptop’s hard drive and why you should do so. For the benefit of Windows users, I gave instructions for turning on BitLocker, Microsoft’s disk encryption technology.
This advice generated an immediate backlash in the comments section underneath the post, where readers correctly pointed out that BitLocker has been criticized by security experts for a number of real and potential shortcomings. For example, BitLocker’s source code is not available for inspection, which makes it particularly vulnerable to “backdoors,” security holes intentionally placed to provide access to the government or others. In addition, BitLocker’s host operating system, Microsoft Windows, provides an algorithm for generating random numbers, including encryption keys, that is known to have been backdoored by government spies, and which the company’s own engineers flagged as potentially compromised nearly eight years ago. BitLocker also lost a key component for hardening its encryption, known as the “Elephant diffuser,” in the latest major version of Windows. And Microsoft has reportedly worked hand-in-glove with the government to provide early access to bugs in Windows and to customer data in its Skype and Outlook.com products.
Even having known about these issues, I still believed BitLocker was the best of several bad options for Windows users; I’ll explain my reasoning on this later.
But in the meantime, something interesting has happened: Microsoft, after considerable prodding, provided me with answers to some longstanding questions about BitLocker’s security. The company told me which random number generator BitLocker uses to generate encryption keys, alleviating concerns about a government backdoor in that subsystem; it explained why it removed the Elephant diffuser, citing worries over performance and compatibility that will appease some, but certainly not all, concerned parties; and it said that the government-compromised algorithm it bundles with Windows to generate encryption keys is, by default, not used at all.
…click on the above link to read the rest of the article…
