Why We Can No Longer Trust Microsoft(pcmag.com) |
Why We Can No Longer Trust Microsoft(pcmag.com) |
This seems to imply using Office, like in Word/Excel?, somehow poses a privacy risk. Is that true? And how exactly?
That is a very close minded way to look at things. Closed Source does not always = Evil and Opensource does not always = Secure. Competition and choices should always be sought for. Without competition, stagnation is as prevalent in open-source community as in closed source. I rather have the right to choose between a Mac, Windows or a Linux variant than someone making the choice for me.
So the problem is perpetuated - windows is the only platform that is basically guarenteed to have a market. So as a user of software, you'd stick to windows, and as a maker of software, you'd stick to making software for windows. Other platform is almost an afterthought. Unless web based software radically changes (i need to unzip a file - what web based software will do that for me?), this will not change.
There are probably other services/tools, because technically, there's nothing stopping you from unzipping files in the cloud, or in web based software. It's just the matter of uploading something and then downloading the content after it's been unzipped on the remote server. So it's just more expensive in terms of network traffic.
The availability of the tools that do that, other than Google Docs, is another thing. Honestly wouldn't know, don't recall ever needing it before.
/me checks byline.
Holy crap. Yeah, I remember when Dvorak was quite the Microsoft fanboi.
My how times change.
I have a feeling had Apple been first on board rather than last the journalist would argue that Microsoft were evil for not complying with a government request and that Apple clearly had the vision to help the nation's security, but maybe that's just me?
The problem here is the divide between national government and international corporations, where the corporations' actions influence far more people than the direct actions of the national government.
I cannot exert any influence over a government that isn't mine, but I can decide which companies I support and entrust with my data and business. Your dichotomy of government vs company is therefore not correct. I can (and should) be upset about both.
Crazy. I've been trusting Microsoft all this time, and now, what to do!?!
LOL. Who was dumb enough to have ever trusted them?
Apple, on the other hand, could have come out smelling like a rose, but following the death of Steve Jobs, who apparently refused to play ball with the NSA, it stupidly jumped on board to join the PRISM club.
According to the Prism slides, it really looks so:
"Dates when Prism collection began for each provider
Microsoft 9/11/07
Yahoo 3/12/08
Google 1/14/09
Facebook 6/3/09
PalTalk 12/07/09
YouTube 9/24/10
Skype 2/6/11
AOL 3/31/11
Apple (added Oct 2012)"
If it's true, it's one reason more to deeply admire him.
And can you just imagine how much more sales Apple would get now for not being on that list?
What you're seeing in Putin is the ability to be independent. He gets to enjoy watching the Americans squirm at low cost. What's the US going to do to Russia? Our diplomats will be rude to each other, maybe we won't attend the Russian summer ball and snub the Russian ambassador, each country will declare some spies persona non grata.
At the end of the day, the areas in which the Russians and Americans cooperate are areas that they have a mutual interest to do so.
Others, like the Germans or Spain are different. They piss off the US, we cut off the faucet of intelligence, money, privileges, etc.
Not that it would be necessary in an obvious case like this, but each one of Microsoft/Skype, Google/Youtube, Apple and Facebook could easily have hired the nation's best and brightest one thousand lawyers at $1,000 an hour, full time for 10 years to defend privacy. It would have been well within their means. Yet, each of them chose to back down. Each of them chose to fail their users' trust.
I don't think its due to cowardice. If these organisations cared the slightest bit they would have acted to protect their users. Not in the wildest scenario would the US government have jailed the leaders of Apple, Google or Microsoft. My best guess is they got something in return.
http://www.wired.com/threatlevel/2013/06/yahoo-failed-fisa-f...
It's possible that there's as-yet undisclosed legal action with some of the others; the secrecy around just about any proceeding in the FISC makes it very hard to tell.
That may be naive. Most people have skeletons in their closets. The government would use these to pressure those leaders to acquiesce. I suspect the most dangerous skeletons are ones which seem harmless to you, but cast in the proper light they can be used as a justification for punishment. E.g. Something which seems harmless now can retroactively be used to claim you were doing insider trading. Few people would step up to defend you, even if the charges are baseless, because recently it's been fashionable to hate capitalists, and trading stocks is the epitome of capitalism. So it'd be very much "obey us or we will litigate you into bending your knee anyway."
Jobs was immune because he was the CEO equivalent of a rockstar. To try to pull baseless charges against him would outrage the public. Yet I'd imagine the public would get grim satisfaction out of seeing Ballmer punished, even if the charges were baseless, because most people don't like him. It's shallow, but it seems true.
That means if you fight, they put a server in your shop.
It was just not worth it until now. That's going to be the real legacy of the Snowden leaks.
Barely any change at all, I'd bet. And not worth the legal hassle they could have been up against if it came to a knock-down, drag-out battle with the US Government over <spins the dial>.
That's not the Steve Jobs I read about. Like him or not, he was a man of principle.
everything is worth a fight.
This reminds everyone to look at different angles when we criticize people/companies and understand that, even now, an individual makes a lot of difference.
http://www.wired.com/threatlevel/2012/06/steve-jobs-security...
I find it hard to believe that the NSA didn't see one of the most valuable and popular companies in the world as a priority until 2012. I bet they were salivating as soon as the first iPhone launched.
Apple not being a priority for NSA until Oct 2012? Pfft.
Me: "Hello. Could you tell me what Microsoft is doing at this Linux conference? I honestly want to know that."
Him: "We are here to show how our products can work well together with Linux related products."
Me: "Why would I as a Linux user use Windows or any other product from you? We all know that you spy on me - at least indirectly."
Him: "Oh no. You are misinformed. We have a lot of business customers with very sensitive data. Can you imagine what would happen to us if they found out that we spy on them? Business users are very sensitive in that area. We were screwed. And we do not spy on regular users as well. You may also know that this would be totally illegal according to German law."
Me: "So you are saying that you do not spy on businesses or other kind of users of your products?"
Him: "Yes! We were screwed otherwise!" *giggle*
Microsoft is so screwed guys.
Edit: I was not rude to this guy. We had a beer together later that day. I am sure he did not know anything about PRISM and was just doing his job.
I have said in the previous HN post and I will say it again here: don't pile on Microsoft alone. These spying policies make every US-based services company untrustworthy to whomever privacy is important. Come to think of it, I'm not sure whether you can rely on European services either because it seems that gov't surveillance is widespread.
On the other hand, maybe if we do pile on Microsoft, and stop using their products for this reason alone (even though Google, Apple and others are in the same boat), it will force them and their lobbyists to influence their gov't shills to put a stop to these programs.
The real question isn't about whether you can trust Microsoft. It's can you even trust Intel?
"The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect."
Free, open software and hardware are less likely to have secret 'back doors' installed or embedded in them because their innards are under constant public review by multiple eyes -- out in the open, not behind closed doors.
--
Edit: added last sentence.
People want the ease of computing not secure computing. The polls show it. In the US everyone but the geeks are OK with the NSA. Sad.
The system is going to have to change to federated data. Email, Social media, everything. Appliances owned by the individual. Either located in the home or small server appliances "rented" at a colocation facility and every user's info on their appliance. Any warrants are served to the individual not the "processing" or interpreting host that parses the data in their UI or service. The host, whether Facebook, Google, Yahoo, Microsoft, etc would notify the requester that that info is on a server rented solely by the user and they have no standing to grant or honor the warrant as they are the wrong party.
Please note I use voice typing due to fine motor control and this comment may contain errors.
These people remind me of the Austrian writer Karl Kraus: "The secret of the demagogue is to make himself as stupid as his audience so that they believe they are as clever as he."
The fact is that for almost all big corporations there is so much money, training and culture involved in MS platforms that a shift away from it is just to hard to do, unfortunatelly.
No John, unfortunately it is not really an option to move 57,000 employees and a headquarters out of the United States. That is what would need to be done. None of the people making statements for these large corporations are lying voluntarily.
And Microsoft is evil, I mean in Google's sense of evil and even Microsoft admit it.
But What about the one who claim them self do no evil and itself being so righteous. Joined Prism on 1/14/09?
And I would really love if the Movie could add bits on Prism agents coming in like some fucking retard, and Steve would tell him to Fk off.
NewsPaper and Media, intentionally or not trying to diversify the hate and focus on PRISM away from Government.
They are ultimately the one to be blamed.
That's exactly what I'm hoping will happen. It may be the only way to actually roll back most of this shameless and abusive mass spying of everything and everyone. I'm not sure what else would stop it. Americans protesting it? I'm not holding my breath for that one, and even if they do, they'll only try to fix the spying internally, as they couldn't care less what they do to the world as long as the government keeps telling them "it's to keep them safe" (which obviously trumps everyone else' rights).
You know... Up until this whole NSA/PRISM thing got uncovered, Microsoft had actually rather successfully started to rebuild the perception and image of its cloud-service Azure.
It had shown the world that in less than a year, it was well on its way to catch up with Amazon Web Services. It was going from an experiment to serious business. Something the company invested in. Even more so than the traditional parts of the business.
As someone who once looked at Azure and laughed it off, I was coming around, actually considering it. I don't have any inside info on this, but I would guess/assume Azure was just about to take off. All those investments, finally about to pay off.
Then the whole NSA/PRISM thing came about. Now there's no chance in hell I'm going there. Not that I expect AWS to be any better in that regard either. I'm currently pulling out my data from Google. I trust them even less.
Hell, at this point, the only viable option privacy-vice seems to be open-source software, deployed by me, to an account I control, hosted on a service-provider outside the US's reach.
It may not be immune to unauthorized, illegal snooping, but it will be off the main grid, take a bit more effort and it wont be done automatically 24/7.
If I become paranoid enough to put in the effort, I'll just get a VPS instead and encrypt the shit out of it.
(Disclaimer: Not a US citizen.)
;-)
Seriously though, if you don't play ball with the NSA, they come after you, your business, and your family with the full weight of the US government. Your wealth or status means nothing against it.
Which means, as a parent, I can relate.
Yes, you and I can sit here on my keyboard and say we would have stood our ground, but when you have a children and a mortgage, suddenly things are very different. Suddenly, you think that maybe fighting this one particular fight isn't worth the damage to you and your family.
That, my HN friends, is why the whole NSA PRISM thing is so evil and why it outrages us: Even those normally beyond the law (the rich and famous) are suddenly victims like the rest of us.
With that said, do you really want to buy a Microsoft product?
Notice the words appears and apparently. Until there is specific evidence to take those two words away from those sentences, hardly anything will change.
PS. It's *buntu that spins my propeller.
PPS. I'd be interested in what RMS has to say, not just about MS in this case but the whole PRISM/NSA thing in general - he has been warning us.
- low-level crypto APIs (the 'DLLs' referred to obliquely in the article); these are more interesting. I imagine they could be compromised for weak session key generation or other leakage of key / plaintext, or generate the session key in such a way that the mythical 'NSAKEY' can decrypt it. Huge impact, if so, but only to certain software; AFAIK Mozilla doesn't use the Windows crypto API / certificate key store (but Chrome does).
- SSL certificate generation (built-in CA for Windows Server builds); certificates stored and replicated via Active Directory; does anyone actually use this? In fact, does anyone actually use client SSL? It is likely also used for domain peer replication, which could potentially be over an external network (but why would you not use a VPN there?)
- Encrypted File System; already contains an escrow key-recovery mechanism to allow administrators (including domain admins) to recover a lost user key. Only likely to be relevant if hard disk or backup images seized, so less impact.
- BitLocker drive encryption; similar to EFS but uses a hardware TPM and is per-machine rather than per-user. Fairly sure escrow key recovery at the domain level is possible here too. Again, only likely to be relevant if hardware or backups seized.
- Office document encryption; did anyone SERIOUSLY think this was worth using anyway? There are so many key recovery services out there for this (Elcomsoft et al)
- Communications applications (Skype et al); again, did anyone SERIOUSLY think this wasn't already being monitored, even before Skype became a Microsoft product?
- Some other OS-level 'phoning-home' behaviour. I simply don't believe that no-one has spotted this happening, if it's there - we can do traffic analysis too, and there are plenty of people running Wireshark on their own networks.
As for updates, I imagine if you set up a domain you can run your own WSUS update server, MITM the connection, etc. - and then compare the behaviour with a "regular" home PC.
The problem really is how deep the hole goes - as per Ken Thompson "Reflections on Trusting Trust", 1984.
I put "non technical" in quotes because many of the people in HR, Accounting, Marketing, etc. are very tech-savvy. Marketing folks, for example, would love an all-Mac office setup, but they generally have to have Windows PCs for Powerpoint, Visio, and CRMs, to name a few. HR needs their IE6 in-house apps. Accounting can't even hire anybody who wants to try getting their work done on a Mac.
I realize I'm not even talking about Linux here; I think that just underscores my point.
Does anyone have a counterexample? Because I would pay top dollar for a Linux solution to these problems, but haven't seen anything worth buying.
Then you'd have to de-couple the entire organisation from Active Directory. And refactor (at best) or re-write (at worst) all custom in-house apps that rely on either Windows or Active Directory.
It's just too expensive.
I've seen about 10-20% Linux use and about 0% Mac use in industry (Finance - Buy and Sell side). YMMV.
Linux is incredibly popular because people claim (rightly or wrongly) that they can have a lower latency setup. R-Project is very popular with people because they can have engineers customise it in ways not possible with Mat Lab.
But at the end of the day it all falls back down to MS Excel.
Apple don't have any enterprise ready tools for managing a system of 50,000+ client PCs and 30,000+ servers. So they don't get a look in, save the few iPads that are just perks and never used for any work that I've noticed.
What about UEFI? Should that be assumed fundamentally insecure from this point on?
RedHat / Fedora ship with SELinux.
It's sorta a big deal.
It's practically been the operative description of Microsoft for decades that they're interested in profits (and potential profits in certain circles disjoint from the end users), not the privacy or security of their users.
Seems like Microsoft has a lot of issues to worry about. Doing a reorg when the company is struggling just to put an agency person in charge seems like a lot of work. Why not just put them in charge in a small internally announced move?
Google is not actually blocked by the firewall. Gmail is slow, occasionally lots of dropped packets, and other passive-aggressive behavior, but not blocked. Search generally works ok, unless, say, you are a tourist searching for information about a certain popular tourist destination in the center of Beijing. Groups, Docs, and other free exchange of information services are blocked, though.
Additionally these so-called "paranoid" questions didn't came out of thin air either. 10-15 years ago I also was very distrusting of Microsoft and what they were doing (there was a lot of anti-trust going on ...). But somehow they starting doing a few things right, wrote some good software and OS in the mean time and they "regained my trust" to the point I'd speak out against senseless M$-bashing, and perceive it as something childish.
Well, that I am no longer going to do, lest I have to eat my words. That "trust" is completely gone, and I feel kind of foolish for believing it existed in the first place, "trust" is a kind of thing that happens between two persons, not between a person and a gigantic corporation. The latter is too volatile, there can be no build up or breakage, it's every moment again different, dependent on who is in charge and which individual personalities are involved in a decision. Rationally, one instant snapshot cannot make or break the trust of the next one.
I do feel kind of foolish. I'm typing this on Win7, planning to install Linux for a while now, but I had some crazy wild ideas for a dual-boot scenario in mind that I never got around to and everything just worked so there was no hurry.
Before next week I'll be back on Linux, maybe even sooner.
You can't expect a show rep to know about anything like prism though - that information would have been "classified" and available only to those well above his pay grade.
The company I work for has absolutely no intent of dropping Microsoft products in lieu of the NSA leaks, even with large amounts of sensitive customer data. I can't imagine many large companies would. It would require such a vast amount of work it's unfathomable to even imagine most companies considering it unless they were about to lose nearly all of their customers.
Caveat: customers do not care, at this stage in the game.
Yahoo Google Facebook PalTalk YouTube Skype AOL Apple
Who have also been mentioned as complicit in this whole scandal.
Just to be fair :-)
By the way, I actually agree with you and have been slowly switching all my home stuff to linux and trying to get away from Google Dependence (although I type this in Chrome on a Win 8 laptop... damn work computer)
The problem that people like you don't seem to understand is that online communications can be secure, unless the companies owning the servers themselves cooperate and companies have to cooperate if they have to do so by law.
It's only the US that has such a huge budget for spying on people's communications and the US is also part of a select handful of countries going to such great lengths to suppress the freedom of speech about it.
If I were to start a company in Romania (which is part of EU btw), the NSA can suck my dick as there's absolutely nothing they could do to make me cooperate and keep my mouth shut while doing it.
The only proper answer to that is to stop using American products (at least until the US government can prove with extreme oversight from Europeans and Latin Americans and others, that they aren't abusing their spying power anymore).
That was entirely a lie. From day one their system has been targeting Americans. The proof is overwhelming at this point.
There's often a critical distinction between what gets claimed and what actually occurs in government. With a government that is so undeserving of trust, that's a very important distinction to keep in mind.
Open source communities have no membership committee or state-funded security apparatus. Contributions are accepted based on trust and trust is established by technical merit. The means the three-letter agencies used against Microsoft and other corporations are not the only strategies they have available.
Maybe Linus doesn't have a price. I hope so and I trust him. But regardless of my trust and hope, there is no verification. My trust still acknowledges that no one is scanning Swiss accounts for activity which might be linked to him - and even if there were someone doing so, what would be my basis for trusting them?
Again, I'm not saying I don't trust in the integrity of Linus, but it's hard for me to trust everyone contributing to my Linux distro. Patriots and mercenaries can contribute to open-source just as well as anarchists and Samaritans.
Microsoft's closed source model required a more transparent method to subvert [more transparent than a black operation]. Subverting open source requires little more than a clever branch and merge with a veneer of social engineering. The fruit is so low hanging that merely singing the Open-Source Internationale, will get one street cred. Anyone who thinks they are immune, isn't. This is state level resources - put a man on the moon and bring down communism scale.
However, the fact that Linux source is available for review does make it more secure on a relative basis. Sure, it is naive to think a zero day couldn't be buried in there, but at least there is the opportunity for review. With a closed-source OS, we don't even have the luxury of a false sense of security.
Not to get all tin foily, but I'd be more concerned about hardware exploits if you're thinking in terms of "man on the moon" resources... where are all those chips made again?
If you didn't build your OS, you'd better trust the person/people that did.
You certainly could not compromise a base as large as the number of Windows users, but you could target your efforts on distributions that have key infrastructure roles, like servers, routers, firewalls...
Another vector used to compromise free software is to participate in it. Paid agents can actively participate in open source projects and allow clever exploits that could pass as bugs if uncovered.
"We" get pre-built packages from repositories, but only because "we" don't value our privacy enough.
http://cm.bell-labs.com/who/ken/trust.html
For security conscious the prefect state is the OS which changes very, very slowly, fixing only security bugs and having binaries used by as many people as possible and which change so seldom that more people can even check them by disassembling them. You don't want to only check sources, you want to disassemble the binaries and decide if they match the sources.
And only then you want to be sure that all configurations are what they should be. Not easy at all.
Well, how well can you trust the commercial ones ? At least with open source, you can look into it more easily and eventually find security holes. It's a step towards trust. There is no trust to gain with commercial solutions, but at least with open source, it's at least possible.
The fact that proprietary agrees with a sound market economy makes it somehow more functional and more attractive, but when you're concerned about ethics, it's a totally other concern.
Not that that will help much.
Abundant resources and mutual distrust should ensure a rather secure OS.
Is there any indication that software running on the client is at risk? The article goes to great hyperbole but unless you're using Skydrive, I don't see how Office files are at risk with the recent revelations.
Not that they aren't, it's just that I didn't see any information that they are.
I don't think storing information in the cloud using FOSS software is going to magically protect your information.
E.g. How does using Thunderbird to access Gmail afford greater protection than using Outlook to access Gmail?
Yes, Microsoft shares all of Windows vunerability with the NSA long before fixing them.
> I don't think storing information in the cloud using FOSS software is going to magically protect your information.
And you are right, it won't. Anything you send to 3rd party severs is gone.
To keep data private, you must keep it at your computers, run only audited FOSS that you compiled with a trusted compiler, encrypt it all the times it goes into a network (even your LAN), and hope that there isn't a firmware or hardware backdoor in your computer.
I don't use the hate word often, but I HATE Microsoft now.
Just for the record, I think Dvorack is bang on with this article. Couldn't agree more.
Each time you visting a page, IE sends the URL over to be "checked" by Microsoft.
Each update, a summery of all installed packages are collected and sent to Microsoft in order to "improve the experience".
WAT collects your hardware specification, including the serial number of your hard drive.
Each time you connect your operative system to the Internet, it calls home to a Microsoft server to check if the connect works. Its doubtful that they throw away the logs from this.
Microsoft can forceable push new executable code as updates, regardless if settings has turn of updates.
Microsoft word (and Outlook?) do also collect information, but it is supposed to be optional. I don't remember if its on by default, but I am rather sure it is.
Then we have semi-native application such as massager or skype. Both has messages being "scanned".
Some of the sources: https://office.microsoft.com/en-us/word-help/privacy-stateme..., http://redmondmag.com/articles/2010/07/01/what-does-microsof...
Huh? Are you talking about hashes being sent for malware check similar to the ones in Chrome or Firefox? If not its a serious privacy issue.
The ones you mentioned about Updates is also true for Chrome updates. [1]
>Microsoft can forceable push new executable code as updates, regardless if settings has turn of updates.
Any source on this?
>Microsoft word (and Outlook?) do also collect information.
With Office 365, this is more or less a reality.
>Then we have semi-native application such as massager or skype. Both has messages being "scanned".
Are you talking about URL scanning? So does FB, Gchat etc. Expect your messages to scanned or stored no matter what 3rd party service you use. Always use client-side encryption for secure communication.
The most important one you left out is SkyDrive. I remember installing it on my computer and then signing onto the web interface to find out I could even access files outside of my sync directory. Sure you can turn "off" the feature, but I promptly uninstalled it instead.
I don't trust Microsoft with privacy in the cloud but neither do I with any other 3rd party.
[1]https://www.google.com/intl/en-US/chrome/browser/privacy/
True, but what about Windows Phone vs. Android (with Google's apps, not just a FOSS build like Replicant) vs. Apple? Which is the lesser evil for your privacy?
Cyanogen.
Senseless bashing - including intentional miss-$pellings and holding one company (Microsoft) to different standards to others (Facebook, Google, Apple) is still childish.
However, not all bashing is senseless - Microsoft has a lot of explaining to do. Sure, so do Facebook, Google and Apple but that doesn't let MS off the hook. It makes the case for installing a Linux instead a lot stronger.
In any case, the Microsoft is providing government with the source code of at least Windows (not sure about Office), so from a source code point of view, that is somewhat ok (minus finding people experienced enough to digest an enormous code base)
The main problem that is common with both Microsoft and OSS is actually checking the binaries. Except for China (to some extend), there is no government that is actually forking the project they use in order to create custom, controlled distro. So they are always going to have to trust their binary source. And that is the weak link.
Most companies and users get their pre-compiled distros and never bother because it's an impossible task so I don't see how open source is any better in this regard.
On one hand, the CEO of Qwest was convicted of insider trading, and he claims it was retaliation by the NSA because Qwest would not participate in warrantless wiretapping.
On the other hand, the federal government had a perfect excuse to prosecute Steve Jobs in 2006 with the options backdating scandal, but chose not to. Those would not have been baseless charges--Apple really did backdate those options. The government just concluded that Jobs was not personally culpable.
That's actually a perfect example of leverage that the government would have used against a technology company to pressure them into doing the government's bidding.
In contrast, I can't imagine anyone targeting Oprah. She'd destroy (PR-wise) anyone challenging her. Recall that beef lobby's attacks.
Jobs is like Silicon Valley's Oprah.
http://blog.cryptographyengineering.com/2013/06/can-apple-re...
tl;dr:
* Apple distributes the encryption keys
* Multiple keys can be associated with an account (iPhone, Mac – and the NSA?)
* Apple can retain metadata
* Apple doesn't use certificate pinningPlease stick to the facts.
Take the battle to the real courts and ask them to decide on the matter.
It's not a court just because congress says so.
That doesn't mean you're supposed to review it or that it is reviewed at all, but it is a requirement for the open source development model.
About the Linux kernel, see this example: http://kernelnewbies.org/UpstreamMerge
From Quality control section: "Some of the world's best developers will be going over your source code with a fine comb. This may be embarrassing for a few days or weeks, but in the end the code tends to work better and be more easily maintained. In some cases the upstream developers have made network and storage drivers 30% faster, making the hardware more attractive to customers."
Open source is the necessary but not the sufficient condition. It needs to be reviewed by independent people, otherwise the open source part is useless.
> Microsoft can forceable push new executable code as updates, regardless if settings has turn of updates. - Any source on this?
https://windowssecrets.com/top-story/microsoft-updates-windo... (its old yes, and was disputed as a "bug" by Microsoft. At the same time, no security expects has said that Microsoft did fix it. As such, I default to once burned, twice shy.).
>Each time you visting a page, IE sends the URL over to be "checked" by Microsoft. - Huh? Are you talking about hashes being sent for malware check
SmartScreen Filter and Suggested Sites (http://windows.microsoft.com/en-ca/internet-explorer/ie10-wi...). Both can be turned off, and I don't know what is default. My default assumption is that both is on (or checked in wizard) by default.
>Then we have semi-native application such as massager or skype. Both has messages being "scanned". - Are you talking about URL scanning? So does FB, Gchat etc.
The OP talked about native MS apps as being risk free. Just because FB and Gchat also do bad thing, doesn't make someone else applications less risky to use.
Hashing the URLs won't give you any privacy, because the set of used URLs is public and relatively small. Also, I'm not aware of Firefox doing that, are you sure about it?
At IE and Chrome, sending that data is optional. It's neither opt-in nor opt-out. The browser makes a question at the first use, and you must select one option. IE's question is a bit biased toward a "opt-in or you'll get phished", but there is no reason to think that wording is malicious - one can even claim it's true.
Besides all that, MS sends all known vunerabilities of it's products to the NSA long before either publishing or fixing them. That's enough to give the NSA administrative priviledges on Windows machines.
While free software does make it possible to gain some confidence in running TLA-free code it does not make it a simple job. Just stating that you ' know the code my system was built on now' is like stating you 'know what you eat because you read the label on the can'. There might be more in that can than the label tells you...
yes. you can very much trust that. I appreciate that you've never decided to do an audit of GCC's, glibc's, or your kernel's source, but understand that others have. I am one of them.
As for any binary blobs/firmware I can't peek into, that's why I have software [1] running on the gateway to see if anything phones home. So far, nothing has. If it's not communicating with anyone, I can be reasonably sure it isn't compromising my security.
Also, your reply was almost entirely an argument from incredulity [2], a logical fallacy.
[1] http://www.opennms.org/ and a strict whitelist. Yes. I've audited the gateway as well.
If your answer is 'yes'... you should check again :-)
As to you having 'audited' all code running on your network, I can flatly state I don't believe it. I don't doubt you'll have looked over the source for a part of it but there is a difference between 'looking over code' and 'auditing code'. Take the Linux kernel for an example: as of 2013, the Linux 3.10 release had 15,803,499 lines of code (source: Wikipedia:Linux_kernel). Linux for Workgroups has even more. Glibc is good for another 1,188,385 lines of code (source: http://www.ohloh.net/p/glibc). The gcc collection spans 6,242,908 lines (source: http://www.ohloh.net/p/gcc). These are only those projects you mentioned (' I appreciate that you've never decided to do an audit of GCC's, glibc's, or your kernel's source, but understand that others have. I am one of them.').
Understand that an individual who claims to have audited all code on his or her network does not come across like someone who grasps the magnitude of the effort s/he claims to have conquered. This individual either has superhuman powers and unlimited time, or the individual overestimates the efficacy of his or her 'auditing' efforts.
Rationalwiki has just the article to help you decide which of these two is the most likely: http://rationalwiki.org/wiki/Occam%27s_razor
Think of Federal employees at Fort Meade, who were hired to do the sort of work I am describing.
Think of defense contractors with nondescript offices in Fairfax who hire those same employees after they leave the government and whose employees spend their days writing and pulling and pushing and merging open-source software.
Think of $200,000 a year.
Think of Edward Snowden.
A 1000 hackers is a line item in the NSA's budget.
Or the KGB's.
Or China's.
It's asymmetric warfare. But the side without the money is disorganized and open and trusting.
The Snowden leak happened (as did Manning), so the Government is not as organized as optics would suggest. They are drowning in the data deluge just like everybody else.
Hard to imagine a better success rate for any organization composed of fallible human beings.
Congress certainly does have the 'say so' -- at least with 'inferior Courts'. That still leaves the Supreme Court though as final arbiter.
He made a valid statement and didn't express much else of his opinions or state of mind.
Unfair to immediately lump somebody into a pre-judged bucket for a single statement.
That's the real bullshit here.
What really bothers me about this is that U.S. companies and individuals have to keep their interactions with the NSA a secret, while obeying whatever demands the NSA has, including the installing of back-doors.
Trust is a fragile thing and we rely on trust for conducting business and for living our lives. My trust in U.S.-based companies has been shaken. Even if the affected companies (such as Google, Microsoft, Apple) want to be trustworthy for their customers, they can be coerced by law to obey whatever the NSA demands and they must also keep it a secret, with absolutely no transparency - they aren't even allowed to say "yes, the NSA demanded some things and we unfortunately complied". Even worse, they can be coerced into making public statements that are full of lies.
I can no longer trust any U.S. based company again.
For example, right now I'm using Skype. But what if the Skype client has a backdoor allowing one to open and listen to my mike any time they want (it's a proprietary blob, we'll never know). What if this backdoor gets hacked and used by people that are not part of the U.S. government? So in spite of the best intentions of the people working on Skype and the NSA; even if I've got "nothing to hide", Skype is all of a sudden a security liability and nothing (short of an open-source client that I can compile and run) can prove otherwise, because Microsoft isn't allowed to be open about it. And I can no longer rely on the fragile trust I've had for Microsoft, because Microsoft can be coerced into being untrustworthy.
See how it goes? We'll see how this unfolds over the next years, however the damage done to U.S. companies will prove to be massive.
These gag orders are the kind of things that creep into society and they are the first weapon against would-be activists that's perceived to be against the corporate interest (or the interest of the elite). It doesn't take much for chilling effect to set in. Fight it now, or it will be too late when it has the power to threaten the laymen.
Will?
Ever heard of reverse engineering? It turns out you'd need even that approach even with open source as soon as you use binaries you haven't compiled yourself. And you'd have to verify the compiler and your disassembler that way too. It's all possible, but requires more than it's currently being done, at least on the level of the stuff openly available.
And even if you manage to verify everything you have to check the computer. Modern computers be it servers or notebooks start to have BIOS-es that can even phone home and allow remote access without your control (having the keys which you can't control!).
This is true: reverse engineering can be used for verification, but it's a whole lot more work than inspecting source.
"And you'd have to verify the compiler and your disassembler that way too."
This is false. You can verify the compiler with diverse double compiling: http://www.dwheeler.com/trusting-trust
Please a specific example of what would be needed to prove GCC and LLVM now.
EDIT: I'm not interested in toy compiler and theoretical pie-in-the-sky examples, I want to know how practical it is for the systems in real use. GCC and LLVM as they are now please. If the proposition is "suppose that we have something that can compile gcc sources and we trust it" tell me what is that, does it exist and how hard would it be to make it. Don't talk to me about your experiment where you change one line in TTC and then prove it's changed by comparing the binaries.
Open source was thought to sweep away for hidden code, I really doubt GCC or other compilers has that special code that is reproduced each time you recompile a compiler with it.
If there was such self-reproducing code in a compiled GCC, it would be quite easy to find. There are many eyes looking at a program like GCC.
And even with such a conspiracy theory, which is still possible, open source has better margin than proprietary. It's not perfect, but it's much more transparent if you get what I mean.
This only works if you are building things yourself or trust the group building things, of course, but it's way easier than audit by disassembling binaries.
[1] http://programmers.stackexchange.com/questions/184874/is-ken...
Also if you check the whole discussion you'll see I already discussed Ken's work.
http://www.schneier.com/blog/archives/2008/05/random_number_...
The bug was introduced in September 2006. Discovery published May 2008. Affected: the most popular Linux distribution, all the keys generated on it in that period. Scary.
Moreover, the bug was not found by reading the source code. The keys generated by all the existing system were analyzed. If I remember, only the keys generated by mentioned Linux distros stood out (and some hardware devices using customized firmware or poor implementations). Windows and OSX weren't there.
I'm not saying that it's better to have closed source, even if we can discuss that too when we consider how often the changes are introduced (for security: the less often the better provided the start is good enough) I'm saying that just believing something is secure simply because "it's open source" is pure hand waving.
It might be extremely difficult to boycott every company involved, so why not choose one to make an example of? The idea that you must boycott all or none appears irrational.
It sounds very much as though it was the bullies who decided what was "fair" in this instance.
Yahoo Google Facebook PalTalk YouTube Skype AOL Apple
Done and done (including Microsoft) for well over a decade; I don't get this whole "can't be trusted anymore" thing. These companies could never be trusted, and never should have been.
https://en.wikipedia.org/wiki/Project_MKULTRA
http://www.cracked.com/blog/five-fun-facts-about-the-cia-and...
1. Whether you're likely to voluntarily leak any secure information.
2. Whether someone who dug up some dirt on you could blackmail you into leaking secure information.
Or as the saying goes, it's fine to have a mistress, but having a mistress that your wife doesn't know about is a problem...
Generally, the key things were, "are you a crook? are you liable to be bribed/coerced?".
E.g. one chap was a transvestite, but the appeals court ruled that since his wife and minister knew, it wasn't something that could be leveraged against him.
Having your factory retool weeks before you launch an unproven product because you don't like the glass? Not very pragmatic.
I don't expect that GOOG or MSFT will suffer any damage in short term. But in long term they have proved unreliable. This erodes confidence. And if it keeps eroding, it will eventually cause them to collapse.
I'll be doing my earnest to move away from any non-OS tool. And will advocate others to do so as well.
http://thenextweb.com/apple/2011/10/27/mystery-solved-why-st...
This reminds me of a friend of mine who proxies all his web traffic through something which strips user agents and referrers. It's very easy for me to tell when he visits my website, because the logs show "-" for each of these fields.
I wonder if the best strategy, then, is to figure out a very common user agent string and use that. The EFF's Panopticlick might be a good start: https://panopticlick.eff.org.
Simply drawing attention to the fact that his attempt at anonymity acts a key personal identifier in this instance.
It is really simple.
http://en.wikipedia.org/wiki/MobileMe
.Mac: July 17, 2002 – July 9, 2008
MobileMe: July 9, 2008 – June 30, 2012
iCloud was launched on October 12, 2011, one year before Apple entering Prism.
http://en.wikipedia.org/wiki/ICloud
The main difference before iCloud was that you had to pay for it. I can however remember that I've had free .me account before iCloud, so even .me must have had enough users.
It is fun to think of Steve Jobs as the lone person saying "fuck you" to the NSA. But it isn't realistic. It isn't like the other companies are run by meek people who love bending over to authorities.
That's incitement enough to try to get them on board.
Why go after the myriad of handset manufacturers when you could just get the network providers on board?
But I'm still curious; even though you can write the disassembler by hand, how can you be sure that you're compiling it with a non-compromised compiler? Or do you mean write it in e.g. ELF format directly (and that's assuming the OS isn't involved in filtering offending code, though it seems extraordinarily unlikely that the OS could be generally modified in such away without detection)?
I believed they polygraphed you about drug use, and I recall that they had a threshold number of "experimental" sessions with marijuana that were ok, as long as you disclosed them during the background check and polygraph.
The idea is to take one compiler source (S), and compile it with a diverse collection of compilers (Ck being a compiler in C0-CK), producing a diverse collection of binaries that are compilations of S: (Bk = Ck(S)). Because the different compilers are almost certainly not functionally identical, the various Bk should not be expected to be bitwise identical. However, because they are compilations of the same source, they should be functionally identical, or one of the original compilers was broken (accidentally or deliberately). So now we can compile that original source with the Bk compilers, and because these compilers are functionally identical, the results (Bk(S))should be bitwise identical. There is certainly some chance of false positive, due to bugs in the Ck compilers or exploitation of undefined behavior in S, but if you do get the same output (Bk(S)) from all of the (Bk) compilers then you can be pretty confident that there is no Trusting Trust style attack present: exceedingly so, when the various compilers have diverse histories so that it's exceedingly unlikely that all Ck compilers contain the same attack. If there are any differences, you can manually inspect them to determine what the issue is and either issue a bug report to the appropriate compiler, change the source (S) to avoid undefined behavior, or notify people of the attack present in the compiler in question, depending on what you find. This does involve some binary digging, but quite targeted compared to a full audit and it may well not be necessary at all.
Obviously, if you do have a trusted compiler, including it in the mix is great, but the technique doesn't rely on this, nor on any two compilers returning the same binary output except when they are compilations of the same source.
Then the same for LLVM.
In case it wasn't clear, k is used for indexing, and I use "function application" f(x) to mean compilation of x by compiler f.
"Take one compiler source (GCC 4.8.1), and compile it with a diverse collection of compilers (Ck being a compiler in { C0 = GCC 4.8.1, C2 = LLVM, C3 = icc, C4 = visual c/c++, ...}[1]), producing a diverse collection of binaries that are compilations of GCC 4.8.1: (Bk = Ck(GCC 4.8.1)). Because the different compilers are almost certainly not functionally identical, the various Bk should not be expected to be bitwise identical. However, because they are compilations of the same source, they should be functionally identical, or one of the original compilers was broken (accidentally or deliberately). So now we can compile that original source with the Bk compilers, and because these compilers are functionally identical, the results (Bk(GCC 4.8.1)) should be bitwise identical. If there are any differences, you can manually inspect them to determine what the issue is and either issue a bug report to the appropriate compiler, change the source (GCC 4.8.1) to avoid undefined behavior, or notify people of the attack present in the compiler in question, depending on what you find. This does involve some binary digging, but quite targeted compared to a full audit and it may well not be necessary at all."
Likewise for any of the others, but note that once you've got a known-clean build of any (sufficiently capable) compiler you could use it to build known-clean builds of the others.
[1] the more compilers and the more diverse the background of the compilers, the better; it may well be worth using quite slow compilers that are proven correct and/or implemented in other (possibly interpreted) languages for a high degree of confidence.
"I say it in the ACSAC paper, and again in the dissertation, but somehow it does not sink in, so let me try again.
Both the ACSAC paper and dissertation do not assume that different compilers produce equal results. In fact, both specifically state that different compilers normally produce different results. In fact, as noted in the paper, it’s an improvement if the trusted compiler generates code for a different CPU architecture than the compiler under test (say, M68000 and 80x86). Clearly, if they’re generating code for different CPUs, the binary output of the two compilers cannot always be identical in the general case!
This approach does require that the trusted compiler be able to compile the source code of the parent of the compiler under test. You can’t use a Java compiler to directly compile C code."
Why? What changes?
What changes? For a start, the more people that are involved, the less each knows of the situation. A single individual being bullied is aware of each incidence and what it going on at all times. A group doesn't - witness mob justice as a clear counterpoint. A group is highly susceptible to hearsay and misdirection.
As for why it's unfair - if we expect the judicial system to be fair when it acts on our collective behalves, it is dissonant to not expect other group action to also be fair in how it's meted out.
Looking at the PRISM company list, we are talking data service companies with users in the tens of millions (minus the oddball Paltalk). Apple just wasn't in that group until recently.
I don't see why a group being "susceptible to hearsay and misdirection" is a good reason for their ire to be directed at more companies rather than just one.
I also don't see any reason why a group fighting against the injustices they can tackle, obliges them to take on the ones they can't.
EDIT: To take your example of the justice system - if I steal from someone, it would not be a valid defence to point out that other people had not been successfully convicted of stealing, therefore I should not be prosecuted.
And better yet if this chosen starting point(s), being old, are also small and simple.
If GCC is in fact the only thing that can compile GCC, then you cannot use DDC to get a trusted version of GCC.