The NSA Intercepted Microsoft's Windows Bug Reports (schneier.com) 52
Bruce Schneier writes on his security blog:
Back in 2013, Der Spiegel reported that the NSA intercepts and collects Windows bug reports... "When Tailored Access Operations selects a computer somewhere in the world as a target and enters its unique identifiers (an IP address, for example) into the corresponding database, intelligence agents are then automatically notified any time the operating system of that computer crashes and its user receives the prompt to report the problem to Microsoft... this passive access to error messages provides valuable insights into problems with a targeted person's computer and, thus, information on security holes that might be exploitable for planting malware or spyware on the unwitting victim's computer..."
The article talks about the (limited) value of this information with regard to specific target computers, but I have another question: how valuable would this database be for finding new zero-day Windows vulnerabilities to exploit?
The article talks about the (limited) value of this information with regard to specific target computers, but I have another question: how valuable would this database be for finding new zero-day Windows vulnerabilities to exploit?
Well, sure. (Score:2)
I suppose this is "news", but I also suppose it should have been (and for many, was) assumed. And I'll bet the NSA and the foreign equivalents are not the only ones that thought of this obvious source...
Re: (Score:2)
Sure, just have a list of keys like .ssh/authorized_keys so anybody could stick its own key in there.
Re: (Score:3)
The foreign equivalents don't watch the internet like the NSA and GCHQ do.
The net belongs to the NSA, so other nations don't waste funds on low return internet things.
Some of the cool things other nations did or learned from just went back to simple human spying.
France had all its diplomatic codes broken by the USA and UK in the 1950's. It took France a while to learn from that decade long communications mistake.
Slashdot is speeding up (Score:1)
It's now reporting on articles from 2013!
can't be true. (Score:5, Funny)
the NSA intercepts and collects Windows bug reports.
No way can that be true. Even the NSA's Utah Data Center [wikipedia.org] doesn't have that much storage capacity.
Re: (Score:2)
Deduplication works miracles on repetitive data. If there was ever a source of repetitive data, Microsoft crashes are it.
Re: (Score:2)
Maybe, maybe not, it depends on how deduplicable the records are. The same bug trace could very well have different output on different computers, memory addresses etc. could be different.
Re: (Score:1)
Finally, a post that made me laugh. Very nice. I also think broadband speeds have been held back because of the need to match NSA data storage capacity with internet throughput.
Re: (Score:2)
Re: (Score:2)
The people who know interesting people.
The people who are 3 and 4 hops from interesting people.
The unknown people who then make contact with interesting people or people who know interesting people.
Whats a few million files collected per task?
All the interesting users computers get altered as needed.
Re: (Score:2)
If one way in is closed by a user or unexpected update another way into Windows is found.
Collect it all always works.
Re: (Score:2)
Reality now sets in.
Windows is the way in.
Re: (Score:3)
Windows and windows networks are a huge liability. CIOs and CSO need to have a come to Jesus moment on that.
I sometimes do internal pentest work, and Its rare even not in 2017 that some combination of null sessions to get user names, and password spray, or just shutting up and listening for LLMNR or old NetBios and than cracking the acquired hashes won't work at a big organization. That is before you even need to consider getting "fancy" with attacks on Kerberos or SPNs. Yes you need to be on the interna
Um, yay for them? (Score:1)
/ lock em up
Re: (Score:2)
those buggers (Score:2)
This is actually serious (Score:2, Troll)
Make it simpler (Score:4, Insightful)
Re: (Score:2)
What about exploitable 3rd-party bugs + targeting? (Score:2)
Hello,
I seem to recall a discussion about this at the time of disclosure that the main concern was not so much finding exploitable bugs in Windows, per se, but finding bugs in third-party drivers like those from AMD and nVidia, as well as determining hardware and software a target might be using, in order to help perform vulnerability research on targets.
Regards,
Aryeh Goretsky