Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Bug Windows Government Microsoft United States

The NSA Intercepted Microsoft's Windows Bug Reports (schneier.com) 52

Bruce Schneier writes on his security blog: Back in 2013, Der Spiegel reported that the NSA intercepts and collects Windows bug reports... "When Tailored Access Operations selects a computer somewhere in the world as a target and enters its unique identifiers (an IP address, for example) into the corresponding database, intelligence agents are then automatically notified any time the operating system of that computer crashes and its user receives the prompt to report the problem to Microsoft... this passive access to error messages provides valuable insights into problems with a targeted person's computer and, thus, information on security holes that might be exploitable for planting malware or spyware on the unwitting victim's computer..."

The article talks about the (limited) value of this information with regard to specific target computers, but I have another question: how valuable would this database be for finding new zero-day Windows vulnerabilities to exploit?

This discussion has been archived. No new comments can be posted.

The NSA Intercepted Microsoft's Windows Bug Reports

Comments Filter:
  • I suppose this is "news", but I also suppose it should have been (and for many, was) assumed. And I'll bet the NSA and the foreign equivalents are not the only ones that thought of this obvious source...

    • by ls671 ( 1122017 )

      Sure, just have a list of keys like .ssh/authorized_keys so anybody could stick its own key in there.

    • by AHuxley ( 892839 )
      Re " and the foreign equivalents are not the only ones that thought of this obvious source"
      The foreign equivalents don't watch the internet like the NSA and GCHQ do.
      The net belongs to the NSA, so other nations don't waste funds on low return internet things.
      Some of the cool things other nations did or learned from just went back to simple human spying.
      France had all its diplomatic codes broken by the USA and UK in the 1950's. It took France a while to learn from that decade long communications mistake.
  • by Anonymous Coward

    It's now reporting on articles from 2013!

  • by Anonymous Coward on Saturday August 05, 2017 @07:36PM (#54948681)

    the NSA intercepts and collects Windows bug reports.

    No way can that be true. Even the NSA's Utah Data Center [wikipedia.org] doesn't have that much storage capacity.

    • by chill ( 34294 )

      Deduplication works miracles on repetitive data. If there was ever a source of repetitive data, Microsoft crashes are it.

      • by ls671 ( 1122017 )

        Maybe, maybe not, it depends on how deduplicable the records are. The same bug trace could very well have different output on different computers, memory addresses etc. could be different.

    • by Anonymous Coward

      Finally, a post that made me laugh. Very nice. I also think broadband speeds have been held back because of the need to match NSA data storage capacity with internet throughput.

      • Broadband speeds have lagged the rest of the developed world because monopolies only produce up to the point marginal cost equals marginal revenue. This wouldn't be a problem if, like most natural monopolies (water, electricity), broadband was closely regulated, but it isn't. There's effectively no fixed wireline competition for cable broadband; without competition there is no pressure to increase efficiency. The problem is that regulators have been pretending cable internet, dsl (i.e. uverse) internet, and
    • by AHuxley ( 892839 )
      AC the Windows bug reports of interesting people.
      The people who know interesting people.
      The people who are 3 and 4 hops from interesting people.
      The unknown people who then make contact with interesting people or people who know interesting people.
      Whats a few million files collected per task?
      All the interesting users computers get altered as needed.
  • Sure, they're slimy, illegal, and immoral. But it sounds like at least they're competent.

    / lock em up
    // right next to Hillary
    /// save a spot for Donny boy
    • I hope they'll decide to monetize it soon - there's a bunch of posts I made to talk.bizarre a long time ago, and google doesn't seem to have archival copies.
  • The Microsoft bug reports are important to Microsoft. They do actually analyze them to try and find bugs or in their products or in code from common/popular vendors. The NSA is undermining this trust. This is similar to the way the USA undermined doctors in Pakistan by using doctors in their search for Bin Laden. Maybe if the USA had to compensate every single person who gets Polio 10 million dollars they might not think their plan was such a great idea. Same for the NSA, they should be trying to help
  • Make it simpler (Score:4, Insightful)

    by aepervius ( 535155 ) on Sunday August 06, 2017 @12:13AM (#54949319)
    The NSA intercepted anything and everything which went in the direction of the US, possibly also stuff which never went in the US. Consider all your communication compromised by the NSA. Now whether you care (privacy minded people, people not liking government overreach and spying and crook/spy/other nations intelligence agencies) or not (most people) is up to you.
    • Most people care, just not enough to make it worth the cost of doing anything. Make end-to-end encryption simpler and more ubiquitous (WhatsApp, Signal) and people will use it. Given two equivalent goods where the only differentiator is privacy, users will choose the more-secure option.
  • Hello,

    I seem to recall a discussion about this at the time of disclosure that the main concern was not so much finding exploitable bugs in Windows, per se, but finding bugs in third-party drivers like those from AMD and nVidia, as well as determining hardware and software a target might be using, in order to help perform vulnerability research on targets.

    Regards,

    Aryeh Goretsky

Think of it! With VLSI we can pack 100 ENIACs in 1 sq. cm.!

Working...