Built-in backdoor: German govt warns of significant Windows 8 security danger.

Built-in backdoor: German govt warns of significant Windows 8 security danger.(RussiaToday).

Documents uncovered and leaked by German news outlet Zeit Online found that the German Ministry of Economic Affairs was displaying significant unease with the combined technologies, suggesting the possibility that a backdoor could be created for further covert NSA surveillance operations.

The backdoor in question would allow Microsoft to control the computer remotely. “Trusted Computing,” a method developed and promoted by the Trusted Computing Group, is nothing new - fears were being aired over its capabilities and potential as early its founding in 1999.

TPM appeared in 2006 as security technology. However, version 2.0 would implant a chip on every single PC, allowing it to control which programs could and couldn’t be executed because under Windows 8, there is no override. The users thus basically surrender control over their computers.

One of the documents retrieved by Zeit Online found that BSI stated that “unconditional, complete confidence” in Trusted Computing by stipulations of TPM 2.0 was not possible. Trusted Computing cultivated specifications for how the chip would work with operating systems.

Another document from early 2012 mourned the fact that “due to the loss of full sovereignty over the information technology, the security objectives of ‘confidentiality’ and ‘integrity’ can no longer be guaranteed.”

While not fully clear on the specifics, the documents appear to indicate that the NSA had some form of representation at the TCG meetings – during which German officials were also present - saying that they were in favor of leaving the technology in its existing state, without any changes being necessary. This suggests that the NSA does not see TPM 2.0 as hindering its operations.

A Snowden leak from July this year showed how Microsoft worked hand-in-hand with the United States government in order to allow federal investigators to bypass encryption mechanisms meant to protect the privacy of millions.

Penton’s Windows IT Pro trade publication pointed out that Zeit Online “seem[ed] to be using a bit of imagination to connect the dots and maybe the German government has other ideas.”

In a press statement released late Wednesday, the BSI insisted that “From the perspective of the BSI, the use of Windows 8 in combination with a TPM 2.0 is accompanied by a loss of control over the operating system and the hardware used.” 


Related:

NSA has total access via Microsoft Windows.

How NSA access was built into Windows

NSA has total access via Microsoft Windows.

NSA has total access via Microsoft Windows.HT: WND.By F. Michael Maloof .

WASHINGTON – The National Security Agency has backdoor access to all Windows software since the release of Windows 95, according to informed sources, a development that follows the insistence by the agency and federal law enforcement for backdoor “keys” to any encryption, according to Joseph Farah’s G2 Bulletin.

Having such “keys” is essential for the export of any encryption under U.S. export control laws.
The NSA plays a prominent role in deliberations over whether such products can be exported. It routinely turns down any requests above a megabyte level that exceeds NSA’s technical capacity to decrypt it. That’s been the standard for years for NSA, as well as the departments of Defense, Commerce and State.
Computer security specialists say the Windows software driver used for security and encryption functions contains unusual features the give NSA the backdoor access.

The security specialists have identified the driver as ADVAPI.DLL. It enables and controls a variety of security functions. The specialists say that in Windows, it is located at C:\\Windows\system.

Specialist Nicko van Someren says the driver contains two different keys. One was used by Microsoft to control cryptographic functions in Windows while another initially remained a mystery.
Then, two weeks ago, a U.S. security firm concluded that the second key belonged to NSA. Analysis of the driver revealed that one was labeled KEY while the other was labeled NSAKEY, according to sources. The NSA key apparently had been built into the software by Microsoft, which Microsoft sources don’t deny.
This has allowed restricted access to Microsoft’s source code software that enables such programming.
Access to Windows source code is supposed to be highly compartmentalized, actually making such actions easier because many of the people working on the software wouldn’t see the access.
Such access to the encryption system of Windows can allow NSA to compromise a person’s entire operating system. The NSA keys are said to be contained inside all versions of Windows from Windows 95 OSR2 onwards.
Having a secret key inside the Windows operating system makes it “tremendously easier for the NSA to load unauthorized security services on all copies of Microsoft Windows, and once these security services are loaded, they can effectively compromise your entire operating system,” according to Andrew Fernandez, chief scientist with Cryptonym Corporation of North Carolina.Read the full story here.

Related: How NSA access was built into Windows

How 'SAFE' are the Security programs that supposedly protect your computer, how about from intrusion by the Gov?

How 'SAFE' are the Security programs that supposedly protect your computer, How about from intrusion by the Gov?(MFS).

From Kaspersky: Kaspersky Lab is a private international company that registered its holding in Great Britain in 2006. This means that our financial reporting is transparent and freely available to anyone. I think we can all agree that Her Majesty’s laws are strong and respected worldwide. Our affairs there have nothing to do with the Kremlin. This is the first time I’ve seen this major stretch to try and link our business with the Russian government.

All three of the world’s leading security companies – Symantec, McAfee/Intel, and Kaspersky Lab – work with law enforcement bodies worldwide to help fight cyber-crime. 
The ITU, CET, FBI, FSB, U.S. Secret Service… we all have a duty to help them solve criminal cases. Remember “Raiders of the Lost Ark” with Indiana Jones? He was a archeologist – the best on the planet. And that’s why the U.S. military came to him for help; they knew nothing about history or mythology. Well it’s the same for what we do for governments worldwide today – we provide EXPERTISE. Nothing more.

How about Microsoft?

In the last five years or so, the biggest names in security — Symantec, Trend Micro, McAfee — all got their act together and made their security solutions lighter, faster and more effective than ever. Microsoft, however, never stopped working on its own security. Each version of Windows made critical changes to harden the operating system's defenses (they also had to do the same thing with Internet Explorer, which had some of the biggest, gapping security holes of all Microsoft’s software).

Building a more secure platform wasn’t enough. Microsoft eventually made the leap into full-blown protection. Thus, in 2010, was born Microsoft Security Essentials (MSE). Microsoft pitched it as simpler and lighter than other security options. It was also free.

The app promised to block viruses and malware. It installed incredibly fast and just seemed to work. For those who didn’t believe they should pay for a protected system, this was a viable alternative to other popular security freeware, including Avira, Comodo, Adaware, and AVG.

There existed, I would say, a detente between MSE and the big boys (Symantec, McAfee, Trend Micro), because most offered far more functionality than MSE. The aptly named Norton 360, for instance, includes, along with virus and malware protection, anti-spam, anti-phishing, parental controls and password management. Many people are willing to pay for those features.

When I asked Microsoft partner, Trend Micro about Windows 8’s new security chops, the company offered, in part, this cautious response:

“While we applaud Microsoft for including some minimal level of antivirus protection in its new Windows 8 OS and are proud to be a trusted Microsoft partner, we all know from experience that additional protections beyond the basic level of security to be provided by Microsoft are needed. Microsoft Windows 8 paired with Trend Micro is the better choice for security users.”

Note the use of the words “basic level of security”. Trend Micro and Symantec insist that Windows 8 is not equipped to fully protect users from today’s threats. Trend likens Windows 8 security to “the traditional security technologies (anti-malware and signature-based detections) [that] are rapidly becoming ineffective in protecting users from today’s threats.”

Windows 8 users apparently cannot uninstall Windows Defender, but you can disable it in the settings, which should allow compatible security solutions coming from Symantec, Trend Micro and others to handle the security chores on their own. Microsoft also told me it can work alongside these security suites. Even so, Microsoft has changed the game in other ways that may push aside these partners.

One obvious example is Internet Explorer 10. The version that lives in the Windows Design area of Windows 8 (yes, there are two) does not accept plug-ins (IE10 for the Desktop does). As a result, Norton and Trend Micro’s browser extensions that can, for example, pre-check links and store passwords, won’t work. Norton is developing its own browser, which will use the Internet Explorer engine underneath, but support Norton’s security plugins.

This is the kind of kludgey approach consumers are least likely to embrace. There’s also the simple fact that many of them may simply choose to use Windows Defender because it’s already there and running.Only time will tell if that will be enough protection.

Hmmmmm.... NSA Helping Microsoft to Improve Windows 7 Security.......how about Windows 8 as well.....How 'safe' is your PC? Source: infiniteunknown


The partnership between the NSA and Microsoft is not new.
In 2007, NSA officials acknowledged working with Microsoft during the development of Windows Vista to help boost its defenses against computer viruses, worms and other attacks. 

In fact, the cooperation dates back to at least 2005, when the NSA and other government agencies worked with Microsoft on its Windows XP system and other programs.

The NSA, which is best known for its electronic eavesdropping operations, is charged with protecting the nation’s national security computing infrastructure from online assaults.
As these systems become increasingly dependent on private-sector computing products, the NSA has reached out to a growing number of software companies.
“More and more, we find that protecting national security systems demands teaming with public and private institutions to raise the information assurance level of products and services more broadly,” Schaeffer said.

Schaeffer said that the NSA is also working to engage other companies, including Apple, Sun, and RedHat, on security standards for their products. The agency also works with computer security firms such as Symantec, McAfee, and Intel.

A growing array of law enforcement authorities, intelligence officials, and private computer experts has been warning about the rising threat of cyberattacks.
“The FBI considers the cyber threat against our nation to be one of the greatest concerns of the 21st century,” Steven Chabinksy, the deputy assistant director of the FBI’s cyber division, told the same congressional committee.
The Obama administration has been under pressure to name a cybersecurity chief to reinvigorate the government’s efforts to protect its most sensitive computer networks. Some press reports suggest that appointment could come as early as next week.

Update at 5:30 p.m. ET: The text of Schaeffer’s testimony, as prepared for delivery, is now online here.

Update at 2 p.m. ET: The NSA and other cybersecurity experts say that simple precautions (such as installing system updates regularly and running anti-virus software and firewalls) should protect against about 80% of the attacks out there. This means that if users took these steps, the NSA and others could focus on the more dangerous 20%, or so the theory goes. Put another way, of course, that means about 20% of attacks are sophisticated enough to theoretically defeat standard security measures.

Hmmmm.........Any of you still feel safe while surfing the web?

Related: Revealed: The Top Secret Rules That Allow NSA To Use US Data Without A Warrant (Guardian)

And for the real paranoia freak : How NSA access was built into Windows