Win 10 NSA exploit thought

[DePhoegon]

I personally just have to wonder if these 'tools' had never leaked, would that have been worse then it leaking & the wannna make me cry malware getting it.

 

Though I will point this out...  The exploits (while not clearly stated on the wan show) .. allowed execution of external code w/o user permissions needed.

-Of which the NSA had access to for a long time.

 

The major problem that was skirted around or missed is that..   'Is it really smart for businesses to not keep on the updates, when the NSA is often known to have exploits to all the major OS's'  

 

When is it no longer MS fault, and it lays on the feet of those who actively choose to not update?

 

How much data, & how many times has the NSA exploited this... and Just why is it acceptable to blame MS for not being clear about their updates....  (because announcing that they patched XYZ exploits just seems like a morbidly horrible idea... because it lets the ones know about it, that exploiting it.. and giving them some notice to counter/work around it)

 

Though,  Is it one to wonder if this 'leak' was purposeful to a bs group to create a FU worm.to see how many actually patch... and how likely their exploits will continue to work against their targets (businesses & targets with a large amount of personal data) & just when they will need to redevelop exploits & such.

 

That windows Source code isn't to hard to get (for those that truly look for it) and every country Windows is sold in, their government has the source code. (and every government would likely have developers looking for exploits)   With that...  Mind you that they still have the same teams, and the source code for Linux is available to them, and that those teams get paid Major dollars to find exploits & bugs, and is it to much to think that 'defense' orginazations would find a way to weaponize them for their own ends.

 

I personally would like to know what Linus reply would be, in regards to the fact that... if these leaks were never known...  & that the exploits allowed execution of code...  do you really think that 'telemetry data'(to MS) is really the problem that should be focused on, and if recommending a hard stance against updates is smart.

[RGProductions]

I have a very unpopular opinion here. I think it's good for some groups like the FBI and NSA to be able to do this, and potentially save lives by interrupting things like this.

[DrMacintosh]

Well I think the NSA should not be actively attempting to breach operating systems and if they are they should report it to MS so MS can patch it immediately. 

 

I'm morally, and constitutionally against what the NSA does but the fact that this information at least got out........even though many users and businesses had to go down for it.......Is a good thing. If this information had not gotten out, and computers were going down every minute, MS would have to scramble their devs to track down the issue without any help. 

 

I do not think the telemetry that MS collects is a problem in this case. However, MS should stop collecting user data in this way. I don't care if it "helps improve the user experience" ads on your desktop certainly don't do that. I do not really like the direction MS has been heading lately with the new management. 

 

Recommending against updating is usually never a good thing as far as security is concerned. 

 

Just my 2¢

[DePhoegon]

1 minute ago, RGProductions said:

I have a very unpopular opinion here. I think it's good for some groups like the FBI and NSA to be able to do this, and potentially save lives by interrupting things like this.

even though this 'exploit' that this worm uses, was created by the NSA itself?

-The only reason MS knew about the exploit to patch it, was that the NSA told them about the 'leaked' exploits.  [It's that kinda deep]

 

Not saying governments shouldn't have access to source code (cuz security yo) but...  in this case.. it's all on the NSA for all the damage done.

[DrMacintosh]

5 minutes ago, RGProductions said:

I have a very unpopular opinion here. I think it's good for some groups like the FBI and NSA to be able to do this, and potentially save lives by interrupting things like this.

I would be able to hold this opinion, if there were ever evidence of these programs actions having ever resulted in what they claim. 

 

Also the 4th amendment. 

[Centurius]

6 minutes ago, DePhoegon said:

even though this 'exploit' that this worm uses, was created by the NSA itself?

-The only reason MS knew about the exploit to patch it, was that the NSA told them about the 'leaked' exploits.  [It's that kinda deep]

 

Not saying governments shouldn't have access to source code (cuz security yo) but...  in this case.. it's all on the NSA for all the damage done.

Actually it's still on Microsoft if any party is to blame. Intelligence agencies might have discovered the vulnerability but they weren't the ones to develop the code Microsoft used.

[Delicieuxz]

10 minutes ago, DePhoegon said:

-The only reason MS knew about the exploit to patch it, was that the NSA told them about the 'leaked' exploits.  [It's that kinda deep]

 

Not saying governments shouldn't have access to source code (cuz security yo) but...  in this case.. it's all on the NSA for all the damage done.

Or, Microsoft informed the NSA of the vulnerability, as they do with all vulnerabilities they discover, and agreed with the USA government to leave it open so that the NSA could weaponize it.

 

[DePhoegon]

Just now, Centurius said:

Actually it's still on Microsoft if any party is to blame. Intelligence agencies might have discovered the vulnerability but they weren't the ones to develop the code Microsoft used.

Right.. because they totally developed the holes in the source code they give to every nation. *coughs*

 

Pretending MS knows all... and can plan for all day 1.. is some what silly.  

-This is why there is 'Windows Updates', to patch Exploits & problems that they didn't know about, & the fact that it was fixed asap & rolled out in updates  is literally the best that anyone could reasonably expect from any OS developer/maintainer.

 

This is more a credit on NSA developers that were able to see an exploit within the Source code that MS missed, and if we are honest...  They aren't bad really. 

 

They(NSA) developed the exploit..  They didn't just find it in the code.

 

Which part of the reason I would lay the blame on those that actually developed the exploit & those refusing to patch security related patches on the OS (for what ever reasons they have)

 

[DePhoegon]

Just now, Delicieuxz said:

Or, Microsoft informed the NSA of the vulnerability, as they do with all vulnerabilities they discover, and agreed with the USA government to leave it open so that the NSA could weaponize it.

 

No, just... no.   Do you REALLY think that MS would be allowed to ship an OS with that exploit when EVERY country that it's allowed to be sold in, their government has a copy of that source code.

 

Why in the world would they(MS) even need this?  They seriously have system access as is, and if they were truly in bed with the NSA (Which is just ... dumb & paranoid), they'd just hand over the path to that access.

[Centurius]

5 minutes ago, DePhoegon said:

Right.. because they totally developed the holes in the source code they give to every nation. *coughs*

 

Pretending MS knows all... and can plan for all day 1.. is some what silly.  

-This is why there is 'Windows Updates', to patch Exploits & problems that they didn't know about, & the fact that it was fixed asap & rolled out in updates  is literally the best that anyone could reasonably expect from any OS developer/maintainer.

 

This is more a credit on NSA developers that were able to see an exploit within the Source code that MS missed, and if we are honest...  They aren't bad really. 

 

They(NSA) developed the exploit..  They didn't just find it in the code.

 

Which part of the reason I would lay the blame on those that actually developed the exploit & those refusing to patch security related patches on the OS (for what ever reasons they have)

 

That's why I included the if any part. Microsoft made a fully conscious decision to use a closed source system. The immediate consequence of this is that the group of people that can review your code for vulnerabilities is very limited. The NSA could not develop an exploit without a vulnerability existing in the system, the responsibility for that vulnerability existing is entirely on Microsoft.

 

As for organizations that didn't update being to blame. Have you ever tried to keep a company that may well have thousands of devices up to date? That's not even considering companies that need to wait to see how updates pan out to make sure compatibility with a system they are using isn't broken. When a regular consumer gets an update that breaks their system it's shitty. When it happens to a major company it costs millions.

[Delicieuxz]

10 minutes ago, DePhoegon said:

No, just... no.   Do you REALLY think that MS would be allowed to ship an OS with that exploit when EVERY country that it's allowed to be sold in, their government has a copy of that source code.

Microsoft does ship an OS with likely many vulnerabilities that they know of.

 

Quote

Why in the world would they(MS) even need this?  They seriously have system access as is, and if they were truly in bed with the NSA (Which is just ... dumb & paranoid), they'd just hand over the path to that access.

Maybe your perception of dumb and paranoid is really just a projection of your own ignorance and naivety.

 

https://www.theguardian.com/world/2013/jul/11/microsoft-nsa-collaboration-user-data

http://www.itproportal.com/2014/05/14/microsoft-openly-offered-cloud-data-fbi-and-nsa/

https://www.forbes.com/sites/petercohan/2013/06/20/project-chess-how-u-s-snoops-on-your-skype/#46e6b422484e

https://arstechnica.com/security/2013/06/nsa-gets-early-access-to-zero-day-data-from-microsoft-others/

https://www.bloomberg.com/news/articles/2013-06-14/u-s-agencies-said-to-swap-data-with-thousands-of-firms

 

And that system access you speak of is in-part due to leaving things open for other people to use. They're called backdoors, and they're deliberate.

 

 

[DePhoegon]

1 minute ago, Centurius said:

That's why I included the if any part. Microsoft made a fully conscious decision to used a closed source system. The immediate consequence of this is that the group of people that can review your code for vulnerabilities is very limited. The NSA could not develop an exploit without a vulnerability existing in the system, the responsibility for that vulnerability existing is entirely on Microsoft.

 

As for organizations that didn't update being to blame. Have you ever tried to keep a company that may well have thousands of devices up to date? That's not even considering companies that need to wait to see how updates pan out to make sure compatibility with a system they are using isn't broken. When a regular consumer gets an update that breaks their system it's shitty. When it happens to a major company it costs millions.

In short  'Open source software is best' or did I miss your subtle Linux point?  Though you tend to miss how for a 'closed source system' easily their base source is available to everyone.  MS knows this, and so does anyone who thinks for a few moments.

 

Isn't that the very point of 'rolling updates' within a system?    Though that said.. it's not the fault of MS when companies introduce month+ long update review cycles for their company.  It's like blaming Toyota because someone refused to replace a 'sketchy' door lock, after a mass recall, and their truck gets stolen and it had loads of sensitive 'stuff' in there.

[DePhoegon]

2 minutes ago, Delicieuxz said:

 

 

Maybe your perception of dumb and paranoid is really just a projection of your ignorance.

 

https://www.theguardian.com/world/2013/jul/11/microsoft-nsa-collaboration-user-data

http://www.itproportal.com/2014/05/14/microsoft-openly-offered-cloud-data-fbi-and-nsa/

https://www.forbes.com/sites/petercohan/2013/06/20/project-chess-how-u-s-snoops-on-your-skype/#46e6b422484e

 

1. Where is this 'said document' that proves any of that?

-- outside on a site that uses more clickbait then I've seen in a while

2. Where is this 'said document'

-- Outside a very clickbaity & ad driven view site.

3. Invalidated by the first one.

 

Though you're missing the point entirely as well..  because None of those 'partnerships' if you're paranoid enough to believe them (and to be clear true or not, it doesn't matter) is that... they NEVER REQUIRED AN EXPLOIT TO BE DEVELOPED.

--as in there never was an exploit in any of these stories, and honestly ..  these are the click baitest things I've seen in a long long time.

 

again, If they where in bed with each other.... THERE WOULD BE NO NEED FOR AN EXPLOIT TO HAVE BEEN DEVELOPED, the NSA would have 'annon' access to the systems to execute code, without any need for development on their part.

 

[Delicieuxz]

18 minutes ago, DePhoegon said:

1. Where is this 'said document' that proves any of that?

What said document? Microsoft, and other companies, partner with the NSA for data-sharing. That is not conspiracy, that's reality.

 

https://arstechnica.com/security/2013/06/nsa-gets-early-access-to-zero-day-data-from-microsoft-others/

https://www.bloomberg.com/news/articles/2013-06-14/u-s-agencies-said-to-swap-data-with-thousands-of-firms

 

Quote

-- outside on a site that uses more clickbait then I've seen in a while

2. Where is this 'said document'

-- Outside a very clickbaity & ad driven view site.

3. Invalidated by the first one.

 

Though you're missing the point entirely as well..  because None of those 'partnerships' if you're paranoid enough to believe them

 

 

(and to be clear true or not, it doesn't matter) is that... they NEVER REQUIRED AN EXPLOIT TO BE DEVELOPED.

 

--as in there never was an exploit in any of these stories, and honestly ..  these are the click baitest things I've seen in a long long time.

Those sites are the furthest things from clickbait. Have you really never heard of Forbes, or The Guardian? And half of the current headline subjects on ITProPortal are being discussed in LTT threads.

 

What does it make a person who thinks with certainty that something which is actual reality is "paranoid"? What does that say about your personal judgment?

 

Quote

again, If they where in bed with each other.... THERE WOULD BE NO NEED FOR AN EXPLOIT TO HAVE BEEN DEVELOPED, the NSA would have 'annon' access to the systems to execute code, without any need for development on their part.

The way of access Microsoft would provide would be what is called an exploit, or backdoor.

[DePhoegon]

24 minutes ago, Delicieuxz said:

What said document? Microsoft, and other companies, partner with the NSA for data-sharing. That is not conspiracy, that's reality.

 

https://arstechnica.com/security/2013/06/nsa-gets-early-access-to-zero-day-data-from-microsoft-others/

https://www.bloomberg.com/news/articles/2013-06-14/u-s-agencies-said-to-swap-data-with-thousands-of-firms

 

Those sites are the furthest things from clickbait. Have you really never heard of Forbes, or The Guardian? And half of the current headline subjects on ITProPortal are being discussed in LTT threads.

 

What does it make a person who thinks with certainty that something which is actual reality is "paranoid"? What does that say about your personal judgment?

 

The way of access Microsoft would provide would be what is called an exploit, or backdoor.

Let me share a few* things with you that would invalidate this 'exploit'

1. Windows is built to support multiple account & levels accounts (There just are not 2)

2. Windows accounts can be hidden from view completely

3. The only real methods for viewing the registry are MS programs

4. That updaters like Nvidia use to have accounts that allowed for file modifications, that were able to run along side any other account used for updates. (GPU related)

 

Let me explain what I do to help service computers I happen to regularly deal with.

1. I create an administrative account.

2. I use the registry to tell the system to hide it from view, 

-- leaving it accessible to being logged into remotely via client & 'text entry'

 

The pot shot of this is that they literally are unable to see, delete or disable my account (which is used to service the computer), and unless they or a malware goes into the registry to the flag to unmask the account, it's not accessible via gui or folder.

 

 

Now let me tell you how easy it'd be to setup a method that most would never notice or ever see used.

1. They setup the registry editors to ignore a flagged key

2. They setup a key that hides an account completely, & disables (or moves them to a deep file hidden away in some crowded area in the system files under unassuming names, and remember Windows is fully capable to mounting files as drives on demand) any personal files for it.

3. They place that key with a flagg so it's hidden, and nestle it in some absurd part of the registry that's just swamped by other entries that no one cares about, but are needed otherwise.

4. They create a super admin account that has rights to bypass the UAC completely not even prompting it, and share the encrypted name/password setup to the local governments

5. the place that superadmin account as the completely hidden one.

 

  No need for a damn exploit what so ever.. & mind you .. Windows is 1000% capable of doing this NOW. Why in the world would they even bother doing an exploit that could be driven by a virus (turning it into a worm)

 

I call it paranoid because ... frankly windows already had better ways to share access in quicker, easier, & better means that would provide miles less risk then what this exploit is doing.

[Delicieuxz]

4 minutes ago, DePhoegon said:

Let me share a few* things with you that would invalidate this 'exploit'

1. Windows is built to support multiple account & levels accounts (There just are not 2)

2. Windows accounts can be hidden from view completely

3. The only real methods for viewing the registry are MS programs

4. That updaters like Nvidia use to have accounts that allowed for file modifications, that were able to run along side any other account used for updates. (GPU related)

 

Let me explain what I do to help service computers I happen to regularly deal with.

1. I create an administrative account.

2. I use the registry to tell the system to hide it from view, 

-- leaving it accessible to being logged into remotely via client & 'text entry'

 

The pot shot of this is that they literally are unable to see, delete or disable my account (which is used to service the computer), and unless they or a malware goes into the registry to the flag to unmask the account, it's not accessible via gui or folder.

 

Really basic things. If you think that's made the accounts invisible... That's like saying your car's tires are invisible if you take them off the wheels and put them in the car trunk.

[DePhoegon]

Just now, Delicieuxz said:

 

Really basic things. If you think that's made the accounts invisible... That's like saying your car's tires are invisible if you take them off the wheels and put them in the car trunk.

In huh...  Unless you're developing a 3rd party tool that knows how to call accounts on a system, then what's your point?

 

You also know that basic methods could just employed right?  like only retrieving a list of accounts are easily visible or have files on the system.

 

My method the account is still there, but unless you know the 'name' of the account directly, & how to efficiently use the "power Shell", or some other external tool...  you're not getting to it.   That said..  I didn't go for massive secrecy I did it to provide another layer of protection, and if MS were to do this.. they could completely mask the account and hide it from all but the most detirmened and even then other security practices could completely mask it.  It'd be dumb to assume they'd go half ass in a thing like this.   Come on.. Look at what it can do NOW for end users & power users, imagine what more coding would do for it if they where to go that 'eye on the inside' kind of route.

[mr moose]

everything is a big conspiracy if you look for the information that supports your ideals.