plugging holes in Windows that government was using

Here users can ask questions about security and tutorials about security can be posted to help others, too.
Message
Author
User avatar
lucky9
Forum Veteran
Forum Veteran
Posts: 12218
Age: 70
Joined: Wed Jul 12, 2006 5:54 am

plugging holes in Windows that government was using

#1 Postby lucky9 » Fri Jun 08, 2012 10:40 pm

Yes, even I am dishonest. Not in many ways, but in some. Forty-one, I think it is.
--Mark Twain

User avatar
GoManutd
Forum Guide
Forum Guide
Posts: 2952
Joined: Mon Jun 30, 2008 8:06 pm

Re: plugging holes in Windows that government was using

#2 Postby GoManutd » Sat Jun 09, 2012 7:30 am

i know it always warms my heart to know that the navy invested so much time and effort in their COTS program to incorporate windows into large platform, mission critical weapons systems :frustrated:

User avatar
zeeone
Forum Regular
Forum Regular
Posts: 884
Joined: Fri Jul 14, 2006 12:50 am

Re: plugging holes in Windows that government was using

#3 Postby zeeone » Sat Jun 09, 2012 10:10 am

Or maybe, it is the fake chips from China, put in the mission critical weapons system. :eek:
Research, Research, Research, Before You Walk The Plank.
Registered Linux User # 398829

User avatar
GoManutd
Forum Guide
Forum Guide
Posts: 2952
Joined: Mon Jun 30, 2008 8:06 pm

Re: plugging holes in Windows that government was using

#4 Postby GoManutd » Sat Jun 09, 2012 10:14 am

actually, they're real chips - it's the all the unknown potential backdoors in the firmware that keep security folks up at night

User avatar
joany
Forum Veteran
Forum Veteran
Posts: 6107
Joined: Mon Feb 12, 2007 1:45 pm

Re: plugging holes in Windows that government was using

#5 Postby joany » Sat Jun 09, 2012 10:26 am

But Flame illustrated deeper underlying security issues for Windows, in that Microsoft feared that copycats could tamper with the Windows Update process to prevent its potential removal. Some malware authors have been finding ways to literally "turn off" Windows Update, preventing fixes and patches from reach affected machines.


The company writes that it plans on "hardening" WU, commenting:

To increase protection for customers, the next action of our mitigation strategy is to further harden Windows Update as a defense-in-depth precaution. We will begin this update following broad adoption of Security Advisory 2718704 in order not to interfere with that update’s worldwide deployment. We will provide more information on the timing of the additional hardening to Windows Update in the near future.


My daughter, who uses Windows 7, recently got one of these on her computer:

Image

She shut down her computer, but it wouldn't shut down completely until Windows Update had installed a bunch of updates, which took over 10 minutes. When she restarted her computer, it completed booting into a screen with just her wallpaper: No desktop icons, no task bar, no start menu, and no way to start any applications. The only thing she could do was re-install Windows from the rescue disk, losing all her data and apps. (No, despite her mom's preaching, she doesn't back up her system.)

So much for the value of Windows Update. She now has it turned off.
MX-14; 3.12-0.bpo.1-686-pae kernel using 4GB RAM
2.4GHz AMD Athlon 4600+
NVidia GeForce 6150 LE; 304.121 Display Driver
You didn't slow down because you're old; you're old because you slowed down.

User avatar
JBoman
Forum Guide
Forum Guide
Posts: 1459
Age: 58
Joined: Wed Jul 12, 2006 4:30 pm

Re: plugging holes in Windows that government was using

#6 Postby JBoman » Sat Jun 09, 2012 10:51 am

GoManutd wrote:actually, they're real chips - it's the all the unknown potential backdoors in the firmware that keep security folks up at night

I vividly recall much tecno chatter from years back when it was announced by intel that beginning with pentium 4 and all future chips would be made with built-in backdoors. At the time the announcement boosted the sales of amd chips significantly because at least at the time amd had no intentions of building their chips with backdoors.... or so we were told anyway. :bagoverhead:
http://patentabsurdity.com/
AMD 64x2 2.6GHz 4GB ram M-11.9.92 kernel 3.10-3-amd64 kde 4.11.5 mixed/unstable
"beware a frequent flirt with potential disaster"

User avatar
GoManutd
Forum Guide
Forum Guide
Posts: 2952
Joined: Mon Jun 30, 2008 8:06 pm

Re: plugging holes in Windows that government was using

#7 Postby GoManutd » Sat Jun 09, 2012 10:57 am

intel and amd may not knowingly be building backdoors, but it's all the 3d party vendors that supply chips to the likes of intel, amd, ibm, etc. that are of real concern.

there's always going to be vulnerabilities, the difference with firmware/hardware related stuff is being able to test it all. realistically, there isn't a method for doing so. software you can always fingerprint, do pattern recognition, etc. but with firmware/hardware the stuff can lay dormant for years and only be triggered under very specific, unknown inputs.

User avatar
richb
Administrator
Posts: 12925
Age: 71
Joined: Wed Jul 12, 2006 2:17 pm

Re: plugging holes in Windows that government was using

#8 Postby richb » Sat Jun 09, 2012 11:31 am

joany wrote:
But Flame illustrated deeper underlying security issues for Windows, in that Microsoft feared that copycats could tamper with the Windows Update process to prevent its potential removal. Some malware authors have been finding ways to literally "turn off" Windows Update, preventing fixes and patches from reach affected machines.


The company writes that it plans on "hardening" WU, commenting:

To increase protection for customers, the next action of our mitigation strategy is to further harden Windows Update as a defense-in-depth precaution. We will begin this update following broad adoption of Security Advisory 2718704 in order not to interfere with that update’s worldwide deployment. We will provide more information on the timing of the additional hardening to Windows Update in the near future.


My daughter, who uses Windows 7, recently got one of these on her computer:

Image

She shut down her computer, but it wouldn't shut down completely until Windows Update had installed a bunch of updates, which took over 10 minutes. When she restarted her computer, it completed booting into a screen with just her wallpaper: No desktop icons, no task bar, no start menu, and no way to start any applications. The only thing she could do was re-install Windows from the rescue disk, losing all her data and apps. (No, despite her mom's preaching, she doesn't back up her system.)

So much for the value of Windows Update. She now has it turned off.

It has been very uneventful for me. Less obtrusive than Vista updates, and no issues.
Forum Rules
Guide - How to Ask for Help

Rich

Laptop: Acer V5-572G: Intel i5, 12 GIG mem, Intel graphics, SanDisk SSD, 256GB
Virtualbox: Win 7
Desktop: MX-15- 64, AMD A8 7600 FM2+ CPU R7 Graphics, fglrx driver, 16 GIG Mem. Samsung EVO SSD 250 GB

User avatar
joany
Forum Veteran
Forum Veteran
Posts: 6107
Joined: Mon Feb 12, 2007 1:45 pm

Re: plugging holes in Windows that government was using

#9 Postby joany » Sat Jun 09, 2012 12:11 pm

richb wrote:It has been very uneventful for me. Less obtrusive than Vista updates, and no issues.

Yes, the auto-updates are uneventful most of the time. But some of them can be troublesome, as my daughter found out.

On my WinXP setup I found the safest way to install upgrades was to do them manually: I checked Microsoft's security alerts, made a note of the patches that needed to be installed, waited about 2 weeks until Microsoft worked out all the bugs, and then installed them myself one patch at a time (making sure to back up everything first).

It's true my upgrade method left my system unpatched for some time, but it usually takes Microsoft several weeks to identify and fix zero-day exploits while they're on the loose anyway. In the case of Flame, it took them several years to figure out what had happened, and AFAIK they still don't have a fix.
MX-14; 3.12-0.bpo.1-686-pae kernel using 4GB RAM
2.4GHz AMD Athlon 4600+
NVidia GeForce 6150 LE; 304.121 Display Driver
You didn't slow down because you're old; you're old because you slowed down.

User avatar
uncle mark
Forum Veteran
Forum Veteran
Posts: 5354
Age: 2015
Joined: Sat Nov 11, 2006 10:42 pm

Re: plugging holes in Windows that government was using

#10 Postby uncle mark » Sat Jun 09, 2012 12:12 pm

richb wrote:
joany wrote:So much for the value of Windows Update. She now has it turned off.

It has been very uneventful for me. Less obtrusive than Vista updates, and no issues.


The whole Windows Update mechanism is a cobbled together kludge. When it breaks, it breaks bad.

IMO, the single best thing that Linux has going for it is it's system for package management. I remember being totally blown away by Synaptic, once it finally dawned on me how it worked in a big picture sense -- which did take a bit of a "Eureka" moment.
Desktop: Custom build Asus/AMD/nVidia -- MX-15 KDE, MEPIS 11
Laptop: Acer Aspire 5250 -- MX-15


Return to “Security”

Who is online

Users browsing this forum: No registered users and 1 guest