SoylentNews is people
SoylentNews
Let's assume the information about the Windows 10 key logging is true.
Access to this key logger data is the holy grail in computer hacking.
A dream of every "commercial" hacker. This means you can fully automated generate Fullz each at the moment $35 USD worth.
45 mio. (of 1.5 billion, data from 11-Aug-2015, strong growing) Windows 10 systems at the moment.
The average DNS bit-flip error rate is 1 in 100,000 requests. See Bitsquatting: DNS Hijacking without exploitation
Here is one thought-provoking quote from that dinaburg.org article:
Some machines control considerably more traffic than others. While a bit-error in the memory of a PC or phone will only affect one user, a bit-error in a proxy, recursive DNS server, or a database cache may affect thousands of users. Bit-errors in web application caches, DNS resolvers, and a proxy server were all observed in my experiment. For instance, a bit error changing fbcdn.net to fbbdn.net led to more than a thousand Farmville players to make requests to my server.
P
And this are only 1 bit-flips. As it turned out multiple bit flips are even more common than single bit-flips.
This means at least 450 wrong DNS requests from this 45 mio. Windows 10 users. Per domain.
3 domains (nsatc.net, footprintpredict.com, microsoft.com) Wrong requests every day: (A record TTL):
nsatc.net=3 h, footprintpredict.com=0.5 h, microsoft.com=2 h == (24/3*450)+(24/0.5*450)+(24/3*450)==30,600
Not all DNS Bitquatting domains have equal value. The order of bit flipping probability is 0,6,(1+2),8,(3+13),14,12,15,(4+5),(7+9+11),10
The bit in position #0 is 100 times more likely to be flipped than one in position #10
If someone like to exact calculate what are the most likely single and multi bit-flip bitquatting names are, here: Observations on checksum errors in DNS queries are all the data you need to do this.
What single bit-flip bitquatting names are free and which are taken ?
(the taken and connected ones are listed with the IP and country)
[Editor's note: I am just listing a few of the more concerning Microsoft bit-flips in interest of brevity. Please see original submission for the very large full list..]
oicrosoft.com,52.74.200.167,Singapore
iicrosoft.com
eicrosoft.com,103.31.75.164,Hong Kong
mkcrosoft.com,72.52.4.91,United States
mycrosoft.com,208.91.197.104,Virgin Islands
mibrosoft.com,209.15.13.134,United States
miarosoft.com,52.74.200.167,Singapore
mikrosoft.com,65.55.39.10,United States
misrosoft.com,103.224.182.217,Australia
micsosoft.com,65.55.39.10,United States
mic2osoft.com,52.74.200.167,Singapore
microqoft.com,65.55.39.10,United States
microwoft.com,54.174.31.254,United States
microcoft.com,185.53.177.9,Germany
micro3oft.com,23.21.201.35,United States
microsnft.com,184.187.12.126,United States
microsovt.com,208.91.197.104,Virgin Islands
microsofu.com microsofv.com microsofp.com
I'm totally surprised that not all of them are already taken.
Does Microsoft care ? Of course not.
(Score: 4, Insightful) by Nollij on Sunday August 23 2015, @11:26PM
The article seems to assume that this data can be passed, in a usable form, to a different host, based on hardware errors alone.
Obviously, Microsoft would encrypt such data. Not only to prevent this from getting into the wrong hands (e.g. traditional DNS hijacks, etc), but to (hopefully) keep it from being easily discovered.
Unless, of course, the first 3 lines were nothing but clickbait, and unrelated to the actual story here.
(Score: 1, Interesting) by Anonymous Coward on Monday August 24 2015, @12:04AM
What is so obvious about that?
It isn't their data. They are sucking up the data of millions of others. That makes it obvious that there is no risk to Microsoft in not encrypting the data and there would be a significant expense to them in decryption the data. Any beancounter or MBA would veto encryption right quick and any logical, or employment, minded programmer would shrug and be glad to go home a couple hours early.
(Score: 1) by tftp on Monday August 24 2015, @12:05AM
Obviously, Microsoft would encrypt such data. Not only to prevent this from getting into the wrong hands (e.g. traditional DNS hijacks, etc), but to (hopefully) keep it from being easily discovered
And, most importantly, to prevent the government from stealing the stolen data without paying Microsoft. I would certainly presume that the data is not only signed by the reporting host's private key, but is also encrypted to the keypair that only Microsoft has access to. No amount of redirection of traffic will help because the reporting host will simply fail to negotiate the SSL connection.
(Score: 4, Insightful) by Runaway1956 on Monday August 24 2015, @04:29AM
Perhaps you've heard of CISPA. The major corporations join a club with the government as equal members. All the members share all of their data. Perfect setup for everyone to exploit the c̶a̶t̶t̶l̶e̶ masses.
Before you counter that CISPA has been defeated - I'll point out that unofficial agreements work fine for private clubs if the general public can't be party to the agreements.
(Score: 1) by tftp on Monday August 24 2015, @04:41AM
There is no honor among thieves. Each will be protecting his own, at least so that they can exchange their haul for someone else's. This information costs real money to collect, and these companies are not in it just because they are curious.
(Score: 2) by Runaway1956 on Monday August 24 2015, @04:52AM
Yes, quid pro quo. And, the outsiders have no bargaining chips. So, the club members are offering each other snippets of data, and asking what they are offered for more data of a similar nature. The other players have their own snippets at hand, so they start making offers. Eventually, of course, once all the players understand how valuable the system is to them, they'll just set up a clearing house for the data flow.
All of the significan players are already collecting the data, CISPA just formalizes a manner in which they can profit from data that they aren't using directly.
(Score: 3, Insightful) by PinkyGigglebrain on Monday August 24 2015, @12:22AM
Easy way to find out.
look at the packets being sent. Are they encrypted, compressed or plain text.
"Beware those who would deny you Knowledge, For in their hearts they dream themselves your Master."
(Score: 2) by Nerdfest on Monday August 24 2015, @01:32AM
This is what's bothering me. If the packets can't be read, how do people know that they're gathering and batching all keystrokes. I'm sure the connections are at least through SSL. Can anybody provide details on this ... I was curious after the previous article as well.
(Score: 4, Interesting) by tibman on Monday August 24 2015, @02:21AM
I looked a bit during the last article and there is some pre-talk before the ssl connection. After resolving the domain it looks like it receives cert details (unencrypted) before initiating a TLS 1.2 connection back to the motherland. I could speculate a man-in-the-middle scenario but it would be mostly bs i could never backup. I'm certainly open to hearing other people's speculation though! : )
SN won't survive on lurkers alone. Write comments.
(Score: 2) by mojo chan on Monday August 24 2015, @12:16PM
The data being transmitted is not keylogger data. Windows 10 can, with the user's permission, transmit fragments of handwriting or speech input that the user went back and corrected. The idea is to learn from mistakes. So what gets sent is the fragment of input (as vectors for handwriting or compressed and filtered audio for speech), the original guess character and the corrected character. The whole lot is packaged up and encrypted.
There is no evidence that Windows 10 includes a keylogger for keyboards, or that it even captures all input data routinely (it would need to be stored somewhere).
const int one = 65536; (Silvermoon, Texture.cs)