Stories
Slash Boxes
Comments

SoylentNews is people

posted by CoolHand on Sunday August 23 2015, @11:05PM   Printer-friendly
from the so-glad-we-run-free-software dept.

Let's assume the information about the Windows 10 key logging is true.
Access to this key logger data is the holy grail in computer hacking.
A dream of every "commercial" hacker. This means you can fully automated generate Fullz each at the moment $35 USD worth.
45 mio. (of 1.5 billion, data from 11-Aug-2015, strong growing) Windows 10 systems at the moment.
The average DNS bit-flip error rate is 1 in 100,000 requests. See Bitsquatting: DNS Hijacking without exploitation

Here is one thought-provoking quote from that dinaburg.org article:

Some machines control considerably more traffic than others. While a bit-error in the memory of a PC or phone will only affect one user, a bit-error in a proxy, recursive DNS server, or a database cache may affect thousands of users. Bit-errors in web application caches, DNS resolvers, and a proxy server were all observed in my experiment. For instance, a bit error changing fbcdn.net to fbbdn.net led to more than a thousand Farmville players to make requests to my server.

P And this are only 1 bit-flips. As it turned out multiple bit flips are even more common than single bit-flips.
This means at least 450 wrong DNS requests from this 45 mio. Windows 10 users. Per domain.
3 domains (nsatc.net, footprintpredict.com, microsoft.com) Wrong requests every day: (A record TTL):
nsatc.net=3 h, footprintpredict.com=0.5 h, microsoft.com=2 h == (24/3*450)+(24/0.5*450)+(24/3*450)==30,600

Not all DNS Bitquatting domains have equal value. The order of bit flipping probability is 0,6,(1+2),8,(3+13),14,12,15,(4+5),(7+9+11),10
The bit in position #0 is 100 times more likely to be flipped than one in position #10
If someone like to exact calculate what are the most likely single and multi bit-flip bitquatting names are, here: Observations on checksum errors in DNS queries are all the data you need to do this.

What single bit-flip bitquatting names are free and which are taken ?
(the taken and connected ones are listed with the IP and country)
[Editor's note: I am just listing a few of the more concerning Microsoft bit-flips in interest of brevity. Please see original submission for the very large full list..]
oicrosoft.com,52.74.200.167,Singapore
iicrosoft.com
eicrosoft.com,103.31.75.164,Hong Kong
mkcrosoft.com,72.52.4.91,United States
mycrosoft.com,208.91.197.104,Virgin Islands
mibrosoft.com,209.15.13.134,United States
miarosoft.com,52.74.200.167,Singapore
mikrosoft.com,65.55.39.10,United States
misrosoft.com,103.224.182.217,Australia
micsosoft.com,65.55.39.10,United States
mic2osoft.com,52.74.200.167,Singapore
microqoft.com,65.55.39.10,United States
microwoft.com,54.174.31.254,United States
microcoft.com,185.53.177.9,Germany
micro3oft.com,23.21.201.35,United States
microsnft.com,184.187.12.126,United States
microsovt.com,208.91.197.104,Virgin Islands
microsofu.com microsofv.com microsofp.com

I'm totally surprised that not all of them are already taken.
Does Microsoft care ? Of course not.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Insightful) by Runaway1956 on Monday August 24 2015, @02:01PM

    by Runaway1956 (2926) Subscriber Badge on Monday August 24 2015, @02:01PM (#227017) Journal

    The EULA and the privacy policy make it prety plain that they WERE recording keystrokes. The apparent claim is, they've shut it off. I guess it boils down to whether you trust Microsoft or not.

    "just like Apple and Google and everyone else does"

    Who, exactly, do you refer to with "everyone else"? I'm not aware of any Linux distro that incorporates keyloggers, other than those Android surveillance devices manufactured for the telcos.

    https://answers.microsoft.com/en-us/insider/forum/insider_wintp-insider_security/how-to-turn-off-windows-10-key-logging/d7da1704-258f-4c08-9f75-50b26e8928f7?auth=1 [microsoft.com]
    From the second link:

    For example, when you:

    ...

            enter text, we may collect typed characters and use them for purposes such as improving autocomplete and spellcheck features.

    How can i disable collecting typed characters ?

    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 2) by Joe Desertrat on Monday August 24 2015, @06:37PM

    by Joe Desertrat (2454) on Monday August 24 2015, @06:37PM (#227169)

    How can i disable collecting typed characters ?

    Perhaps typing characters can be simulated, a program that types nonsense non-stop and floods MS with junk data, if it can be loaded on enough PC's perhaps even at the level of a DDOS effect, all initiated by MS on themselves.

    • (Score: 2) by cafebabe on Tuesday August 25 2015, @02:41PM

      by cafebabe (894) on Tuesday August 25 2015, @02:41PM (#227608) Journal

      While I find your proposal amusing, I would like to note that Windows10 is so far removed from general purpose computing that it would be trivial for Microsoft to remove widespread implementations of such software by name and/or checksum on the basis that user intention is "malware".

      --
      1702845791×2