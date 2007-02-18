from the colour-me-surprised-again dept.
Every few years, bugs known to affect all known version of Microsoft Windows turn up calling into question many claims from the lobbying giant regarding their software branch. The Inquirer is one of many sites reporting on recently leaked NSA tools which can target all versions of Windows from the past two decades. Althougth the emphasis in the article titles is on NSA, the exploits only make use of widely known holes in Microsoft systems which Microsoft often tells NSA about long before issuing an attempt at a patch. Their collaboration goes back for years, and even long before it was the first to join the NSA in kicking off the Prism program.
Researcher Sean Dillon from cybersecurity firm RiskSense tweaked the source code of three nicked NSA exploits - EternalSynergy, EternalChampion and EternalRomance - to work against Windows versions dating back as far as Windows 2000.
Windows machines taken over through these exploits are part of a large black market industry where compromised machines are bought, sold, traded, and fought over for the purposes of producing spam, launching distributed denial of service attacks, spreading further malware, ad click spoofing, manipulating polls and games, and many more illegal activities.
(Score: 2) by Runaway1956 on Thursday February 08, @12:52AM (4 children)
Leaked NSA tools can get into every Windows OS ever!
(Score: 2) by maxwell demon on Thursday February 08, @12:58AM (3 children)
I doubt they can get into Windows 2.0 — for the simple fact that it didn't support networking.
(Score: 3, Informative) by requerdanos on Thursday February 08, @01:06AM
Not as a Windows component, no, but it ran on top of DOS, which did have something called "Microsoft LAN Manager" which you could run to provide networking support. The familiar "NET [USE, etc.]" commands are a remnant of LAN Manager.
(Score: 2) by Runaway1956 on Thursday February 08, @02:33AM (1 child)
WinNT 3.1 was apparently the first Win OS that wasn't built on top of DOS. https://en.wikipedia.org/wiki/Windows_NT_3.1 [wikipedia.org] However, all consumer versions of Windows prior to Win95 were just overlays on top of DOS. If Windows was installed on a DOS which had networking, then Windows was able to connect to networks.
That Wiki page helps to clarify the history of OS/2 and NT, if anyone has questions on that subject. Basically, Windows3 was a continuation of OS/2, whereas, NT3 incorporated things like 32 bit disk access. In 1993, NT3 had Lan Manager built in.
(Score: 4, Informative) by requerdanos on Thursday February 08, @02:53AM
all consumer versions of Windows
prior to Win95including 95, 98, and ME were just overlays on top of DOS.
Windows 95 was built on top of DOS and had a "boot to plain DOS" feature.
Windows 98 was built on top of DOS and had a "boot to plain DOS" feature.
Windows ME was built on top of DOS and had a "boot to plain DOS" feature that was hidden by default.
(Score: 5, Insightful) by requerdanos on Thursday February 08, @01:04AM (5 children)
Is it really just me who hears alarm bells accompanying any such statement? Why does Windows still even exist as a going concern, given the above? This is a significant part of why I don't run Windows anymore and I encourage World+Dog to join me in this.
If I was really anti-NSA to the core (and I am pretty anti-NSA, go away NSA, I am a US-ian, leave me alone), I would not use Internet [theguardian.com] either. But I guess you have to pick your battles.
"Don't use Windows," for me, in my situation, is pretty easy, while "Don't use Internet" would be a lot harder.
If you are required to use Windows by your employer, this is a shame. But if required to use it by your school, that's a frightening injustice [gnu.org] that furthers the cycle of dependence on an undesirable ecosystem.
(Score: 2) by Azuma Hazuki on Thursday February 08, @03:11AM (4 children)
The older I get the more I realize the world follows the golden rule: he who has the gold makes the rules. Most of our fellow human beings, it appears, are utter moral nullities. And there's nothing we can do about it; when the worst of them get power, we can't even realistically defend ourselves.
(Score: 2) by crafoo on Thursday February 08, @04:10AM (3 children)
Money, "gold", is a proxy for power. Power means you can make people do things they would otherwise prefer not to. So yeah, people with the power make the rules and then enforce them with violence as necessary. It has interesting implications once you take it to heart, in a Realpolitik sense. Who actually rules our country? How do we interact with the rest of the world and in what manner do we make agreements?
One of the most fascinating aspects of the latest PC and SJW trend is their ability to amass some amount of power over their fellow citizens through what appears to be simply controlling speech, language, and communication. I don't think it will survive when those with real power decide it no longer serves them.
(Score: 5, Informative) by Azuma Hazuki on Thursday February 08, @05:13AM (1 child)
You don't think the ones with "real power" are on your side, do you? Please don't delude yourself into thinking they'll let you be part of the club if you kiss up to them enough...
(Score: 3, Informative) by canopic jug on Thursday February 08, @05:57AM
You don't think the ones with "real power" are on your side, do you? Please don't delude yourself into thinking they'll let you be part of the club if you kiss up to them enough...
The late George Carlin said it rather clearly for those obtuse enough not to see it for themselves or in too much denial to admit what they see: "It's a big club and you ain't in it [youtube.com]"
Likewise, sucking up to Bill and his empire won't somehow, magically make anyone wealthy or powerful. He got his money from his parents and the DOS monopoly granted by his mom's connections inside IBM. From there it was just to continue his sole college activity of playing poker (bluff and bullshit) and Risk (leverage and extend an existing monopoly) using those two presents.
About the known lack of security in any Windows system, that ignored by people hoping find a path to riches and wealth by sucking up to Bill. However, on a national level, I'm starting to wonder how indpendent some countries really are and how much their own politicians are really allowed to make their own decisions. It's in no country's own interest to run or use M$ products at all. Yet they all do, almost exclusively. However, it is a great advantage to have their opponents using M$ products, in both government and business. That guarantees no surprises and that intel teams can check up on activities as needed without any inconvenience.
Money is not free speech. Elections should not be auctions.
(Score: 2) by captain normal on Thursday February 08, @05:18AM
(Score: 2) by stormwyrm on Thursday February 08, @08:50AM
These same clowns also want to be entrusted with the master keys for backdoored encryption technology? The fact that they are stockpiling these exploits instead of reporting them to Microsoft to have them fixed causes enough damage as it is. If they get their way with encryption backdoors, which amounts to incorporating a deliberate vulnerability worse than any of those in encryption systems, within two weeks the FSB, the Mossad, and the Chinese Ministry of State Security will have these backdoor master keys too, with the other intelligence agencies of the world getting them as well soon after. Within a few months likely those keys would also leak to the black hat underground, and then there will be a wave of cybercrime that would dwarf any crimes that might have been prevented through the use of backdoored encryption.
