According to leaked internal documents from the German Federal Office for Information Security (BSI) that Die Zeit obtained, IT experts figured out that Windows 8, the touch-screen enabled, super-duper, but sales-challenged Microsoft operating system is outright dangerous for data security. It allows Microsoft to control the computer remotely through a built-in backdoor. Keys to that backdoor are likely accessible to the NSA – and in an unintended ironic twist, perhaps even to the Chinese.
The backdoor is called “Trusted Computing,” developed and promoted by the Trusted Computing Group, founded a decade ago by the all-American tech companies AMD, Cisco, Hewlett-Packard, IBM, Intel, Microsoft, and Wave Systems. Its core element is a chip, the Trusted Platform Module (TPM), and an operating system designed for it, such as Windows 8. Trusted Computing Group has developed the specifications of how the chip and operating systems work together.
[…]
The whole process would be governed by Windows, and through remote access, by Microsoft.
0
Support the Blog — Buy This Book!
For Kindle and with free ePub version. Only $9.49 Great reading.
Here is what Gary Shapiro CEO of the Consumer Electronics Association (CEA) said: Dvorak's writing sings with insight and clarity. Whether or not you agree with John's views, he will get you thinking and is never boring. These essays are worth the read!
Put this ad on your blog!
Syndicate
Subscribe to Main Blog feed here:
Subscribe to Comments too (below):
Junk Email Filter
mind your freedom
http://distrowatch.com/
–The backdoor is called “Trusted Computing,”
Color me surprized.
This is double plus good.
“Trusted Computing” a glorious and patriotic euphemism, makes me want to go gladly goosestepping to work!
What’s next:….
“protective custody”
There goes Windows 8! Intelligent businessmen will not buy it.
Honestly if it didn’t come pre-installed why would anyone buy it?
Same reason they buy Apples.
Proof-positive how a lack of consumer intelligence will be filled by someone!
Care to talk about that even MORE intrusive entity that knows more about you than your own mother?! (Need a clue? Go “searching” online!)
Not particularly as at my age my youthful indiscretions are secret to both my deceased mother and the NSA.
If I could stop laughing I would post a comment.
I hate to be a voice of reason around here, but a couple of things:
The TPM is not the core of Trusted Computing, at least as far as Microsoft is concerned. Trusted Computing goes back to a speech Bill Gates made after the serious flaws of Windows XP pre-SP2, and encompasses a philosophy of secure development, which by and large has been a success. Windows 7 and 8 are demonstrably more secure than XP or anything before it.
As to the TPM itself, most desktop computers don’t have one built in, and for those that do and laptops that do, it can be disabled by the user. What the Germans noted is that by default the TPM comes with keys that are generated by the manufacturer. Any IT admin worth anything can have new keys generated in abut 12 seconds that they control. Also not, Linux fully supports a TPM if the user decides to install one, so if you’re going to claim that the TPM is some sort of backboor, it also is a backdoor to Linux.
Lastly, if you’re concerned about it, just disable the damn thing. It again takes about 12 secnds to do.
Whew! I’m glad you cleared that up because this little bit of madness needed a voice —
“”While TPM allowed users to opt in and out, TPM 2.0 is activated by default when the computer boots up. The user cannot turn it off. Microsoft decides what software can run on the computer, and the user cannot influence it in any way. Windows governs TPM 2.0.
The article also notes that, chip or no chip, Linux does not support it.
Just because the article says something doesn’t make it true. With regards to the quote, it is true that Microsoft is saying that computers will have to have a TPM by 2015 to be Windows certified. There isn’t anything that says that it will have to be enabled, or cannot be disabled, by the user for the computer to run.
Also, despite what the article says, Linux utilities like dm-crypt can use the TPM to store full disk encryption keys. Coincidentally, the only thing Windows uses the TPM for currently is the storage of full disk encryption keys used with BitLocker.
While the TPM 2.0 specification does allow for validation of remotely signed code, the only place you will see this (if anywhere) is with Windows Store apps, which are already regulated by Microsoft. Despite what those on this forum seem to think, Microsoft is not stupid, and won’t block you from running whatever you want on your computer. It would kill the software ecosystem, which would kill their most profitable product.
Also, to be perfectly clear, TPM 2.0 does not specify any sort of remote access, only that it can do code signing validation. This means that while Microsoft (or VMWare, Google, Oracle, and essentially every PC manufacturer on the planet) could restrict you from running software (which as discussed above they won’t, because it would be suicide), they can’t just magically remote login to your computer.
Thank you for your clarification of the issue.
“”they can’t just magically remote login to your computer
I would say that IF there were hidden code in Windows then it essentially can because of the remote key signing —
Like a DOTHIS.BAT file, secret proprietary code may scan the keys for certain special embedded values and execute pre-defined instructions accordingly.
If there were hidden code inside of Windows you’re screwed whether there is a TPM or not, because by booting Windows you’re implicitly having to trust Microsoft. If Microsoft was going to run some program like your example DOTHIS.BAT file, they would sign it with the same key they sign anything else in Windows with.
Again, the issue here has nothing to do with TPM, nor is it magically caused by the simple fact that a TPM chip is installed or enabled.
I’m not buying it, Kahless. The code could be embedded within the windows kernel or bootloader and I *assume* those are pre-authenticated by Micro$oft.
Thanks for the knowledgeable clarifications, though. They give me something to ponder over even though I’m not a coder.
To clarify:
Like a DOTHIS.BAT file — I’m saying that hidden code inside the pre-signed microsoft kernel that may trigger upon a parsing of the ‘keys’ to obtain and carry out special instructions.
Yep, I don’t disagree that there could be code in the kernel, only that it isn’t a consequence of TPM or Trusted Computing, as the article claims. At that point it would be a matter of Microsoft putting malicious code directly in their kernel.
“Are you suggesting that code is migratory?
“It could grip it by the API’s
Well with Windows 8 walled off application store, M$ already controls what applications you get to run. You can only run applications from developers that paid the M$ 30% tax. You get no choice in the matter. Want to run a program in Win 8, you must give M$ their cut, even if that program is not from M$. Why is M$ so greedy? Google allows me to install programs from other locations or stores without demanding a cut and they have been quite successful.
I’m sorry, but this is simply not true. If you want to run Metro apps, then yes you have to go through the Windows store. But you can run any traditional application without paying a dime to Microsoft.
Thank you.
Foreign governments and major businesses are going to start locking things down and that is going to take a big bite out of American high tech.
When national pride and national security are on the line cost tends to become secondary and when billions is on the line in business people can get extremely paranoid.
Darn it, I just picked up a Asus 13.3 Zenbook with a touch screen and a beautiful machine it is, especially since I paid 600 for it. It’s for my daughter, win 8 and a ssd drive plus full 1080p. The machine is a refurb of course. I was never gonna get a win 8 machine but after fiddling with the Asus I have warmed up to the OS. I had a relative who also has a Toshiba with 8 on it and was asked to turn it into a win 7 lookalike. The Asus is all aluminum and light. Now I’ll have to follow the advise of a commenter here and figure out how to disable the offending
Damn stupid smart handheld devices always posting when I haven’t finished. It’s convenient to sit in my lounge chair and peck at a touch screen but…
That will boost sales of Ubuntu Linux like nobody’s business.
Its not the best desktop out there, but its open source, privacy secure and pretty usable.
The gum,mint’s paranoia, as exemplified by the NSA modus vivende will finally put Microsoft to death.
I expect that the 1%ers are already getting their sys admins to look into transitioning to secure their own communications and documents.
I’m way less worried about Macs because those systems are not mission critical or deployed throughout an enterprise.
However, this is a obvious next step toward what Cory Doctorow called an end of a “general purpose” computing on the horizon. Problem for Linux will appear when all manufacturers install this type of meddling on their components, which for few fascist bucks and few regulations by a BigGovernment they’ll do. And when those components work without explicit OS support.
Finally, if on Linux, disable, uninstall SELinux. Another Orwellian product by NSA. Yes it is “open source” but piece of software with such intrinsic access and such complexity can’t be trusted if the creator is devious. Easy to hide stuff in a complex program, even easier to re-purpose parts of it.
“”Easy to hide stuff in a complex program
Exactly. Yesterday, this guy commented in, what I took to be, a very unique fashion —
http://dvorak.org/blog/2013/08/22/glimmerglass-tapping-undersea-cables-for-your-protection/comment-page-1/#comment-2326224
The first pass leads to code with some more Base64 encoding but with instructions that look to be string concatenation, character removal, and other *rules* . I’m unfamiliar with the language, but it shouldn’t be too hard for someone to recognize.
That post has caught my imagination, and I guess that the second ‘decoding’ pass may even be a different script with different parameters, altogether.
It’s a shame that it extends out of the comment space like that but the last characters ); –> let us know he’s being clever.
A real riddle wrapped in a mystery inside an enigma.
I guess that puzzle would be an example of *procedural message generation* —
It’s not the message but it is obfuscated ‘instructions’ to generate the message. I bet this kind of thing catches on for digital communication; Let us hope somebody writes a script to get at it for us, though!!
Our company’s platform for secure computing is Red Hat Enterprise Linux. We are a large International company and are quickly moving all users with elevated security requirements to it.
ObamaCare intrusion on what you can and cannot buy is bigger. Title should be Barack Obama and untrusted governing.
Tell M$ they can put their TPM in their M$ Wallet (We all have those, don’t we ? NO !) and put it where the Sun Don’t Shine !!! And they wonder why the “PC Era” is over !!! Smart Phones and Tablets use Processors and Software NOT CONTROLLED by the WinTel DUOPOLY – PURPOSELY !!! So, sayonara M$, and so long Intel !!!
You realize that your smartphones and tablets are way more locked down than anything in the “WinTel duopoly,” right? Android can be rooted and whatnot, but even many Android phones have bootloaders that can’t be unlocked, which is worse than anything proposed with this TPM business, because you currently can’t run whatever OS you want on your phone.
You’re not kidding. It appears this samsung 5.0 mp3 device with wifi and gps is slowly learning everything about me and my friends. The device knows how to misspell my friends name that were misspelled by me.
What’s there to to but go for the ride. I see no way of getting around the problem. I keep the gps off but since here on long Island I can txt for free with thousands of hotspots available. I even use the no service charge device to make voip calls. Yea, I’m a cheap skate and have no fear of what and who I communicate with. Let the snoops snoop, they’ll be bored to death.
The video under the ‘in an interview’ link is pretty trendy —
Trust
http://vimeo.com/5168045
Great video, thanks. So should I fire up my old pent-up pc and run windows 98. Not a fan of Linux.
Pent-up sb pentium, funny how this auto correct makes me look stupid still I have to laugh..
For personal use I see no reason to go all apeshit about security. Your google searches belong to the nsa and big business and as long as you’re not a Facebook page what’s to worry about. If I’m being ignorant will somebody please explain the fear I should be feeling.
Use duckduck go or startpage for searches you feel are sensitive to prying eyes. Also use a anti spy ware and of course a anti virus software.
Like I said before nothing I do on the web is of a sensitive nature. I am whole heartedly against what the corps and nsa ate
*nothing I do on the web is of a sensitive nature* — well, you have affirmed agreement with stuff I’ve posted so I’ll be seeing you in the camps; I hope you like chess, if they let us play that out in the snow from time to time.
The first fingernail they pull out of me, I’m going to declare
I faked the moon landings
I was the second gunman on the grassy knoll
I stole the legs off the periodic table
I farted in the church
jpfitz agreed with me
I love chess, I was in the nerdy chess club in grade and middle school.
We may think alike about governmental policy and snooping but how many dissidents can be interned quietly. Thought or opinions are not crimes and not actionable. Not yet.
Not shooting families for a collection of watches and nikkis and then burying them in the neighbors’ nativity scene is not a crime — But it doesn’t really stop criminals then, does it?
Put me down as really outraged because I trusted my computer.
The article has been updated and includes this nice bit of trivia —
“” No laws define the limits of the NSA’s power. No Congressional committee subjects the agency’s budget to a systematic, informed and skeptical review. With unknown billions of Federal dollars, the agency purchases the most sophisticated communications and computer equipment in the world. But truly to comprehend the growing reach of this formidable organization, it is necessary to recall once again how the computers that power the NSA are also gradually changing lives of Americans….
The year? Not 2013. But thirty years ago.
http://testosteronepit.com/home/2013/8/25/german-gov-confirms-key-entities-not-to-use-windows-8-with-t.html
the computers that power the NSA are also gradually changing lives of Americans….
Apropos to that —
“”We’ve opened box after box from Pandora’s collection, and generally speaking the shrieking demons which emerged have quickly sunk their unholy teeth into industries and institutions whose devourment was long overdue. But sometimes we look down and notice bite marks on ourselves, as when we found that the Internet enables a culture of inhumanity, universal surveillance, or anarchic proliferation.
Clearly, this is one of those times. It does no good for us to pretend that the way we have crafted our world is without consequences unfavorable to ourselves, perhaps permanent ones. The rule of history is two steps forward and one step back. We have just taken a step back. Hubris, meet Nemesis.
http://techcrunch.com/2013/08/25/the-maginot-line/
Surprised that there isn’t an article about Ballmer stepping down at M$ ! How many think the Steve should leave M$ within the next 12 DAYS ???
vPro technology in Intel Sandy bridge processor line allows for remote control via Ethernet and 3g, and allow for disk access too, and is OS independent. So what is the big deal?
Cheap nfl jerseys china at largest international online nfl nike jerseys store,nfl jerseys factory from china with fast free shipping.