Home > All, Politics, Security Issues > Why the NSA is happy when Windows crashes

Why the NSA is happy when Windows crashes

December 30, 2013 Leave a comment Go to comments

The latest Snowden leaks via Der Spiegel contain an interesting snippet: the NSA intercepts Windows crash reports en route from the user to Microsoft. “An internal presentation suggests it is NSA’s powerful XKeyscore spying tool that is used to fish these crash reports out of the massive sea of Internet traffic.” The NSA presentation even makes a joke of it, adapting the Microsoft error message to say, “This information may be intercepted by a foreign SIGINT system…”

spacer

Frankly, I find the NSA sense of humour troubling rather than amusing.

Frankly, I find the NSA sense of humour troubling rather than amusing

spacer

These error messages, says Spiegel, provide “valuable insights into problems with a targeted person’s computer and, thus, information on security holes that might be exploitable for planting malware or spyware on the unwitting victim’s computer.”

Really? Yes really. Websense coincidentally (?) published a report on this very problem yesterday, and will be presenting further findings at RSA 2014 in San Francisco (assuming anybody is still going). It says,

One troubling thing we observed is Windows Error Reporting (a.k.a. Dr. Watson) predominantly sends out its crash logs in the clear. These error logs could ultimately allow eavesdroppers to map out vulnerable endpoints and gain a foothold within the network for more advanced penetration. Here’s more on why that’s a concern:

  • 80 percent of all network connected PCs use it – that’s more than one billion endpoints worldwide
  • Dr. Watson reports information that hackers commonly use to find and exploit weak systems such as OS, service pack and update versions
  • Crashes are especially useful for attackers as they may pinpoint a new exploitable code flaw for a zero-day attack
  • Information is also sent for common system events like plugging in a USB device

Let’s see how long it takes for Microsoft to respond and start encrypting its error messages. Then the only problem will be in persuading us that it hasn’t simultaneously given NSA the key…

Categories: All, Politics, Security Issues
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s