Nytro Posted December 31, 2013 Report Posted December 31, 2013 Why the NSA is happy when Windows crashesThe latest Snowden leaks via Der Spiegel contain an interesting snippet: the NSA intercepts Windows crash reports en route from the user to Microsoft. “An internal presentation suggests it is NSA’s powerful XKeyscore spying tool that is used to fish these crash reports out of the massive sea of Internet traffic.” The NSA presentation even makes a joke of it, adapting the Microsoft error message to say, “This information may be intercepted by a foreign SIGINT system…” Frankly, I find the NSA sense of humour troubling rather than amusing These error messages, says Spiegel, provide “valuable insights into problems with a targeted person’s computer and, thus, information on security holes that might be exploitable for planting malware or spyware on the unwitting victim’s computer.” Really? Yes really. Websense coincidentally (?) published a report on this very problem yesterday, and will be presenting further findings at RSA 2014 in San Francisco (assuming anybody is still going). It says,One troubling thing we observed is Windows Error Reporting (a.k.a. Dr. Watson) predominantly sends out its crash logs in the clear. These error logs could ultimately allow eavesdroppers to map out vulnerable endpoints and gain a foothold within the network for more advanced penetration. Here’s more on why that’s a concern:80 percent of all network connected PCs use it – that’s more than one billion endpoints worldwide Dr. Watson reports information that hackers commonly use to find and exploit weak systems such as OS, service pack and update versions Crashes are especially useful for attackers as they may pinpoint a new exploitable code flaw for a zero-day attack Information is also sent for common system events like plugging in a USB device Let’s see how long it takes for Microsoft to respond and start encrypting its error messages. Then the only problem will be in persuading us that it hasn’t simultaneously given NSA the key…Sursa: Why the NSA is happy when Windows crashes | Kevin Townsend Quote
