How Microsoft handed the NSA access to encrypted messages
Series: Glenn Greenwald on security and liberty | The Guardian
Readers can decide for themselves as to whether the information is reliable or ethical. But I have had several thoughts along those lines for a very long time. Series: Glenn Greenwald on security and liberty | The Guardian
Just suppose I want to track someone's activities to where they go and what they are doing on their computer. Further suppose that today's current malware and virus software made that very difficult if not impossible. How would I go about it. Well here's what I'd do.
I'd setup my software to request constant updates that would feed back log files that were created by users of my installed program. This would nearly bypass any of the virus/malware keeping watch out for such things. If one studies the service agreements one will notice in just about each of them it states they collect information. They make it sound benign. But is it really? How could anyone know who hasn't broken down the assembly code line-by-line? The answer is, you can't.
This method so simple, I'd be amazed if they weren't doing it. When you push that update button you are granting permission to access your system files as the "administrator" of the computer. There are ways you can set up your login as a 'non-administrator', however in most cases (since you don't have the authority) the update will fail. You will be requested to log in as an 'administrator' before the update can proceed. It matters not whether the software calls it an 'update' or a 'patch'. Can you now understand why just about every piece of software you ever installed is always nagging you?
Now if I were a programmer of any operating system out there who was under NSA order, I'd be able to do pretty much the same thing before the computer booted up. Even before someone logged in. But wait you say. What if I disconnect from the internet? Most likely the files would have been created already and are set to go. Meaning, you could never plug into the net ever again. That would make the computer pretty much useless wouldn't it?
One of the things I've observed is just how busy the computer is when your not even doing anything. Try stopping right now. Don't do a thing and watch the light blinking indicating your hard drive at work behind your back.
What's it doing?
Well some things it's doing is indexing your files in the background. Writing locations for your files to the hard drive's 'master file table'. Scanning for viruses while your not busy and other such mundane tasks. Here's were it gets interesting. Try starting you computer up with the basic operating files option. Don't log in. Just wait. Don't do anything. Leave it sit there overnight. Now it had all night to take care of those things, but if you wait long enough in the morning before you touch it.. bingo there goes that disk activity light again! Why?
Then there's the browser temporary files. You've erased them. WRONG! You could use a separate program that cleans your disk, but they're still there. Windows has a 'protected mode' in which files stay hidden whether you checked that option to see them or not. I've set my browser up to use what they call a 'ramdisk'. What that means all files are stored in my RAM. Turn off the computer everything is erased from the RAM. However even when I've unplugged my computer overnight and rebooted and took a look at the RAM before anything else, there were a few of those files! Apparently reloaded to it from deep down in the bowels of the operating system from who knows where.
There's yet another thing that should be mentioned. Some computer users may use a program that "wipes the free space" clean on their harrdrive. There's two issues with that. First off it only "wipes the free space", not the files which stay intact anyway. Number two, I can think of no better way to get the attention of government investigators. It's like a flag to them questioning what you were trying to hide. Same goes with your attempts at encrypting emails which pretty much does the same thing and obviously doesn't work anyway. So yeah.. if the secret classified courts require design engineers to provide a means there's no way anyone can prevent them from doing so.
Between the manufacture updates, patches, system design and perhaps a 'key logger' installed by a close friend or relative, one should imagine themselves as having someone standing behind looking over their shoulder watching every single thing they do. Don't do anything you wouldn't want any of them to know about and you'll be just fine.
No comments:
Post a Comment
All comments are under moderation. Meaning pending approval. If comments are disrespectful or do not address this specific topic they will not be published