NSA exploits Microsoft's internal error message
Posted by: Jon Ben-Mayor on 01/04/2014 09:37 AM
[
Comments
]
We have all received the message at one point or another; that anooying little window that pops up informing you that an internal error has been detected, it asks you if you would like to send an error report - apparently the action of reporting the bug allows the NSA's Tailored Access Operations (TAO) a way to spy on your computer - offered up on a silver platter by you.
The automated crash reports are a "neat way" to gain "passive access" to a machine, the presentation continues. Passive access means that, initially, only data the computer sends out into the Internet is captured and saved, but the computer itself is not yet manipulated. Still, even this passive access to error messages provides valuable insights into problems with a targeted person's computer and, thus, information on security holes that might be exploitable for planting malware or spyware on the unwitting victim's computer.
Although the method appears to have little importance in practical terms, the NSA's agents still seem to enjoy it because it allows them to have a bit of a laugh at the expense of the Seattle-based software giant.
A Microsoft spokesperson asked to comment on the reports was quoted in The Hacker News as stating, "Microsoft does not provide any government with direct or unfettered access to our customer's data. We would have significant concerns if the allegations about government actions are true."
The automated crash reports are a "neat way" to gain "passive access" to a machine, the presentation continues. Passive access means that, initially, only data the computer sends out into the Internet is captured and saved, but the computer itself is not yet manipulated. Still, even this passive access to error messages provides valuable insights into problems with a targeted person's computer and, thus, information on security holes that might be exploitable for planting malware or spyware on the unwitting victim's computer.
Although the method appears to have little importance in practical terms, the NSA's agents still seem to enjoy it because it allows them to have a bit of a laugh at the expense of the Seattle-based software giant.
A Microsoft spokesperson asked to comment on the reports was quoted in The Hacker News as stating, "Microsoft does not provide any government with direct or unfettered access to our customer's data. We would have significant concerns if the allegations about government actions are true."
Comments
