Tag Archives: Windows 10

Microsoft Loses Terabytes of Windows 10 Source Code

Both the NSA and CIA have been in the news way too many times recently when organizations like WikiLeaks and others released stolen software that the organizations would rather remain private.  In the case of the spy agencies, that software is their internally developed hacking tools.

Now it is someone else’s turn.

Microsoft has acknowledged that some of their Windows 10 source code has been released into the wild.  Not all of it, but a lot.

32 terabytes of installation images, documentation and code for hardware drivers, USB and WiFi code, some kernel code and other source code was leaked and available for download by anyone who had access to the appropriate hacker sites.

Microsoft calls it their Shared Source Kit.  It is distributed privately based on contracts which restricts how it is handled.  Typically it is provided to hardware manufacturers, selected customers and some researchers.  Now it is available to hackers also.

Some of the images contain information that is never released publicly that would definitely help hackers.

It also would allow hackers to look for bugs that they can exploit.  That is much easier if you have the source code.

While this is not the end of the world and it does not involve a breach of Microsoft’s network, it is still embarrassing and a security problem for Microsoft.

On the other hand, given the number of businesses that likely have access to the Shared Source Kit, this leak is not completely surprising.

After all, it only takes one of these partners to be hacked for the code to be out in the wild.  No one is suggesting that a partner who legally has this code released it into the wild.

What is your level of confidence that your company’s family jewels are really still secret?

Information for this post came from The Register.

Facebooktwitterredditlinkedinmailby feather

The Camera In Your Laptop

There was a recent Network World article that reported that some people are freaking out because IF you setup Windows 10 to do facial recognition to log you in, it works even if you have disabled your camera.

Call me dumb, but if you ask Windows to use the camera to log you in, it is likely going to do that.

But the article does make some interesting points.

The first is that the Windows 10 facial recognition is good enough that when The Australian tried to fool Windows 10 using 6 pairs of identical twins, Windows 10 was not only smarter than a 5 grader, but it was also smarter than The Australian.  The score was twins 0, Windows 6 – the twins could not fool Windows 10.  What I haven’t seen any data on yet is if Windows can be fooled by a 3D model of your face. I assume it won’t be fooled by a photograph.  I am sure that hackers are working away at fooling Windows.  Still, this is better than when Apple released their first iPhone fingerprint reader and that was hacked in a couple of days.

Next, Microsoft says in one of their FAQs that the setting to disable application access to the camera does not work for ‘legacy’ apps.  For the geeks reading this, that means .Net apps, COM apps, Win32 apps, etc.

The good news is that apps that ‘officially’ use the camera will turn the camera light on, if there is one or put a notice on the screen that the camera is on if there is no camera light.

The bad news is that malware is rarely that nice.  We have seen malware that manipulates the camera – which has been unfortunate for people who use their laptops when they are wearing less than they would in public.  There was an incident in 2013 where Miss Teen USA Cassidy Wolf’s webcam was hacked by a classmate who used it to take pictures and videos of her and then tried to extort money from her to keep the pictures private.  Apparently, she kept her laptop in her bedroom.  That person was caught.  He had apparently done this to a number of other people as well.  Cassidy Wolf has been very public about her situation in an effort to increase teenager’s awareness of the problem.

I think the bigger problem is with cell phone cameras.  Cell phones may not have a light to tell you that the camera is on (my Samsung Galaxy Note 4 does not that I can tell, for example) and people are much more likely to use their cell phone when they are in a state of undress.  The only advice I have for people who are concerned about that is to not use your phone under those circumstances, but I don’t think that is totally practical.

I used to put a sticky note over my laptop camera when it wasn’t in use – which is most of the time.  While that solution is effective, it is somewhat less than elegant.

Later, I found a company at a computer trade show giving away small stick on sliders that cover the webcam and are very inconspicuous.  You merely slide the cover over if you want to use the webcam and back when you are done.  These are available on Amazon for about $5.  I thought maybe the glue would fail, but I have had one on my laptop over a year and it is still there.

The moral of this story is that I wouldn’t be worried about Windows using your web cam to ID you, but there could be other, malicious, apps that you might be concerned about.  A $5 fix will solve the problem for your laptop if you are concerned.  Or you can use a sticky note if you are on a tight budget.  I wish I had a solution for the cell phone version of this problem, but I don’t.

 

Information for this post came from Network World.

Cassidy Wolf interview with CBS News on her situation can be found here.

Facebooktwitterredditlinkedinmailby feather

More Windows 10 Privacy Settings

Microsoft is just reading Google’s playbook on destroying your privacy, but that does not mean that you have to drink the entire glass of that Kool-Aid.  Here are a couple of things that you can do on Windows 10 to dial back the information theft a little bit.

First of all, what does Microsoft tell you they are going to do?  They say, in their privacy statement, that they use your information to operate their business, send you communications and display advertising.  That covers a pretty wide part of your online  universe.

Step 1 – reduce the amount of general data Microsoft gets from you:

In Settings, click on Privacy.  In the privacy settings you can control stuff like how your computer uses your information like warning you that you are passing a Starbucks.  Also, while you are there, go to Feedback and Diagnostics, set the feedback frequency to never and diagnostics to basic.   This reduces the amount of information you send to Microsoft.

Step 2: The Edge Browser

Microsoft wants to “help” you so they have integrated Cortana (their version of Siri) into the Edge browser.  In order to make Cortana seem smart, they send your browsing history to Microsoft.  If this doesn’t seem like a good idea, maybe not using Edge is a better idea – after all, there are other browsers.  However, you can turn off this piece of big brother.  Go to the ellipsis button in the top right corner, then settings, advanced settings, view advanced settings and privacy and settings.  Turn off have Cortana assist me in Microsoft Edge.  Given how deeply you have to look to find this, do you think, maybe, they don’t really want you to turn this off?

Step 3: DO NOT create a Microsoft Account

When you install Windows 10, Microsoft certainly leads you to believe that you MUST create a Microsoft account to log in to Windows 10.  This is not the case.  They made this the default for two reasons.  The first is to be able to track your every action.  If you have a Microsoft account, they can correlate this data much better – across devices and platforms.  The second is so that they can store all your settings.   I am sure that this is solely to help you in case a crazed muskrat eats your computer (and, in truth, this is no different that what Apple and Google do by default with your phone), but if you care about your privacy, don’t do it.

Step 4: Beware of Cortana

While Cortana, like Siri, is cool, the way both of these tools work is by collecting as much data as they possibly can about you – location, contacts, even speech and handwriting data.  Unfortunately, with both of these products, if you don’t want to be part of that, your only answer is not to use it.   Of course, Microsoft stores all this data in the cloud.  I am sure that they will only use it to “personalize your experience”.

Welcome to the Brave New World.  1984 has nothing on us.

 

Information for this post came from Information Week.

Facebooktwitterredditlinkedinmailby feather

Microsoft Uses Customer Bandwidth To Deliver Windows 10 Updates

For those of you who use Bit Torrent to download pirated movies, this post is for you.  Microsoft has turned every Windows 10 Home and Windows 10 Pro user into a Bit Torrent node of sorts, delivering Microsoft updates to their millions of customers.

Like other Windows 10 features (WiFi Sense, for example), I am sure that Microsoft thought this was a good idea.  A new Windows 10 service called Windows Update Delivery Optimization, turned on by default, has existing Windows 10 users serving up Windows patches for other computers on the Internet.

I can see a benefit for using WUDO to share updates with other computers on your same home or small office network.  That would actually reduce the load on your Internet connection.  For example, when Microsoft released their first big, post release Windows 10 patch (sorry, they are calling them service releases now.  It sound better than bug fix) this week, the patch weighed in at over 300 megabytes.  Since Microsoft has removed your ability to control when patches install, it could download in the middle of the day.

Say you have 5 computers in your office.  At some point those computers will collectively download almost 2 gigabytes of Microsoft madness.  WUDO would reduce that to 350 megabytes (the size of one download) and have you share that patch with your fellow computers.

But what they are doing is using you to serve patches to other, non related, users on the Internet, using your upload bandwidth.

For users on DSL, your upload bandwidth is already pretty small and for other businesses, you likely sized your Internet connection to meet your business needs not Microsoft’s.  After all, they are not paying you to use your bandwidth.

This is not a surprise;  Microsoft said this was going to happen for a while and it was active in the beta versions.

If you are concerned about your bandwidth (not to mention your liability for serving up Microsoft’s patches), you can turn this off, but it is not obvious.  The link below has more details, but from Settings, go to Update & security and then advanced options.  You can select to turn it off completely or leave it on for computers in your home or office only.

As we move to the brave new world of Windows 10, we have to learn a whole new set of configuration checks in order to turn on or off things that we want to be different than the default.  The good news is that Microsoft says this is the last version of Windows.

Information for this post came from Computer World.

Facebooktwitterredditlinkedinmailby feather