Buggy software isn't just annoying—the right compromised code can leave private information vulnerable to clever hackers for as long as the problem is unnoticed. The only thing that could make bugs worse? Government agencies gaining access to the vulnerabilities before everyone else, and using spies to exploit them.
Before Microsoft releases a public patch of to a software bug, it passes along that information to U.S. intelligence agencies, say two sources familiar with the program.
Best case scenario, this information is used to protect critical government online infrastructure first, making sure that vital functions are the most secure. The official line from Microsoft is that this gives government "an early start" in stopping risks. But it also gives government agencies a window to exploit these gaps for intelligence collection purposes.
Microsoft software is both widely used and infamous for its bugs. Just this week, Microsoft released a patch designed to cover an image file exploit that let hackers look at special information. Disclosed in May, there's an exploit in Microsoft Office that could give an attacker a foot in the door to gaining full access to the attacked computer.
Microsoft is a huge company; that there are constantly new bugs being discovered isn't that surprising. Sometimes major software is released with "day-zero" bugs, like Internet Explorer 8, or Windows 8, or every version of Windows ever. It's a problem for all of the online world that uses Windows, and leaves an insecure ecosystem of software.
It's one thing to struggle with a product full of security vulnerabilities and potential for exploits. Handing that information over to the government first? Forget PRISM, this is real super-villain stuff.
I have a question. In the title of this bit of "writing" (I would feel more comfortable just calling it a collection of words) you say "U.S. Government Uses Early Knowledge Of Microsoft Bugs For Spying." Then when you read everything else in its entirety, you do not back up that claim at all, you do not reiterate it, you do not substantiate it in any way. In other words, are you just making it up?
Trying to search for any other such claims has only yielded about twenty other sites posting this exact same story, nothing new as far as news goes. I would look into this more before I just posted it, and I would certainly adjust the language, because otherwise all you are doing is promoting paranoid conjecture.
I did a google search for "U.S. Government Uses Early Knowledge Of Microsoft Bugs For Spying" and came up with these stories and more. If the story is false as you possibly suggest, well then "Hey Lucy, you gots a lot of splaining to do!" , lol, and the follow up articles should be a good read too.
From the beginning Microsoft 'ports' in the OS system were open and by design an IT professional was always working to close all the doors and open a select few for the network. As the OS was created it was created AS# backwards, when it came to security. Novel, UNIX and others logically was a closed system and and IT professional had to work hard to open a port to gain access to the network system.
There has always been 'back doors' to the Microsoft OS system and will always have back doors. I do not know if this popular OS system was design this way by choice or just became opportunity that way via popularity, but the USA government took advantage of the popularity from the start and its backdoor.
The USA government and others desperately wants to know what its citizens think so they can gently manipulate you. The USA government and the Military knew from the start of the importance of making a SECURE network, but they want the internet to be FREE openly from the foundation. All this freedom creates problems of which a bigger government is needed to protect you and a means for them to listen in on you, thereby manipulate you later. There are better older secure operating systems in existence. Just consider how many wars we have fought and the think tanks in the process have thought all about this years ago as we fought wars and protected ourselves in our communications.
By the way the military freely gives away virus protection software and the government too to its workers to take home and install on the home systems. At first you think great idea, I am better protecting my computer, but in reality this just gives another back door into your home system for government to monitor your system.
What the USA government has been doing and is doing.
In the cold war days the USA government monitored all phone call communication that ventured outside of USA. They used key words monitoring via lots of massive super computers do listen on communications, when red flags popup, they system alerted to others to pay attention.
Since 9/11 and the new anti-terrorist laws, a new NSA was built in Utah using the best of money and an extreme amount of money for technology. This technology monitors around the world (EARTH) all communications. If the communications is encrypted it is saved for a later day to be broken. The NSA has thousands of super computers. Just use your imagination to what is communications; basically anything electronic.
Now with the new laws of 9/11 giving NSA much freedom, there are still some restrictions, but not so much for the people of UK. So this is a joint venture and they have free access to the NSA as well they are monitoring the world the same way too.
Add to this the legal & political word "'believe' to be a terrorist'". Suspect\possible belief is enough to consider a person a possible terrorist; Belief is now considered a fact word, when the word terrorist is concerned. One way to give more freedom of investigation and to protect the investigative system is to put the person in a location\position that has "no rights and no voice", GTMO Cuba and other places around the world. By putting suspect people of terrorist outside the country, the USA removes them from having rights, protects the NSA and USA laws investigative system and supposedly the "CITIZENS" from terrorist.
While the terrorist mind is absolute in self sacrifice and its random acts, the only defense against this is the currently USA 9/11 anti-terrorist laws and the freedom of NSA and keeping 'suspected terrorist' with our rights or voices outside of the country.
In theory this appears on the surface as a perfect response to terrorist, but it leaves off an absolute necessity protection.
By created this type of Anti-Terrorist Defense it has no system to ensure ITSELF will not be abused or corrupted. It can easily become a FASCIST\FASCISM Department of the USA\UK government. It has no oversight.
A republican created this, and a democrat supports it in his term now. Even if one day CUBA\GTMO does get close for politics, I am confident another place will be created in its place, just more secretive.
Social Security was fine in funding and has excess once. Then politicians could not leave the excess alone and wanted to borrow monies for 'Special Projects', leaving IOUs to pay for social security later. NSA is one of many payfored 'Special black ops Projects'. NSA annual budget is 20 billion or more currently. While the group of 'baby boomers' is large, had the politician left alone the excess funds in social security or payed back what they owed, the whole program would be fine. Now publicly they tell the USA citizens the baby boomers are causing the problem, leaving off they owe money to the program and never payed it back. These same politicians\leaders have a long term goal and do not care of they put the USA citizens in debt to reach their goal, hence our run-away debt and a frozen political leadership.
The FASCISM Department is getting much closer to becoming a whole FASCISM Government and the UK and other governments around the world are working together. A new world order is coming and they want to accomplish gently enough with as little blood shed in the process. When putting the sheep in the coral does hurt a few in the movement.
1.) Social Security will be broke 2033.
2.) Our debt is rising and our political leaders want more money always.
3.) Our currently political leaders are frozen in action to fix the debt problem, social security problem and health care\medical care problems.
4.) There is always more money available for bigger government and bigger military and more surveillance.
4.) Everyone is now being monitored.
5.) If you are suspect to be a terrorist, you will be removed and silence.
6.) There is no oversight to all these new systems.
There is an old known solution for any government to be influence and not become a fascism ideology corrupt or for an individual to become corrupt.
Open communications, freedom of speech, many groups elected oversight committees and no person does anything by himself without multiple confirmed checks from outside random approved sources in the operation of NSA and other associated resources.
It is not a requirement to keep this program a secret. In fact it is quite the opposite in letting as much a large public notice that their communications ARE being monitored, that influences correct behavior. I often heard from my family and church as I went about my day, "Behave yourself, because God or Jesus sees and knows your all you do throughout your day.”
The concept of NSA monitoring is not necessary wrong, if a large enough elected random defenses of oversight are in place to ensure it does not become corrupt and then grows in fascism department.
If good person is approach privately and shown clearly that someone they care about could be harmed, he is now influence\corrupted to change his behavior and do what the influence wants. By installing in the NSA personnel that any person action is not an individual decision alone and needs approval by many from various random access points helps to stop an outside source from corrupting the system, “Corruption Protection” is installed in the NSA system. The military uses this process often in protecting its assets.
With all the respect I have for this magazine, this is the worst article I have ever read here, it's shallow, misleading and with no fundaments.
I hope you improve your articles this is not at the same level as the others.
I very much doubt that the government uses the zero-day (not "day-zero"!) vulnerabilities that Microsoft informs them on for spying and/or other mischievious purposes.
Because, what would be the point?
If it is Microsoft's intent to fix the reported issue(s) in the immediate future, then the window for opportunity to exploit the vulnerabilities would be very short, and probably not be worth the effort in the long- or even mid-term.
"Unkown" zero-day vulnerabilities are an entirely different matter, though. And these are definitely being exploited to their fullest potential by both spooks and criminals, because as long as the bugs are unrecognized, they cannot and will not be fixed.
Could you elaborate and state your reasoning, why were you so annoyed with this article.
And no the time window from the moment the vulnerability was discovered till a patch is rolled out to the user's pc can be quite variable and because "you doubt" is not a valid argument and doesnt mean that it cant happen or it hasnt happened already. Sure thing is, that we will never know.
It gives the software developer an edge over the government, especially it's IT structure.
I wouldn't worry too much WOnder, the first government or corporation with a quantum computer will be quite far in the race. Individuals will get quantum computers, and perhaps with bitcoin styled encryption separate secure networks will be established, especially if they can get a quantum transmitter/ reciever. (only a matter of time,maybe 10-20 years)
Another journalism fail.
The headline is saying the the government IS using it's arrangement with Microsoft to spy, where the body of the article only describes the possibility that it is doing so. Is PopSci making the assumption that if the government could be doing something bad then it must be? What evidence is there that the government IS actually doing this? Is there a source or this this yet another pathetic attempt to attract people's attention to the article by misrepresenting the facts?
As a developer, I can tell you that there are programs that are used to "interpret" your code. So, for instance, at a former job we employed hackers. Since we worked one of the largest SSC databases in the world, a SSC database breach would pretty much have ended us. Like it would for almost any company like say...Equifax for instance.
Before our code was allowed to go into our production environments when it would be seen by the world, our code was scanned with special programs, and hackers, to detect any vulnerability. These programs don't actually execute code. They simply read it and "interpret" the code. The understanding of the code is the same but without the risk of running an execution that would launch a part of the program. The government has this same ability. They can use these programs to find vulnerabilities in any software. I'm sure the version of these programs that the NSA uses are far more advanced.
In any case, finding vulnerabilities in a code base like a Windows OS is not a difficult thing to do. These OS offer a lot of functionality. A lot of dependency on core features that are accessed by multiple pieces of software on the OS. There are LOTS of vulnerabilities. Lots of them. Microsoft is not into increasing the level complexity in their software to stop governments from having access to such vulnerabilities. They simply want to keep you sheep from hacking each other. They know the level of technical ability from the general public. As long as you are given a piece software that is generally protected and safe, they are content with taking your money and not spending more in development to give your something full-proof. Plain and simple.
"Do not try and bend the spoon. That is impossible. Only try and realize the truth - there is no spoon."
Micrsoft giving out back doors to the US government, with plausible diniablity of doiong so or if it being made us of.
I suspect the Ant-virus companies are part of the same routine, Symatic and McAFee, etc.