no oneAccording to leaked internal documents from the German Federal Office for Information Security (BSI) that Die Zeit obtained, IT experts figured out that Windows 8, the touch-screen enabled, super-duper, but sales-challenged Microsoft operating system is outright dangerous for data security. It allows Microsoft to control the computer remotely through a built-in backdoor. Keys to that backdoor are likely accessible to the NSA – and in an unintended ironic twist, perhaps even to the Chinese.

The backdoor is called “Trusted Computing,” developed and promoted by the Trusted Computing Group, founded a decade ago by the all-American tech companies AMD, Cisco, Hewlett-Packard, IBM, Intel, Microsoft, and Wave Systems. Its core element is a chip, the Trusted Platform Module (TPM), and an operating system designed for it, such as Windows 8. Trusted Computing Group has developed the specifications of how the chip and operating systems work together.
[…]
The whole process would be governed by Windows, and through remote access, by Microsoft.



  1. AdmFubar says:

    mind your freedom

    http://distrowatch.com/

  2. Tim says:

    –The backdoor is called “Trusted Computing,”

    Color me surprized.

  3. noname says:

    “Trusted Computing” a glorious and patriotic euphemism, makes me want to go gladly goosestepping to work!

    What’s next:….

    “protective custody”

  4. John Andrews says:

    There goes Windows 8! Intelligent businessmen will not buy it.

    • So What? says:

      Honestly if it didn’t come pre-installed why would anyone buy it?

      • cupoftea says:

        Same reason they buy Apples.

        Proof-positive how a lack of consumer intelligence will be filled by someone!

        Care to talk about that even MORE intrusive entity that knows more about you than your own mother?! (Need a clue? Go “searching” online!)

        • So What? says:

          Not particularly as at my age my youthful indiscretions are secret to both my deceased mother and the NSA.

  5. orchidcup says:

    If I could stop laughing I would post a comment.

  6. Kahless says:

    I hate to be a voice of reason around here, but a couple of things:

    The TPM is not the core of Trusted Computing, at least as far as Microsoft is concerned. Trusted Computing goes back to a speech Bill Gates made after the serious flaws of Windows XP pre-SP2, and encompasses a philosophy of secure development, which by and large has been a success. Windows 7 and 8 are demonstrably more secure than XP or anything before it.

    As to the TPM itself, most desktop computers don’t have one built in, and for those that do and laptops that do, it can be disabled by the user. What the Germans noted is that by default the TPM comes with keys that are generated by the manufacturer. Any IT admin worth anything can have new keys generated in abut 12 seconds that they control. Also not, Linux fully supports a TPM if the user decides to install one, so if you’re going to claim that the TPM is some sort of backboor, it also is a backdoor to Linux.

    Lastly, if you’re concerned about it, just disable the damn thing. It again takes about 12 secnds to do.

    • Tim says:

      Whew! I’m glad you cleared that up because this little bit of madness needed a voice —

      “”While TPM allowed users to opt in and out, TPM 2.0 is activated by default when the computer boots up. The user cannot turn it off. Microsoft decides what software can run on the computer, and the user cannot influence it in any way. Windows governs TPM 2.0.

      The article also notes that, chip or no chip, Linux does not support it.

      • Kahless says:

        Just because the article says something doesn’t make it true. With regards to the quote, it is true that Microsoft is saying that computers will have to have a TPM by 2015 to be Windows certified. There isn’t anything that says that it will have to be enabled, or cannot be disabled, by the user for the computer to run.

        Also, despite what the article says, Linux utilities like dm-crypt can use the TPM to store full disk encryption keys. Coincidentally, the only thing Windows uses the TPM for currently is the storage of full disk encryption keys used with BitLocker.

        While the TPM 2.0 specification does allow for validation of remotely signed code, the only place you will see this (if anywhere) is with Windows Store apps, which are already regulated by Microsoft. Despite what those on this forum seem to think, Microsoft is not stupid, and won’t block you from running whatever you want on your computer. It would kill the software ecosystem, which would kill their most profitable product.

        Also, to be perfectly clear, TPM 2.0 does not specify any sort of remote access, only that it can do code signing validation. This means that while Microsoft (or VMWare, Google, Oracle, and essentially every PC manufacturer on the planet) could restrict you from running software (which as discussed above they won’t, because it would be suicide), they can’t just magically remote login to your computer.

        • jpfitz says:

          Thank you for your clarification of the issue.

        • Tim says:

          It has occured to many that, as it is now, Microsoft is not at ease with the software ecosystem.

          http://en.wikipedia.org/wiki/Criticism_of_Microsoft#Copyright_enforcement

          The standard may only be used for storage of keys now but I wonder at what that really means if they are required to install or run software in the future or what will be the real capabilities of the chip once everyone has it in everything. That Microsoft is ‘stupid’ or not isn’t the issue — It’s the capabilities of the chip and the proprietary control of it in the hands of future authoritarian internet cops that should be of concern. Microsoft seems pretty cozy with the cheap black shoes and ray-banz crowd, as it is.

          And then there is this in combination with the so-called ‘Secure Boot’

          http://techradar.com/us/news/software/operating-systems/what-microsoft-s-secure-boot-means-for-the-future-of-linux-1160157

          so that it is not hard to imagine a Playstation-like situation where a mandatory update is pushed out that took away the ability to boot Linux — Presumably to stop game piracy but it may as well have been to remove the ability to have a relatively affordable supercomputer by ganging them together; I’m sure the NSA hates competition.

          Of course, DRM is the prime-mover behind this chip — Let’s just call a spade a spade that an individual users’ ‘security’ never seemed such a high priority with them in the past.

          Perhaps it’s telling that Bill Gates seems to be having a bit of trouble with his vaccine programs. As it turns out, what he {probably not personnaly} injects into children seem to come bundled with odd bits of undocumented DNA sometimes causing the recipiant’s system to malfunction in unpredictable(?) ways.

          http://nsnbc.me/2013/05/08/bill-gates-polio-vaccine-program-caused-47500-cases-of-paralysis-death/

          • Kahless says:

            Microsoft wouldn’t be able to force you to install anything through the use of code signing validation (which is what TPM provides) only potentially stop you from running something.

            Also, something else to note is that the design of TPM requires that the user be able to change the keys. The TPM is only a secure crypto-storage device with crypto generating capabilities. It is designed to only allow software to query it, and is designed not to disclose it’s keys to anyone or anything. It provides authentication through a query, but doesn’t provide the key for some other software to perform the authentication.

        • Tim says:

          “”they can’t just magically remote login to your computer

          I would say that IF there were hidden code in Windows then it essentially can because of the remote key signing —

          Like a DOTHIS.BAT file, secret proprietary code may scan the keys for certain special embedded values and execute pre-defined instructions accordingly.

          • Kahless says:

            If there were hidden code inside of Windows you’re screwed whether there is a TPM or not, because by booting Windows you’re implicitly having to trust Microsoft. If Microsoft was going to run some program like your example DOTHIS.BAT file, they would sign it with the same key they sign anything else in Windows with.

            Again, the issue here has nothing to do with TPM, nor is it magically caused by the simple fact that a TPM chip is installed or enabled.

          • Tim says:

            I’m not buying it, Kahless. The code could be embedded within the windows kernel or bootloader and I *assume* those are pre-authenticated by Micro$oft.

            Thanks for the knowledgeable clarifications, though. They give me something to ponder over even though I’m not a coder.

          • Tim says:

            To clarify:

            Like a DOTHIS.BAT file — I’m saying that hidden code inside the pre-signed microsoft kernel that may trigger upon a parsing of the ‘keys’ to obtain and carry out special instructions.

          • Kahless says:

            Yep, I don’t disagree that there could be code in the kernel, only that it isn’t a consequence of TPM or Trusted Computing, as the article claims. At that point it would be a matter of Microsoft putting malicious code directly in their kernel.

          • Tim says:

            “Are you suggesting that code is migratory?

            “It could grip it by the API’s

        • MSoftSucks says:

          Well with Windows 8 walled off application store, M$ already controls what applications you get to run. You can only run applications from developers that paid the M$ 30% tax. You get no choice in the matter. Want to run a program in Win 8, you must give M$ their cut, even if that program is not from M$. Why is M$ so greedy? Google allows me to install programs from other locations or stores without demanding a cut and they have been quite successful.

          • Kahless says:

            I’m sorry, but this is simply not true. If you want to run Metro apps, then yes you have to go through the Windows store. But you can run any traditional application without paying a dime to Microsoft.

    • sargasso_c says:

      Thank you.

  7. deowll says:

    Foreign governments and major businesses are going to start locking things down and that is going to take a big bite out of American high tech.

    When national pride and national security are on the line cost tends to become secondary and when billions is on the line in business people can get extremely paranoid.

  8. jpfitz says:

    Darn it, I just picked up a Asus 13.3 Zenbook with a touch screen and a beautiful machine it is, especially since I paid 600 for it. It’s for my daughter, win 8 and a ssd drive plus full 1080p. The machine is a refurb of course. I was never gonna get a win 8 machine but after fiddling with the Asus I have warmed up to the OS. I had a relative who also has a Toshiba with 8 on it and was asked to turn it into a win 7 lookalike. The Asus is all aluminum and light. Now I’ll have to follow the advise of a commenter here and figure out how to disable the offending

  9. jpfitz says:

    Damn stupid smart handheld devices always posting when I haven’t finished. It’s convenient to sit in my lounge chair and peck at a touch screen but…

  10. msbpodcast says:

    That will boost sales of Ubuntu Linux like nobody’s business.

    Its not the best desktop out there, but its open source, privacy secure and pretty usable.

    The gum,mint’s paranoia, as exemplified by the NSA modus vivende will finally put Microsoft to death.

    I expect that the 1%ers are already getting their sys admins to look into transitioning to secure their own communications and documents.

    • msbpodcast says:

      I’m way less worried about Macs because those systems are not mission critical or deployed throughout an enterprise.

    • dusanmal says:

      However, this is a obvious next step toward what Cory Doctorow called an end of a “general purpose” computing on the horizon. Problem for Linux will appear when all manufacturers install this type of meddling on their components, which for few fascist bucks and few regulations by a BigGovernment they’ll do. And when those components work without explicit OS support.
      Finally, if on Linux, disable, uninstall SELinux. Another Orwellian product by NSA. Yes it is “open source” but piece of software with such intrinsic access and such complexity can’t be trusted if the creator is devious. Easy to hide stuff in a complex program, even easier to re-purpose parts of it.

      • Tim says:

        “”Easy to hide stuff in a complex program

        Exactly. Yesterday, this guy commented in, what I took to be, a very unique fashion —

        http://dvorak.org/blog/2013/08/22/glimmerglass-tapping-undersea-cables-for-your-protection/comment-page-1/#comment-2326224

        The first pass leads to code with some more Base64 encoding but with instructions that look to be string concatenation, character removal, and other *rules* . I’m unfamiliar with the language, but it shouldn’t be too hard for someone to recognize.

        That post has caught my imagination, and I guess that the second ‘decoding’ pass may even be a different script with different parameters, altogether.

        It’s a shame that it extends out of the comment space like that but the last characters ); –> let us know he’s being clever.

        A real riddle wrapped in a mystery inside an enigma.

        • Tim says:

          I guess that puzzle would be an example of *procedural message generation* —

          It’s not the message but it is obfuscated ‘instructions’ to generate the message. I bet this kind of thing catches on for digital communication; Let us hope somebody writes a script to get at it for us, though!!

  11. Jeff says:

    Our company’s platform for secure computing is Red Hat Enterprise Linux. We are a large International company and are quickly moving all users with elevated security requirements to it.

  12. NewformatSux says:

    ObamaCare intrusion on what you can and cannot buy is bigger. Title should be Barack Obama and untrusted governing.

  13. JimD says:

    Tell M$ they can put their TPM in their M$ Wallet (We all have those, don’t we ? NO !) and put it where the Sun Don’t Shine !!! And they wonder why the “PC Era” is over !!! Smart Phones and Tablets use Processors and Software NOT CONTROLLED by the WinTel DUOPOLY – PURPOSELY !!! So, sayonara M$, and so long Intel !!!

    • pedro says:

      Then enjoy your crappy, idiot-game-ridden, phone & tablet “computing”

      • jpfitz says:

        To prove your point Pedro, my Dr. had a hotspot installed in his office. It’s open to the local cable customers and all you need to do is sign in with your account and password. My Dr. Has a win 98 machine I keep going for him. He also purchased an ipad and was going to do his prescriptions on the ipad not realizing he was open to anyone who hacked his open wifi hotspot. I will set up his widows machine to connect to the NY health commerce system next week, then add a dedicated wireless router for his ipad.

        • Tim says:

          “”It’s open to the local cable customers

          Hmm. Sounds phishy. At the very least, your ‘Dr.’ is acting in an nefarious manner.

    • Kahless says:

      You realize that your smartphones and tablets are way more locked down than anything in the “WinTel duopoly,” right? Android can be rooted and whatnot, but even many Android phones have bootloaders that can’t be unlocked, which is worse than anything proposed with this TPM business, because you currently can’t run whatever OS you want on your phone.

      • jpfitz says:

        You’re not kidding. It appears this samsung 5.0 mp3 device with wifi and gps is slowly learning everything about me and my friends. The device knows how to misspell my friends name that were misspelled by me.

        What’s there to to but go for the ride. I see no way of getting around the problem. I keep the gps off but since here on long Island I can txt for free with thousands of hotspots available. I even use the no service charge device to make voip calls. Yea, I’m a cheap skate and have no fear of what and who I communicate with. Let the snoops snoop, they’ll be bored to death.

  14. pedro says:

    BTW, say hello to the post Ballmer era in a year. Good riddance!

  15. Tim says:

    The video under the ‘in an interview’ link is pretty trendy —

    Trust
    http://vimeo.com/5168045

    • jpfitz says:

      Great video, thanks. So should I fire up my old pent-up pc and run windows 98. Not a fan of Linux.

      • jpfitz says:

        Pent-up sb pentium, funny how this auto correct makes me look stupid still I have to laugh..

  16. jpfitz says:

    For personal use I see no reason to go all apeshit about security. Your google searches belong to the nsa and big business and as long as you’re not a Facebook page what’s to worry about. If I’m being ignorant will somebody please explain the fear I should be feeling.

    Use duckduck go or startpage for searches you feel are sensitive to prying eyes. Also use a anti spy ware and of course a anti virus software.

    Like I said before nothing I do on the web is of a sensitive nature. I am whole heartedly against what the corps and nsa ate

    • Tim says:

      *nothing I do on the web is of a sensitive nature* — well, you have affirmed agreement with stuff I’ve posted so I’ll be seeing you in the camps; I hope you like chess, if they let us play that out in the snow from time to time.

      The first fingernail they pull out of me, I’m going to declare

      I faked the moon landings
      I was the second gunman on the grassy knoll
      I stole the legs off the periodic table
      I farted in the church
      jpfitz agreed with me

      • jpfitz says:

        I love chess, I was in the nerdy chess club in grade and middle school.

        We may think alike about governmental policy and snooping but how many dissidents can be interned quietly. Thought or opinions are not crimes and not actionable. Not yet.

        • Tim says:

          Not shooting families for a collection of watches and nikkis and then burying them in the neighbors’ nativity scene is not a crime — But it doesn’t really stop criminals then, does it?

  17. Dallas says:

    Put me down as really outraged because I trusted my computer.

    • pedro says:

      So Dallas, when do we expect you pulling a Manning? Should we start calling you Chelsea soon?

      • Tim says:

        Hurt him, beat him, call him ‘Edna’ and walk on him with spiked-heeled shoes on — Make him write bad checks.

        http://youtube.com/watch?v=JW64pkbmGCA

      • NewformatSux says:

        No, Dallas would never do what Manning did. Manning is evil, as he acted against Obama.

        • pedro says:

          I wonder if she changed sexes to spite Obama.

        • NewformatSux says:

          Besides, Dallas has already posted that he is against medical treatment to change from gay to straight.

      • NewformatSux says:

        Chelsea is near Boston airport. A better name would be either Plano, right near Dallas and probably where he lives, or a more feminine Odessa. Maybe even Ozona.

  18. Tim says:

    The article has been updated and includes this nice bit of trivia —

    “” No laws define the limits of the NSA’s power. No Congressional committee subjects the agency’s budget to a systematic, informed and skeptical review. With unknown billions of Federal dollars, the agency purchases the most sophisticated communications and computer equipment in the world. But truly to comprehend the growing reach of this formidable organization, it is necessary to recall once again how the computers that power the NSA are also gradually changing lives of Americans….

    The year? Not 2013. But thirty years ago.

    http://testosteronepit.com/home/2013/8/25/german-gov-confirms-key-entities-not-to-use-windows-8-with-t.html

    • Tim says:

      the computers that power the NSA are also gradually changing lives of Americans….

      Apropos to that —

      “”We’ve opened box after box from Pandora’s collection, and generally speaking the shrieking demons which emerged have quickly sunk their unholy teeth into industries and institutions whose devourment was long overdue. But sometimes we look down and notice bite marks on ourselves, as when we found that the Internet enables a culture of inhumanity, universal surveillance, or anarchic proliferation.

      Clearly, this is one of those times. It does no good for us to pretend that the way we have crafted our world is without consequences unfavorable to ourselves, perhaps permanent ones. The rule of history is two steps forward and one step back. We have just taken a step back. Hubris, meet Nemesis.

      http://techcrunch.com/2013/08/25/the-maginot-line/

  19. JimD says:

    Surprised that there isn’t an article about Ballmer stepping down at M$ ! How many think the Steve should leave M$ within the next 12 DAYS ???

  20. blaa blaa blaaa says:

    vPro technology in Intel Sandy bridge processor line allows for remote control via Ethernet and 3g, and allow for disk access too, and is OS independent. So what is the big deal?

  21. Cheap nfl jerseys china at largest international online nfl nike jerseys store,nfl jerseys factory from china with fast free shipping.