topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Tuesday March 19, 2024, 1:29 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: German Government Warns Key Entities Not To Use Windows 8  (Read 8808 times)

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
German Government Warns Key Entities Not To Use Windows 8
« on: August 23, 2013, 01:34 AM »
Uh... Yeah. No comment from me. Enjoy.

http://www.testoster...ot-to-use-windo.html

According to leaked internal documents from the German Federal Office for Information Security (BSI) that Die Zeit obtained, IT experts figured out that Windows 8, the touch-screen enabled, super-duper, but sales-challenged Microsoft operating system is outright dangerous for data security. It allows Microsoft to control the computer remotely through a built-in backdoor. Keys to that backdoor are likely accessible to the NSA – and in an unintended ironic twist, perhaps even to the Chinese.

The backdoor is called “Trusted Computing,” developed and promoted by the Trusted Computing Group, founded a decade ago by the all-American tech companies AMD, Cisco, Hewlett-Packard, IBM, Intel, Microsoft, and Wave Systems. Its core element is a chip, the Trusted Platform Module (TPM), and an operating system designed for it, such as Windows 8. Trusted Computing Group has developed the specifications of how the chip and operating systems work together.

...

Original German article:

http://www.zeit.de/d...indows-8-nsa/seite-1

Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,958
    • View Profile
    • Donate to Member
Re: German Government Warns Key Entities Not To Use Windows 8
« Reply #1 on: August 23, 2013, 04:34 AM »
That'll be a big boost for the other options. I see in the Zeit article, they say that Munich municipal administration is completing a move to Linux.

I was looking up my German/English dictionary lately, and noticed this page header - seems appropriate here:

amDSC06480.jpg
Tom

Vurbal

  • Supporting Member
  • Joined in 2012
  • **
  • Posts: 653
  • Mostly harmless
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: German Government Warns Key Entities Not To Use Windows 8
« Reply #2 on: August 23, 2013, 06:30 AM »
Uh... Yeah. No comment from me. Enjoy.

http://www.testoster...ot-to-use-windo.html

According to leaked internal documents from the German Federal Office for Information Security (BSI) that Die Zeit obtained, IT experts figured out that Windows 8, the touch-screen enabled, super-duper, but sales-challenged Microsoft operating system is outright dangerous for data security. It allows Microsoft to control the computer remotely through a built-in backdoor. Keys to that backdoor are likely accessible to the NSA – and in an unintended ironic twist, perhaps even to the Chinese.

The backdoor is called “Trusted Computing,” developed and promoted by the Trusted Computing Group, founded a decade ago by the all-American tech companies AMD, Cisco, Hewlett-Packard, IBM, Intel, Microsoft, and Wave Systems. Its core element is a chip, the Trusted Platform Module (TPM), and an operating system designed for it, such as Windows 8. Trusted Computing Group has developed the specifications of how the chip and operating systems work together.

...

Original German article:

http://www.zeit.de/d...indows-8-nsa/seite-1



I'd be willing to bet this is one of the big revelations I've been talking about that explains why companies who outside the Internet infrastructure industry spent so much money lobbying for CISPA. Just from memory I know Intel, Cisco, Microsoft, and IBM each spent more than a billion dollars on it prior to this year and this year's spending dwarfed that. IBM, in particular, sent 200 executives to Washington when CISPA was being debated.

The hidden purpose for CISPA, in case anyone didn't already know, was providing immunity for giving the government access to customer data. Like I've been saying. This is why all the spooks and faux regulators in Congress are so panicked about their secrets getting out.
I learned to say the pledge of allegiance
Before they beat me bloody down at the station
They haven't got a word out of me since
I got a billion years probation
- The MC5

Follow the path of the unsafe, independent thinker. Expose your ideas to the danger of controversy. Speak your mind and fear less the label of ''crackpot'' than the stigma of conformity.
- Thomas J. Watson, Sr

It's not rocket surgery.
- Me


I recommend reading through my Bio before responding to any of my posts. It could save both of us a lot of time and frustration.

TaoPhoenix

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 4,642
    • View Profile
    • Donate to Member
Re: German Government Warns Key Entities Not To Use Windows 8
« Reply #3 on: August 23, 2013, 07:40 AM »
I've followed the Trusted Computing angle for years now, though they managed to keep it out of the limelight for quite a while now!
(Remember, we're already discussing Windows 8.1 Blue!)

This is just becoming another reason to box in users still on XP.

Vurbal

  • Supporting Member
  • Joined in 2012
  • **
  • Posts: 653
  • Mostly harmless
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: German Government Warns Key Entities Not To Use Windows 8
« Reply #4 on: August 23, 2013, 07:53 AM »
I've followed the Trusted Computing angle for years now, though they managed to keep it out of the limelight for quite a while now!
(Remember, we're already discussing Windows 8.1 Blue!)

This is just becoming another reason to box in users still on XP.

It certainly changes my plans to show people how to make Windows 8 more user friendly. Leaving it as-is would seem to make this a self correcting problem. Good thing I was starting with Windows 7 anyway.
I learned to say the pledge of allegiance
Before they beat me bloody down at the station
They haven't got a word out of me since
I got a billion years probation
- The MC5

Follow the path of the unsafe, independent thinker. Expose your ideas to the danger of controversy. Speak your mind and fear less the label of ''crackpot'' than the stigma of conformity.
- Thomas J. Watson, Sr

It's not rocket surgery.
- Me


I recommend reading through my Bio before responding to any of my posts. It could save both of us a lot of time and frustration.

TaoPhoenix

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 4,642
    • View Profile
    • Donate to Member
Re: German Government Warns Key Entities Not To Use Windows 8
« Reply #5 on: August 23, 2013, 08:49 AM »
It certainly changes my plans to show people how to make Windows 8 more user friendly. Leaving it as-is would seem to make this a self correcting problem. Good thing I was starting with Windows 7 anyway.

Bingo. If it was *just* a stupid interface, whatever. But if there's TPM junk in there, then it has active reasons not to adopt it.

Does anyone know for sure if Win7 had the same module, or if Win8 is the first one?


Vurbal

  • Supporting Member
  • Joined in 2012
  • **
  • Posts: 653
  • Mostly harmless
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: German Government Warns Key Entities Not To Use Windows 8
« Reply #6 on: August 23, 2013, 09:46 AM »
It certainly changes my plans to show people how to make Windows 8 more user friendly. Leaving it as-is would seem to make this a self correcting problem. Good thing I was starting with Windows 7 anyway.

Bingo. If it was *just* a stupid interface, whatever. But if there's TPM junk in there, then it has active reasons not to adopt it.

Does anyone know for sure if Win7 had the same module, or if Win8 is the first one?


If I understand correctly, and assuming both the German government and the folks who reported on the leaked document do as well, the backdoor is only in TPM 2.0. It appears Windows XP, Vista, and 7 all have implementations of TPM 1.x, the latest version being 1.2.

Reading between the lines a little, and knowing just enough about TPM in Windows 7 / Server 2008 to make a barely educated guess, it seems like the difference isn't so much in what version is supported (I think it's mostly a driver issue) as whether it's enabled by default and whether it is ultimately under the user or administrator's control.

I would definitely be concerned about Windows 7, though, since that's the first version where the old monolithic OS was separated into smaller, semi-independent parts. Theoretically that makes major alterations to the kernel of the type which might be necessary for backporting TPM 2.0 more likely than for previous versions. OTOH it's not nearly as much of a modular design as Windows 8 so I wouldn't bet on it.
I learned to say the pledge of allegiance
Before they beat me bloody down at the station
They haven't got a word out of me since
I got a billion years probation
- The MC5

Follow the path of the unsafe, independent thinker. Expose your ideas to the danger of controversy. Speak your mind and fear less the label of ''crackpot'' than the stigma of conformity.
- Thomas J. Watson, Sr

It's not rocket surgery.
- Me


I recommend reading through my Bio before responding to any of my posts. It could save both of us a lot of time and frustration.

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: German Government Warns Key Entities Not To Use Windows 8
« Reply #7 on: August 23, 2013, 10:37 AM »
Use a proprietary closed operating system, and that's a risk you take.

With Microsoft, you get what you pay for. And a whole lot more besides. :-\

Vurbal

  • Supporting Member
  • Joined in 2012
  • **
  • Posts: 653
  • Mostly harmless
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: German Government Warns Key Entities Not To Use Windows 8
« Reply #8 on: August 23, 2013, 01:03 PM »
After some additional reading this is my (only slightly) more educated assessment.

  • 1.x versions of TPM use encryption keys generated by the motherboard's TPM chip at the request of the OS while the keys for TPM 2.0 chips will be pre-generated (by the Trusted Platform Computing Group?) and supplied to the chip makers to hardcode into their chips.
  • TPM, regardless of version, can theoretically be disabled by the motherboard's BIOS settings. Whether that option is available is, of course, up to the vendors. [1]
  • TPM support can be disabled via the registry, at least through Windows 7. There's even (apparently - I can't be bothered to check) a Group Policy setting for it. The option may or may not exist in Windows 8 and setting it may or may not actually work as advertised. I suspect it is still there and, at least for the moment, still effective.
  • The standards development process (within the TPCG) changed for version 2.0 and third parties, including the German government, were excluded. However it appears one of the documents shared with some of those excluded includes a statement suggesting the NSA was still involved. [2]
  • The secrecy surrounding development of the standard combined with the implications of giving Chinese chip manufacturers direct access to the encryption keys and the lack of transparency in Windows code makes it impossible to know whether there might be:
    • An existing TPM 2.0 backdoor in Windows which just needs the appropriate hardware to become an active threat.
    • An existing TPM 2.0 backdoor which isn't active but could potentially be unlocked by an OS update - particularly difficult to detect for a major update like Windows 8.1.
    • A way for Microsoft to add a TPM 2.0 back door via an OS update without it being detected until it's too late.
  • Because of the necessity for tight integration into the kernel, it's more or less impossible for any of those to be true of older Windows versions simply because TPM 2.0 wasn't anywhere near complete at the necessary point in time. [3]

1 With UEFI and Secure Boot even access to the BIOS settings to begin with is an open question. Except for Windows RT devices since it's disallowed by licensing requirements.

2 The NSA's involvement, in and of itself, isn't at all unusual. It's the combination of shutting out foreign governments while still including the US government that's notable.

3 On this point the German government probably has more accurate information than any non-governmental entity outside the TPCG. However that also means there's no way to confirm that there aren't errors in their analysis.


Based on all that I'd say it's a non-issue for any current hardware, regardless of what Windows version you use. For future hardware it's a big concern, and regardless of what version of Windows you have the default assumption should be that TPM 2.0 is a vulnerability simply because of where the attack points are.

Since TPM 2.0 also matches Microsoft's completely public agenda to transform Windows into a Walled Garden in the hopes of replacing their dying Windows/Office licensing revenue streams, it's reasonable to assume forcible use of TPM 2.0 is closely aligned with their interests in any case. The safest bet is to avoid both TPM 2.0 and Windows 8 completely. With most of that being purely in the control of companies who have a vested interest in TPM 2.0 adoption that leaves simply avoiding Windows 8 as the safe bet since that is in your control.
I learned to say the pledge of allegiance
Before they beat me bloody down at the station
They haven't got a word out of me since
I got a billion years probation
- The MC5

Follow the path of the unsafe, independent thinker. Expose your ideas to the danger of controversy. Speak your mind and fear less the label of ''crackpot'' than the stigma of conformity.
- Thomas J. Watson, Sr

It's not rocket surgery.
- Me


I recommend reading through my Bio before responding to any of my posts. It could save both of us a lot of time and frustration.

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: German Government Warns Key Entities Not To Use Windows 8
« Reply #9 on: August 23, 2013, 01:12 PM »
Did/does Windows 7 support TPM? Yes. The BitLocker drive encryption is dependent on it. The more important question here I think, is does you hardware have a TPM chip?

Honestly I'm more than just a bit skeptical about the articles claims about what TPM is capable of. Seems more like they're lumping several different (and somewhat unrelated) technologies into one story with just a bit of straw. The phrase "jumping at shadows" comes to mind... *Shrug*

Remember there was a time when hardware based viruses were discovered and folks yelled for an encrypted/protected boot sector ... Now they have one ... and they're mad about it. I really just don't get that part.

Vurbal

  • Supporting Member
  • Joined in 2012
  • **
  • Posts: 653
  • Mostly harmless
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: German Government Warns Key Entities Not To Use Windows 8
« Reply #10 on: August 23, 2013, 01:41 PM »
Did/does Windows 7 support TPM? Yes. The BitLocker drive encryption is dependent on it. The more important question here I think, is does you hardware have a TPM chip?

It uses TPM by default but can also be configured to operate without it. There have also been no assertions that it can't be turned off other than in Windows 8, although it's equally possible that the German government would be worried purely because they don't have the keys this time around.

Honestly I'm more than just a bit skeptical about the articles claims about what TPM is capable of. Seems more like they're lumping several different (and somewhat unrelated) technologies into one story with just a bit of straw. The phrase "jumping at shadows" comes to mind... *Shrug*

I'm not prepared to make any claims as to the validity of anything absent the sort of information we don't have about the German government's reasoning. However if the keys are pregenerated and hardwired into the chips that's something I wouldn't trust no matter who does or doesn't have access to them.


Remember there was a time when hardware based viruses were discovered and folks yelled for an encrypted/protected boot sector ... Now they have one ... and they're mad about it. I really just don't get that part.

If a chain of trust has links which are intentionally obfuscated the default assumption is, or should be, that they're potential vulnerabilities. If those links happen to be in the control of organizations with an established pattern of both failing to be trustworthy and lying to cover it up, there's no reason to give them the benefit of the doubt and every reason not to.
I learned to say the pledge of allegiance
Before they beat me bloody down at the station
They haven't got a word out of me since
I got a billion years probation
- The MC5

Follow the path of the unsafe, independent thinker. Expose your ideas to the danger of controversy. Speak your mind and fear less the label of ''crackpot'' than the stigma of conformity.
- Thomas J. Watson, Sr

It's not rocket surgery.
- Me


I recommend reading through my Bio before responding to any of my posts. It could save both of us a lot of time and frustration.

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,958
    • View Profile
    • Donate to Member
Re: German Government Warns Key Entities Not To Use Windows 8
« Reply #11 on: August 23, 2013, 03:58 PM »
I had another look at the Zeit article and went to the source link they give (from the BSI= German Department for Security etc.):

https://www.bsi.bund...6907EA4F378.2_cid359

My "officous" German isn't that great, but I can tell you that it talks about the dangers of:
-
certain scenarios where, due to "unintended flaws" [unbeabsichtigte Fehler] of the OS and the hardware, the OS may no longer work properly. These can even lead to permanent hardware failure.
[Insbesondere können auf einer Hardware, die mit einem TPM 2.0 betrieben wird, mit Windows 8 durch unbeabsichtigte Fehler des Hardware- oder Betriebssystemherstellers, aber auch des Eigentümers des IT-Systems Fehlerzustände entstehen, die einen weiteren Betrieb des Systems verhindern. Dies kann soweit führen, dass im Fehlerfall neben dem Betriebssystem auch die eingesetzte Hardware dauerhaft nicht mehr einsetzbar ist. Eine solche Situation wäre weder für die Bundesverwaltung noch für andere Anwender akzeptabel. Darüber hinaus können die neu eingesetzten Mechanismen auch für Sabotageakte Dritter genutzt werden. Diesen Risiken muss begegnet werden.]
-
=> On top of that, the new mechanism/structure could be used by third parties for sabotage.
[Darüber hinaus können die neu eingesetzten Mechanismen auch für Sabotageakte Dritter genutzt werden.]

From that page, there's a link to a PDF - a "Eckpunktepapier" (Benchmark paper?)
http://www.bmi.bund....blob=publicationFile
dated "August 2012".

It seems to be a combination of summarising TPM and how it works: saying what they would expect (in tenders I guess) of it (interopability with other systems, etc.); warning about it's possible dangers; asking people to continue research into it.

There is one line stood out for me - under heading #17 Datenschutz (Data protection):
saying basically that you've got to weigh up the choices/interests before choosing TCP - in the context of data-protection.
[Der Schutz personenbezogener Daten ist eine wichtige Voraussetzung für die Steigerung der Sicherheit im IT-Bereich. Daher sind die Bestimmungen des Datenschutzes bei Entwicklung und Einsatz (Privacy by design) von „Trusted Computing“-Anwendungen zu berücksichtigen und können im Rahmen einer verfassungsrechtlichen Güterabwägung Vorrang vor wirtschaftlichen Interessen haben.]
Tom

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: German Government Warns Key Entities Not To Use Windows 8
« Reply #12 on: August 23, 2013, 04:48 PM »
Remember there was a time when hardware based viruses were discovered and folks yelled for an encrypted/protected boot sector ... Now they have one ... and they're mad about it. I really just don't get that part.

That's not what they're yelling at. The complaint stems from Microsoft co-opting UEFI, adding their own proprietary Secure Boot to the mix - when the fully open CoreBoot already existed and was fully compatible with UEFI - thereby attempting to force Secure Boot down everybody's throat using Microsoft's classic "Embrace/Extend/Extinguish" strategy.

People don't object to having a more secure OS. But they are objecting to Microsoft setting itself up as the de facto gatekeeper when it's not even their technology or initiative.

What's hard to get about that? :)

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: German Government Warns Key Entities Not To Use Windows 8
« Reply #13 on: August 23, 2013, 04:49 PM »
If a chain of trust has links which are intentionally obfuscated the default assumption is, or should be, that they're potential vulnerabilities. If those links happen to be in the control of organizations with an established pattern of both failing to be trustworthy and lying to cover it up, there's no reason to give them the benefit of the doubt and every reason not to.

This. 8)

"Fool me once - shame on you. Fool me twice - shame on me."

IainB

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 7,540
  • @Slartibartfarst
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: German Government Warns Key Entities Not To Use Windows 8
« Reply #14 on: August 26, 2013, 12:24 PM »
^^ Yup. +1 from me. Kinda obvious, and goes without saying, but seems to need to be said in any event. We can sometimes be soo gullible.