Unencrypted Windows crash reports give 'significant advantage' to hackers, spies

Windows' error- and crash-reporting system sends a wealth of data unencrypted and in the clear, information that eavesdropping hackers or state security agencies can use to refine and pinpoint their attacks, a researcher said today.

Not coincidentally, over the weekend the popular German newsmagazine Der Spiegel reported that the U.S. National Security Agency (NSA) collects Windows crash reports from its global wiretaps to sniff out details of targeted PCs, including the installed software and operating systems, down to the version numbers and whether the programs or OSes have been patched; application and operating system crashes that signal vulnerabilities that could be exploited with malware; and even the devices and peripherals that have been plugged into the computers.

"This information would definitely give an attacker a significant advantage. It would give them a blueprint of the [targeted] network," said Alex Watson, director of threat research at Websense, which on Sunday published preliminary findings of its Windows error-reporting investigation. Watson will present Websense's discovery in more detail at the RSA Conference in San Francisco on Feb. 24.

Computerworld - Windows' error- and crash-reporting system sends a wealth of data unencrypted and in the clear, information that eavesdropping hackers or state security agencies can use to refine and pinpoint their attacks, a researcher said today.

Not coincidentally, over the weekend the popular German newsmagazine Der Spiegel reported that the U.S. National Security Agency (NSA) collects Windows crash reports from its global wiretaps to sniff out details of targeted PCs, including the installed software and operating systems, down to the version numbers and whether the programs or OSes have been patched; application and operating system crashes that signal vulnerabilities that could be exploited with malware; and even the devices and peripherals that have been plugged into the computers.

"This information would definitely give an attacker a significant advantage. It would give them a blueprint of the [targeted] network," said Alex Watson, director of threat research at Websense, which on Sunday published preliminary findings of its Windows error-reporting investigation. Watson will present Websense's discovery in more detail at the RSA Conference in San Francisco on Feb. 24.

Sniffing crash reports using low-volume "man-in-the-middle" methods -- the classic is a rogue Wi-Fi hotspot in a public place -- wouldn't deliver enough information to be valuable, said Watson, but a wiretap at the ISP level, the kind the NSA is alleged to have in place around the world, would.

"At the [intelligence] agency level, where they can spend the time to collect information on billions of PCs, this is an incredible tool," said Watson.

And it's not difficult to obtain the information.

Microsoft does not encrypt the initial crash reports, said Watson, which include both those that prompt the user before they're sent as well as others that do not. Instead, they're transmitted to Microsoft's servers "in the clear," or over standard HTTP connections.

If a hacker or intelligence agency can insert themselves into the traffic stream, they can pluck out the crash reports for analysis without worrying about having to crack encryption.

And the reports from what Microsoft calls "Windows Error Reporting" (ERS), but which is also known as "Dr. Watson," contain a wealth of information on the specific PC.

When a device is plugged into a Windows PC's USB port, for example -- say an iPhone to sync it with iTunes -- an automatic report is sent to Microsoft that contains the device identifier and manufacturer, the Windows version, the maker and model of the PC, the version of the system's BIOS and a unique machine identifier.

By comparing the data with publicly-available databases of device and PC IDs, Websense was able to establish that an iPhone 5 had been plugged into a Sony Vaio notebook, and even nail the latter's machine ID.

If hackers are looking for systems running outdated, and thus, vulnerable versions of Windows -- XP SP2, for example -- the in-the-clear reports will show which ones have not been updated.

View the original article here

Windows 8 regains uptake mojo, XP restarts death slide

Windows 8 surged in December to end the year with almost 12% of the user share of all Windows personal computers, while the destined-for-retirement Windows XP restarted its decline after a two-month pause, a Web analytics company said Thursday.

Both were good signs for Microsoft, which has bet its future on Windows 8 and implored customers to abandon the aged Windows XP.

According to Net Applications, Windows XP fell 2.2 percentage points in December to 29% of all desktop and notebook computers worldwide, the first time it breached that 30-percent barrier. But the 12-year-old operating system still accounted for nearly a third -- 32% -- of Windows-powered PCs.

Computerworld - Windows 8 surged in December to end the year with almost 12% of the user share of all Windows personal computers, while the destined-for-retirement Windows XP restarted its decline after a two-month pause, a Web analytics company said Thursday.

Both were good signs for Microsoft, which has bet its future on Windows 8 and implored customers to abandon the aged Windows XP.

According to Net Applications, Windows XP fell 2.2 percentage points in December to 29% of all desktop and notebook computers worldwide, the first time it breached that 30-percent barrier. But the 12-year-old operating system still accounted for nearly a third -- 32% -- of Windows-powered PCs.

Meanwhile, Windows 8's and 8.1's combined user share of all computers reached 10.5%. Of the systems running Microsoft's OS, Windows 8/8.1 owned a user share of 11.6%.

Both operating systems had taken a break in October and November from earlier trends: Windows XP's gradual decline and Windows 8's deliberate growth.

Their December changes were the largest since September, Net Applications data showed.

The gain by Windows 8 and 8.1 was likely due to new PC purchases in the last month of 2013: Most consumer systems come equipped with the newest version, Windows 8.1, which accounted for 34% of the combined total, up from November's 28%.

Windows 8's increase put some more distance between it and Windows Vista, the 2007 OS bust: The gap between it and Windows 8 increased by seven-tenths of a percentage point in December.

But Windows 8 remained far behind Windows 7's adoption. Fourteen months after its debut, Windows 7 powered 23.1% of all Windows systems, nearly twice that of Windows 8. In fact, Windows 7 grew its user share last month, adding nine-tenths of a percentage point to end December at 47.5% of all computer operating systems, and at 52.4% of those running a flavor of Windows. Both were records for the 2009 operating system, hinting that it will remain a standard for years to come.

The decline in Windows XP may have contributed to the increase of Windows 7 as well as Windows 8 and 8.1, as some users migrated from the 2001 OS to Windows 7 as a way to forestall trying the radically-redesigned Windows 8. Most businesses, analysts have said, will stick with Windows 7 as long as possible rather than incur the costs of another migration.

Microsoft must be smiling at the revival of Windows XP's downturn: The company has been aggressive in its efforts to convince customers to ditch Windows XP before it's retired from security support on April 8, 2014. For the most part, those messages have been received, even if Microsoft would prefer a faster rate of desertion: In the last 12 months, XP's user share has dropped 10 percentage points, representing a 26% decline.

Using XP's average changes over the last 12 months, Computerworld now forecasts that Windows XP will power between 25% and 26% of all personal computers at the end of April.

Net Applications measures operating system user share by tracking unique visitors to approximately 40,000 sites that rely on its analytics software.

View the original article here