Microsoft douses Flame Microsoft has noticed Flame, the malware supposedly burning up the middle east and spreading like wildfire to the rest of the world, and has taken steps to stop it before becoming an uncontrollable conflagration. Redmond's chief concern, according to Mike Reavey, a senior director of the Microsoft Trustworthy Computing effort …
... microsoft is closing the backdoor that the spooks used, now that it's out in the open. Loverly. During the meanwhile, all over the world, idiots with absolutely no knowledge of computer security are still using consumer-grade operating systems in places where they are contra-indicated ... even at the National "Security" level.
My mind boggles, and I weep. Back in the day, we knew what security was.
Whatever MS may have wanted us to think, "trusted computing" was never really about end users and IT departments being able to trust that the systems they paid for were trustworthy, secure and reliable and generally fit for purpose..
"Trusted computing" was about "content providers" being able to trust that Windows and the kit associated with Windows could be trusted not to leak valuable digital copies of their valuable "content". Content providers had to trust that all the way from BluRay or DRM-infested stream via Windows (desktop, set top box, etc) to the HDCP-connected display, no leakage of protected digital content could occur.
Did it work?
Does this mean all I need is an unpatched version of the service and I can sign code to my heart's content? If that is the case, do they really think that the people who write malware and use this exploit are actually going to apply this patch rather than, say, ignore the update and exploit this hole some more?
But the signature will not be recognized by the computers that have been patched, ie your targets (well, hopefully).
So yes, Microsoft is actually closing the loophole, because the only computers the malware writers will be able to infect will be those that have not been patched.
At least I hope so.
While we're made to think that MS is busy hunting malware and such this is really a ruse...
Because when Win8 ships Redmond is needs to be ready for a lot of new released malware which will trick users into running it in order to "re-install the start menu". As such; a field test was in order!
It's called a "collision attack" and comes about because of vunerabilties in the long-troubled MD5 algorithm (see http://www.win.tue.nl/hashclash/rogue-ca/). Mostly the fault lies with certificate authorities who continue to use this weak algorithm.
SHA1 is starting to look vulnerable too now - are we going to find a way to blame that on Microsoft too?
Grow up everyone - it's time to realise that this is an industry problem, not a vendor problem...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
