Linked by Thom Holwerda on Tue 23rd Oct 2012 18:24 UTC, submitted by Jane Doe
Privacy, Security, Encryption "Last week, the Dutch Minister of Safety and Justice asked the Parliament of the Netherlands to pass a law allowing police to obtain warrants to do the following: install malware on targets’ private computers, conduct remote searches on local and foreign computers to collect evidence, and delete data on remote computers in order to disable the accessibility of 'illegal files'. Requesting assistance from the country where the targetted computer(s) were located would be 'preferred' but possibly not required. These proposals are alarming, could have extremely problematic consequences, and may violate European human rights law." You get true net neutrality with one hand, but this idiocy with another. This reminds me a lot of how some of our busy intersections are designed; by people who bike to city hall all their lives and have no clue what it's like to drive a car across their pretty but extremely confusing and hence dangerous intersections.
Thread beginning with comment 539848
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: Comment by MOS6510
by Doc Pain on Wed 24th Oct 2012 09:54 UTC in reply to "RE[2]: Comment by MOS6510"
Doc Pain
Member since:

If I were a government entity, I'd research ways to break into ordinary computers through the channels manufacturers grant themselves access to, such as OS update mechanisms (which work independently of any inbound firewall techniques, and updates are ostensibly legitimate to an administrator).

How likely is it that no governments have infiltrated the ranks of apple, microsoft, google, ubuntu, etc to copy their signing keys?

That surely is the easier way, but it's possible to do similar things (i. e. hijack the updating mechanism) with no "official" signing:

The full mechanism isn't yet completely analyzed, but Flame has a module which appears to attempt to do a man-in-the-middle attack on the Microsoft Update or Windows Server Update Services (WSUS) system. If successful, the attack drops a file called WUSETUPV.EXE to the target computer.

This file is signed by Microsoft with a certificate that is chained up to Microsoft root.

Except it isn't signed really by Microsoft.

Turns out the attackers figured out a way to misuse a mechanism that Microsoft uses to create Terminal Services activation licenses for enterprise customers. Surprisingly, these keys could be used to also sign binaries.


Microsoft has announced an urgent security fix to revoke three certificates used in the attack.

The fix is available via — you guessed it — Microsoft Update.

Source: "Microsoft Update and The Nightmare Scenario"

The less people care and leave security considerations to others (often: no one), the easier such investigation tools could be deployed widely. Unnoticed by users who don't care anyway, even "artificial evidence" could be created, fitting the bill well:

1. Install malware on targets’ private computers

2. Conduct remote searches on local and foreign computers to collect evidence

3. Delete data on remote computers in order to disable the accessibility of “illegal files.”

as explained in the article. "But I didn't write or download that!" - "But we found it on your PC." - "I didn't do it!" - "Prove that." :-)

Reply Parent Score: 4

RE[4]: Comment by MOS6510
by Alfman on Wed 24th Oct 2012 14:03 in reply to "RE[3]: Comment by MOS6510"
Alfman Member since:

Doc Pain,

"Source: 'Microsoft Update and The Nightmare Scenario'"

Good link to show that these things do happen. This faulty process has presumably been corrected, but that signing keys could be leaked to a government agency is a problem shared by all update mechanisms.

To protect your assets from snoops (corporate or governmental) you really should run two separate networks, one where nothing is allowed to connect externally, and another which can connect externally. Then no components like flash drives as can shared between the networks. This way if there is a backdoor, it cannot be accessed and cannot be used to control the machine. Frankly most people don't have anything worth protecting to this extent, but if your operating an Iranian nuclear facility, you probably do.

Reply Parent Score: 3