Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Opens 'Transparency Center' For Governments To Review Source Code

Soulskill posted about 3 months ago | from the proof-is-in-the-proprietary-pudding dept.

Microsoft 178

MojoKid writes with news that Microsoft has announced the opening of a 'Transparency Center' at their Redmond campus, a place where governments who use Microsoft software can come to review the source code in order to make sure it's not compromised by outside agencies. (The company is planning another Transparency Center for Brussels in Belgium.) In addition, Microsoft announced security improvements to several of its cloud products: As of now, Outlook.com uses TLS (Transport Layer Security) to provide end-to-end encryption for inbound and outbound email — assuming that the provider on the other end also uses TLS. The TLS standard has been in the news fairly recently after discovery of a major security flaw in one popular package (gnuTLS), but Microsoft notes that it worked with multiple international companies to secure its version of the standard. Second, OneDrive now uses Perfect Forward Secrecy (PFS). Microsoft refers to this as a type of encryption, but PFS isn't a standard like AES or 3DES — instead, it's a particular method of ensuring that an attacker who intercepts a particular key cannot use that information to break the entire key sequence. Even if you manage to gain access to one file or folder, in other words, that information can't be used to compromise the entire account.

cancel ×

178 comments

Sorry! There are no comments related to the filter you selected.

What's the point? (5, Insightful)

Anonymous Coward | about 3 months ago | (#47366143)

Governments shouldn't be using closed source garbage to begin with. It just locks them into a specific company and keeps them at their mercy, not to mention that even if the government reviews the source, the public can't do the same. Not a good message to send.

Re:What's the point? (2, Insightful)

Anonymous Coward | about 3 months ago | (#47366185)

The alternative is for governments to use open source software and manage software development and maintenance themselves (or contract it out). Looking at fumbling attempts at any IT project from just about any government I wouldn't trust their competence enough to extend them more responsibilities.

Re:What's the point? (4, Interesting)

AHuxley (892839) | about 3 months ago | (#47366235)

At least then its your own countries option. No colonial box or product to buy, then rent support for and beg for fixes.
A domestic IT project at least offers your best experts to set standards and review the code.
Other nations do not all fail at complex math, code, design or funding.
Other nations may try to keep 5+ other countries out of a networked product as delivered.

Re:What's the point? (1)

exomondo (1725132) | about 3 months ago | (#47366291)

At least then its your own countries option.

Isn't it already their option?

Re:What's the point? (2)

AHuxley (892839) | about 3 months ago | (#47366343)

Re 'Isn't it already their option?"
Not with complex trade deals demanding equal consideration to fully imported systems. The reality that a product line is open to 5+ other nations security services is not really allowed to stop consideration early.

Re:What's the point? (1)

exomondo (1725132) | about 3 months ago | (#47366359)

So foreign governments are forced to consider Microsoft's offerings? Even in that case they just have to compete on merit.

Re:What's the point? (1)

viperidaenz (2515578) | about 3 months ago | (#47366655)

A domestic IT project at least offers your best experts to set standards and review the code.

Providing you pay them enough and they want to. Unless you run a dictatorship of course and can force people to work for the government.

Re:What's the point? (0)

Anonymous Coward | about 3 months ago | (#47366541)

So contract it out to companies. If they're going to trust bumbling, untrustworthy companies (like Microsoft) right now, there is no reason not to contract it out. Furthermore, if it's open source, anyone can modify the code.

Re: What's the point? (3, Insightful)

cyber-vandal (148830) | about 3 months ago | (#47366649)

Some of the most expensive IT failures in history have come from contracting it out to the amazingly efficient do no wrong private sector.

Re:What's the point? (0, Insightful)

Anonymous Coward | about 3 months ago | (#47366261)

>Governments shouldn't be using closed source garbage to begin with.

Yeah, they should be using buggy open sourced garbage instead, like OpenSSL and Heartbleed.

Re:What's the point? (1, Insightful)

jeIlomizer (3670951) | about 3 months ago | (#47366545)

Whether you know it or not (And frankly, if you don't know that Microsoft's products are buggy and full of security holes, you're profoundly ignorant.), the same is true of proprietary software. In fact, it's probably worse, since it's much more difficult to see the code and fix it. At any rate, using a single example and holding it against open source in general is extremely idiotic.

Re:What's the point? (-1)

Anonymous Coward | about 3 months ago | (#47366891)

How much does Linux Foundation pay for you to post that?

Re:What's the point? (0, Offtopic)

jeIlomizer (3670951) | about 3 months ago | (#47366953)

How much does Microsoft pay for you to post that?

Re:What's the point? (0)

Anonymous Coward | about 3 months ago | (#47367079)

You really want to do a bug count of propietary versus GNU and other open source software? Over, say, the last twenty years. You really want to do that?

Re:What's the point? (4, Interesting)

dotancohen (1015143) | about 3 months ago | (#47366501)

Governments shouldn't be using closed source garbage to begin with. It just locks them into a specific company and keeps them at their mercy, not to mention that even if the government reviews the source, the public can't do the same. Not a good message to send.

Actually, the _real_ point here is that Microsoft is now implying, quite strongly, that open-source software is preferable for security, privacy, and other sensitive purposes.

I hope the governments and other entities that this program targets are smart enough to read between the lines.

Re:What's the point? (3, Interesting)

viperidaenz (2515578) | about 3 months ago | (#47366659)

Microsoft isn't implying that. They trying to convince customers they don't have NSA backdoors.

Re:What's the point? (4, Insightful)

Dr_Barnowl (709838) | about 3 months ago | (#47366713)

And who says they build their binaries from those sources? The backdoors are probably kept in a separate branch and merged with the release branch at build time...

Re:What's the point? (1)

jeIlomizer (3670951) | about 3 months ago | (#47366835)

By showing them the source code. See how that works?

PR move (1)

aNonnyMouseCowered (2693969) | about 3 months ago | (#47367085)

"Microsoft isn't implying that. They trying to convince customers they don't have NSA backdoors."

Yes this smells more like a PR move than anything else. Any government serious about security will roll out its own software stack, which unlike hardware costs practicallly nothing after the initial development. This will limit the attack vector to rogue chips.

Re:What's the point? (1)

jones_supa (887896) | about 3 months ago | (#47366915)

Actually, the _real_ point here is that Microsoft is now implying, quite strongly, that open-source software is preferable for security, privacy, and other sensitive purposes.

You're spinning it quite strongly.

Re:What's the point? (1)

viperidaenz (2515578) | about 3 months ago | (#47366647)

If they can review the source, it's not really closed is it?

Re:What's the point? (0)

Anonymous Coward | about 3 months ago | (#47366831)

Who can review the source? Only the government. Not citizens. Who knows what the government is allowing to slip by? And again, the problem is also with vendor lock-in. The government should be using free software so that it can be reviewed and modified by anyone.

Re:What's the point? (0)

Anonymous Coward | about 3 months ago | (#47366955)

And yet the governments are mostly using commercial, proprietary software. Why? Because they can actually pay the software engineers to create stable software with great management tools. That's what Windows is about. If Windows was open sourced, Microsoft couldn't sell it anymore! Selling binary software is the cornerstone of the whole company. Where's the problem? Especially since the NT6 base, Windows has been pretty good software.

With Linux you just get slow and bloated desktop, enterprise management tools that leave a lot to desire, and lots of weird little glitches which will make your support costs skyrocket.

Somebody has to do it (3, Interesting)

UrsaMajor987 (3604759) | about 3 months ago | (#47366145)

Ken Thompson on trusting trust. http://cm.bell-labs.com/who/ke... [bell-labs.com]

Re:Somebody has to do it (5, Informative)

Anubis IV (1279820) | about 3 months ago | (#47366307)

The TL;DR version for folks who haven't seen it before or don't want to read it (which you really should do): just because the source is trustworthy doesn't mean the binaries are. The process to accomplish this sort of attack is fairly straightforward:
1) Modify, say, the compiler's source code so that it adds backdoors to some/all of the code it compiles.
2) Compile it, then replace the clean binary for the compiler with this new, tainted binary.
3) Revert the changes to the compiler's source code, erasing any evidence of wrongdoing.

By itself, that doesn't create a backdoor, but anything compiled using the tainted binary could potentially have a backdoor secretly added, even though the source code for both that code and the compiler would appear to be perfectly clean. The problem could be very hard to discover or pin down as well, only manifesting when a particular file is getting compiled, or even a particular line of code.

I think most of us are already familiar with this sort of attack, but it's worth repeating, since it's exactly the sort of thing that Microsoft's "Transparency Centers" don't address, and exactly the sort of thing we'd be expecting a government to be doing.

Re:Somebody has to do it (1)

AHuxley (892839) | about 3 months ago | (#47366361)

A decade later in some distant country: "but the checksums matched"

Re:Somebody has to do it (0)

Anonymous Coward | about 3 months ago | (#47366695)

'Transparency Center' at their Redmond campus, a place where governments who use Microsoft software can come to review the source code

Probably off topic, but after what you've said, government agencies will HAVE TO VISIT, the center in order to view the code? I'm not sure I have yet to read the linked article, and considering its MS I have a funny feeling that, any agency or government official will have to sign some sort of wavier that they cannot make any public statements about what they found just some meme comment or report, "well there's nothing in the code".

This is pretty typical of MS, this is in no way "transparent", it would make more sense to have security researchers, code experts (if want to call them that) to inspect the code. I guess it would be possible for a government official to bring along a security researcher/s, code experts, ect., but again there's serious doubts in trusting governments.

Even more amusing how do you know government isn't studying the code to find exploits!

Re:Somebody has to do it (1)

thegarbz (1787294) | about 3 months ago | (#47366829)

I've seen this repeated a few times. It looks like a great attack vector. While it's certainly within the realms of possibility I wonder however if it is in the realm or practicality.

I mean something like this, hard to find, which creates an almost undetectable security flaw (imagine the team going through the source trying to find the bug) would be hell desirable which makes me wonder why this attack hasn't been seen in the wild before.

Deterministic building (2)

DrYak (748999) | about 3 months ago | (#47366951)

By itself, that doesn't create a backdoor, but anything compiled using the tainted binary could potentially have a backdoor secretly added, even though the source code for both that code and the compiler would appear to be perfectly clean.

...And solutions against this do exist:

A. Deterministic building.
All software were security is important (Tor, Truecrypt, Bitcoin, to mention a few who practicise this approach) have clear procedures designed to compile a binary in a perfectly repeatable form. A rogue compiler would be easy to detect, because it won't create the same binary as everybody else.

B. Comparing compilers.
Use a small collection of different compilers (a few version of GCC, a few other of LLVM, etc) to compile a compiler whose source you trust (say, a security-reviewed and approved GCC 4.9).
From this point on, you can already compare the output of each of these "GCC 4.9-as-compiled-by-other" by compiling a few test code and see if they matches. Look if any of the test codes has backdoors injected.
- Now you already know which compiler you can trust

Then use that compiler (I mean the multiple versions produced by the various compilers of the first step) to bootstrap it self (you end-up with several version of "GCC 4.9 as compiled by GCC 4.9", each with a different starting point).
Normally all these last step compilers should be more or less similar (see "deterministic" building to reduce the amount of random differences). A rogue compiler will notably stand out.
- Now you have trusted environment, compiled by a trusty compiler.

Seems complicated, but as I've said, people in critical niches (Tor, Truecrypt, Bitcoin) are already doing exactly that.

That raises tremendously the bar of what the governments need to back-door software (virtually any modern compiled need to be compromised, as well as numerous tools around them. Forget one obscure thing somewhere, and someday a researcher or hobbyist will notice discrepencies)

I think most of us are already familiar with this sort of attack, but it's worth repeating, since it's exactly the sort of thing that Microsoft's "Transparency Centers" don't address, and exactly the sort of thing we'd be expecting a government to be doing.

Yup. The first most important thing is to determine a clear procedure how to take the official source and rebuild the same binaries that everybody is having.
(i.e.: you should be able to check out the source, hit recompile and end-up with an installation CD that is indistinguishable from the retail one. So you know you're actually check the real source, and not some decoy put here for you, while a different backdoor-infested version is getting distributed to your government).
And as you say that excatly NOT what microsoft is doing.

Also, having only 2 centers world-wide, where only government mandated devs are invited severly limits the research exposure of the code.
I'm ready to predict that the only real results will be.
- Big security people who don't happen to be sent by a government won't have a look at the code, and probably several shortcomings will never get seen. The end result won't be as secure as if you let the OpenBSD devs create a LibreDows(*) fork with a "Valhalla Rampage" treatment on it.
- Some black hat will manage to slip through the checks, leak the source. It will get passed around on under ground dark nets, and the next week you'll see an abominable explosion of 0-day exploits traded on the shadiest parts of the net.

---
(*): Only works when built on system with massive security counter-measures in their default C library. Like OpenBSD. Secured wrappers provided for Linux (those blissfully ignorant people). Go fuck yourself if you use some outdated os like old-school VMS (pre OpenVMS). Or if you use an outdated compiler like Visua... Oops. Damn!

Re:Somebody has to do it (0)

Anonymous Coward | about 3 months ago | (#47366989)

No need to be that fancy. The entire OS can be perfectly clean - until the next "security update". Silently downloaded off the net in the background. If they wanted to be a little clever they could block IP addresses known to be used by security researchers but really it's not necessary if the update is structured to have an "exploitable bug" in it

I'm confident that the NSA etc, have many such packages ready to go for all the major OS'. It's almost trivial.

Re:Somebody has to do it (1)

Zaelath (2588189) | about 3 months ago | (#47366587)

First thing I thought of too. It's only a 30 year old problem :)

Code vs Binaries: Big Difference (5, Insightful)

Anonymous Coward | about 3 months ago | (#47366157)

Who cares if you can look at the code? What matters is what you're running.

Looking at the code gives you nothing if you can't compile it to the exact same binary that you are running.

And even if they let you do that... you still need to trust the compiler, and the compiler that compiled that compiler, etc.

Re:Code vs Binaries: Big Difference (0)

Anonymous Coward | about 3 months ago | (#47366193)

Then whether it's open source or not doesn't matter, nobody is going to understand everything at every layer so they would have to trust somebody else (realistically multiple people) anyway.

Opensource (3, Informative)

DrYak (748999) | about 3 months ago | (#47366985)

The main advantages of free/libre open-source software is:

- source is available to review and hack upon for a WAY MUCH LARGER audience. It's "a few security reviewers cherry picked by a government" vs. "virtually anybody who has the time and resource to invest in it".
So you have a bigger pool from which to pick somebody who "is going to understand everything at every layer", or at least understand big enough parts of it, at a large enough number of layers, with enough overlap with the other "somebodies".

- the whole echo system is open. You can review lots of other stuff (compilers, libraries, etc.) You can have deterministic building to check if you really have the code that really produced the official binaries (that's already something that Tor, Truecrypt, Bitcoin, etc. are doing).
There's lot of things that you can do to check every piece of software that you need to trust.

Well of course, that's a lot work required. So in the end, you'll end up having to trust multiplt other people anyway. But at least, with opensource, that's a choice, and in any case you can do the checks your serlf (or more reallistically: ask someone you actually trust to do it for you. As in the current ongoing review of TrueCrypt, for example).

Whereas, no matter how motivated, with closed source software you'll always hit a wall. (Well microsoft gives you a peek at the windows code, but not necessarily all the rest needed to check full security).

Re:Code vs Binaries: Big Difference (0)

TractorBarry (788340) | about 3 months ago | (#47366877)

+1 informative.

Sums up the main points nicely.

Who thinks up these names? (2)

dbIII (701233) | about 3 months ago | (#47366167)

Perfect Forward Secrecy? Why not call it Excessive Hubris Before Fuckup? Eventually something is going to be more "perfect" even if the thing is quite good.

Re:Who thinks up these names? (1)

LordLimecat (1103839) | about 3 months ago | (#47366309)

People who get paid to study cryptography come up with the name.

Eventually something is going to be more "perfect" even if the thing is quite good.

Actually in this case, perfect refers to the fact that compromising one session's key provides no advantage in cracking another session. You cannot improve that aspect of it, if it is implemented properly.

Ironic you should speak of hubris.

Somebody much smarter than you, dbIII (4, Informative)

cbhacking (979169) | about 3 months ago | (#47366839)

The summary's description of PFS is a complete clusterfuck, of course (this is /. so *obviously* the summary is going to be technically inaccurate, right?). Yours (LordLimecat) is more accurate, but the full concept isn't that hard so I'll explain it below.

First, some quick basics of TLS (I'm leaving out a lot of details; do *NOT* try to implement this yourself!):

  • A server has a public key and a private key for an asymmetric cipher, such as RSA.
  • When a client connects, the server sends their public key to the client. The public key is used to authenticate the server, so the client knows their connection wasn't intercepted or redirected.
  • The client can also encrypt messages using the public key, and only the holder of the private key (the server) can decrypt those messages.
  • Because RSA and similar ciphers are slow, TLS uses a fast, symmetric cipher (like AES or RC4) for bulk data.
  • Before bulk data can be sent, the client and the server need to agree on a symmetric cipher and what key to use.
  • The process of ensuring that both parties have the same symmetric key is called Key Exchange.
  • Obviously, the key exchange itself needs to be protected; if the key is ever sent in plaintext, an attacker can decrypt the whole session.

Here's the scenario where PFS matters, and why it is "perfect":

  • SSL/TLS (same concept, just different versions of the protocol really) is being used to secure connections.
  • An attacker (think NSA) has been recording the encrypted traffic, and wants to decrypt it.
  • The attacker has a way to get the private key from the server (a bug like Heartbleed, or possibly just a NSL).

Here's where it gets interesting:

  • Without PFS (normal SSL/TLS key exchanges), the key exchange is protected using the same kind of public-key crypto used to authenticate the server. Therefore, without PFS, our attacker could use the private key material to either decrypt or re-create the key, and decrypt all the traffic.
  • With PFS, the key exchange is done using randomly generated ephemeral (non-persistent) public and private parameters (Diffie-Hellman key exchange [wikipedia.org] ). Once the client and server each clear their private parameters, it is not possible for anybody to reconstruct the symmetric key, even if they later compromise the server's persistent public/private key pair (the one used for authentication).

It is this property, where the secrets needed to recover an encryption key are destroyed and cannot be recovered even if one party cooperates with the attacker, which is termed Perfect Forward Secrecy. Note that PFS doesn't make any guarantees if the crypto is attacked while a session is in progress (in this case, the attacker could simply steal the symmetric key) or if the attacker compromises one side before the session begins (in which case they can impersonate that party, typically the server). It is only perfect secrecy going forward.

More likely people in marketing (1)

dbIII (701233) | about 3 months ago | (#47366941)

People who get paid to study cryptography come up with the name.

Just like with "wired equivalent privacy" that we laugh at now? I'd say both have the stench of marketing and excessive hubris.

Re:Who thinks up these names? (4, Informative)

Anonymous Coward | about 3 months ago | (#47366327)

"Perfect Forward Secrecy" is a standard term in cryptography. It seems to have been introduced by Diffie, van Oorschot, and Weiner in their paper Authentication and Autheticated Key Exchanges [carleton.ca] .

The description of Perfect Forward Secrecy in the summary seems pretty confused. A cryptographic protocol has perfect forward secrecy if the only long-term key pair is used solely for authentication; that is to protect against man in the middle attacks and the like. Since you can't perform a man in the middle attack once the message has been transmitted, this means that compromise of the private key only jeopardizes future communications. In contrast, if a service uses RSA or ElGamal in the usual manner, then once the private key is compromised (e.g. via a Heartbleed like vulnerability), then all messages ever transmitted can be decrypted using this private key.

Re:Who thinks up these names? (1)

dbIII (701233) | about 3 months ago | (#47366949)

Now that's a very useful answer unlike the sniping from cbhacking and LordLimecat.

Re:Who thinks up these names? (1)

icebike (68054) | about 3 months ago | (#47366579)

Further more, why is Microsoft bragging about how secure OneDrive is when the NSA documents leaked by Snowden already show that the NSA has total access to your OneDrive?

Re: Who thinks up these names? (1)

Anonymous Coward | about 3 months ago | (#47366811)

Any specific citation on this?

methods of vulnerability. (-1)

Anonymous Coward | about 3 months ago | (#47366177)

quantum states can be copied from long-range. pre-encryption. entire keys can be copied from DRAM emissions, bus emissions, and CPU emissions.

passwords can be read from users minds using remote neural monitoring of brain quantum states. and the government already has this fully deployed in space and ground based radar.

so Microsoft protects against only the non-governmental intruder here. moves their backdoor deals to higher levels knowing it's still insecure and can never be secured.

because nothing can be secured at the quantum level and all states of matter and energy can be remotely duplicated. in fact this is how CPUs and hardware works up close. it's not a stretch to do it longer range.

um, and what if the Intel and AMD cpus are insecure on top of that? I mean look at the backdoor debug mode in AMD's systems. the opcode, and transistors are insecure, .. AMD actually has a full set of registers that run along side the normal ones in their CPUs. all this is totally stuff the NSA uses to run software covertly, break hardware protection barriers, and more, all by setting a specific password in the registers from protected user mode space. http://hardware.slashdot.org/story/10/11/12/047243/hidden-debug-mode-found-in-amd-processors [slashdot.org]

Intel's got the same stuff built into their processors it's just not been publically exposed yet.

http://www.obamasweapon.com/ [obamasweapon.com]

"it's almost done at the quantum level". -Dr. Fred Bell, DOD physicist.

It all ends up (1)

AHuxley (892839) | about 3 months ago | (#47366195)

As plain text on a US branded OS at the end of the fancy new encryption.
With all the legal obligations in the telco sector all products have to be wiretap-friendly.
CALEA obligations should be very clear to the rest of the world by now. The options presented under CISPA should have been noted too.
Your email, video chat, text, chat will end up as a neat industry standard format for law enforcement use. There will be no going dark on any US product shipped.
"FBI: We need wiretap-ready Web sites - now" (5 May 2012)
http://www.cnet.com/au/news/fb... [cnet.com]

Better way for Microsoft to earn trust (1, Offtopic)

jkrise (535370) | about 3 months ago | (#47366205)

Don't force bloatware on hapless customers. XP was 1.2GB. XP with SP2 was about 2GB. XP with SP3 is about 7GB. And now Microsoft claims XP is so insecure it cannot be patched anymore, so customers have to buy a new OS which weighs in at 20GB.

Cut all the crap and come clean. Release the entire source code for XP if you are not going to patch it. Or keep quiet and prepare to be unbelieved even if you speak the truth.

Re:Better way for Microsoft to earn trust (0)

Anonymous Coward | about 3 months ago | (#47366279)

>And now Microsoft claims XP is so insecure it cannot be patched anymore

Liar. Microsoft said they are discontinuing support to get people to move onto newer versions. Where did they say they couldn't patch it anymore because it was so insecure?

Re:Better way for Microsoft to earn trust (0)

Anonymous Coward | about 3 months ago | (#47366281)

They don't need you to believe them, they only need the governments to believe them and you can't even keep your own elected officials honest anyway.

The idea that you're "forced" or "locked in" in is apologist rubbish anyway, that's really the thing that needs to be overcome. The worst thing is that you might lose some of the formatting of your older documents...boo hoo. If that's really important then have one dedicated system inside the company/department that has that proprietary software on it to handle those edge cases and gradually phase them out. But crying "oh it's hopeless, us poor downtrodden folk being helplessly at the mercy of the corporations" is just an excuse used by lazy people to avoid taking any responsibility or action.

Re:Better way for Microsoft to earn trust (0)

jkrise (535370) | about 3 months ago | (#47366487)

Be brave enough to post after logging in, or you will be thought of as a shill.

My post wasn't about the options for Microsoft's customers. It was about Microsoft's attempts at transparency to earn trust.

Re:Better way for Microsoft to earn trust (0)

Anonymous Coward | about 3 months ago | (#47366529)

Be brave enough to post after logging in, or you will be thought of as a shill.

A pseudonym will alleviate that for you? Well you are indeed easily swayed if a mere pseudonym affects your perception that dramatically, it seems as though you are just making more excuses. More to the point who do you suggest I would even be a shill for? I am actively saying people are not locked in and could easily change if they wanted to. If a shill existed here it would be somebody like you, perpetuating the idiotic, false notion that customers are hapless and forced to accept Microsoft's will.

Re:Better way for Microsoft to earn trust (0)

jkrise (535370) | about 3 months ago | (#47366549)

A pseudonym enables other posters to look at your posting history and judge for themselves based on what they see.

Re:Better way for Microsoft to earn trust (0)

Anonymous Coward | about 3 months ago | (#47366613)

If you have concerns about the legitimacy of my opinion I would be happy to hear them, but you don't. You simply do not like it which is why you offer a limp-wristed attempt to discredit it by using baseless "shill" accusation (despite anybody with the slightest amount of brainpower being able to see it is the exact opposite of a "shill" post, which suggests you dont even know what a "shill" is) rather than any sort of coherent or intelligent rebuttal all the while you spout rubbish of how customers are hapless and forced to obey Microsoft. Well they aren't, even if you so wish them to be.

Re:Better way for Microsoft to earn trust (1, Interesting)

jkrise (535370) | about 3 months ago | (#47366637)

If you want to buy 20 machines today with a Windows OS, the only choice is Windows 8. Even though almost a billion PCs run XP, it is not possible to get a new machine with a legal licensed copy of XP without jumping through numerous hoops and shelling out loads of cash.

Microsoft wants us to trust their word that it is not feasible to offer or support XP on new machines. This is not believable. Opening up the source code is the only way to prove or disprove Microsoft's version of the facts.

Whether you agree or not is not important. Hundreds of legacy code developed for Windows platform using Windows development tools run only on XP and are not supported by 7 or 8. Customers are left with no choice but to rewrite code at great expense, often impossible since the vendors are no longer in business. In my view this represents a lock-in, whereby customers are forced to shell out large sums of money to obtain support for XP legally on new systems by investing in Enterprise Volume License Agreements and associated costs.

Re:Better way for Microsoft to earn trust (0)

Anonymous Coward | about 3 months ago | (#47366663)

If you want to buy 20 machines today with a Windows OS, the only choice is Windows 8.

No it is not. Even if it were you would not be forced to use it.

Microsoft wants us to trust their word that it is not feasible to offer or support XP on new machines.

Why are you using Microsoft products? Why are you using Windows XP when you do not have the source code for that either? If they dont want to support it that is their decision, use something else, the smart people would choose something open source.

Opening up the source code is the only way to prove or disprove Microsoft's version of the facts.

It proves nothing, they could just as easily say "we dont want to support XP anymore" and that wouldnt change a thing, except to people like you who continue to spread FUD that people cannot escape Microsoft.

Hundreds of legacy code developed for Windows platform using Windows development tools run only on XP and are not supported by 7 or 8.

Microsoft have no obligation to continue supporting XP, or in your haste to suckle at the Microsoft teat did you not think of that? You are a victim of your own poor decisions and you are now paying the price, hopefully you have some sense this time but it seems you see yourself as hapless and will just upgrade to another Microsoft product and get on their upgrade treadmill again.

Customers are left with no choice but to rewrite code at great expense

Customers should have written portable code, again victims of their own stupidity but I fail to see how this ties them to Microsoft since Microsoft no longer supports XP. On one hand you say hapless consumers must upgrade while you spew doublespeak that they cannot upgrade because their applications will not run on new versions. Your logic fails, you are inconsistent.

In my view this represents a lock-in, whereby customers are forced to shell out large sums of money to obtain support for XP legally on new systems by investing in Enterprise Volume License Agreements and associated costs.

No they are not forced to do that, you just want them to do that. Instead of funding XP development they should fund cross-platform development. But you pretend that their only option is to fill Microsoft's coffers instead.

Re:Better way for Microsoft to earn trust (0)

jkrise (535370) | about 3 months ago | (#47366683)

My first and subsequent posts, and the article - are all about Microsoft's attempts to earn trust. Many millions of customers have already reposed trust and money with Microsoft for their software. Migrating to open source is not an easy option for most of them; and indeed that is not the point under debate.

If Microsoft wants their loyal trustworthy userbase to continue to trust them, they should adopt different measures than being pseudo-transparent with biggest customers such as the government. I have not written, nor intend to debate upon Microsoft's customers migrating to open source.

Re:Better way for Microsoft to earn trust (0)

Anonymous Coward | about 3 months ago | (#47366901)

If Microsoft wants their loyal trustworthy userbase to continue to trust them, they should adopt different measures than being pseudo-transparent with biggest customers such as the government.

But you just told me they are locked in, if that were true then Microsoft doesnt need to earn their trust, they didnt need to before so why would then now?

Re:Better way for Microsoft to earn trust (5, Insightful)

exomondo (1725132) | about 3 months ago | (#47366673)

Hundreds of legacy code developed for Windows platform using Windows development tools run only on XP and are not supported by 7 or 8.

So not only have you tied yourself to a particular version of a proprietary OS that - as we all know from previous experience - has a limited lifetime but you chose to do that by using proprietary software that won't run on anything else and you didn't think there might be a problem with that? Seriously? If you cut corners then you're going to get burned.

Re:Better way for Microsoft to earn trust (2)

Dr_Barnowl (709838) | about 3 months ago | (#47366727)

Hundreds of legacy code developed for Windows platform using Windows development tools run only on XP and are not supported by 7 or 8.

This is generally because they were really badly written and do things that have been recommended against for years - like storing settings in the same folder as the program, which means that in some cases non-admin users can't even use the program because they don't have permission to create the initial settings file. I'd like to say this is generally confined to amateur developers but I've seen it so many times from so-called professionals that it's sad.

It's not something specific to Windows, but not something you tend to see as much in the POSIX world because there is such a long-standing culture of *nix machines being multi-user machines - programmers tend to grok from the outset that user programs need to store user settings in a user's home folder.

In general, Windows 7 is impressively compatible with code written for Windows XP (and Windows 2000, etc.). The difference is that IT departments have started locking Windows 7 machines more than they have done in the past.

Re:Better way for Microsoft to earn trust (-1)

Anonymous Coward | about 3 months ago | (#47366745)

You smell bad and also drink your own pee.

Judge that while you masturbate over hilarious whines about 'bloat'.

Seriously? It's two thousand fucking fourteen. Hard drive space in the double digit gigabyte range has been completely inconsequential for years. Graphics assets alone have increased in size exponentially since your apparent 1995-era golden age.

And OS X and every last Linux distribution with similar functionality is just as "bloated".

You have no point. You're spewing nonsense. Drink more fresh urine.

Re:Better way for Microsoft to earn trust (-1)

Anonymous Coward | about 3 months ago | (#47367073)

Aww, did the angry little toddler get at the keyboard while mommy and daddy were away making you a brother or sister?

...and.. (4, Insightful)

JustNiz (692889) | about 3 months ago | (#47366219)

>> a place where governments who use Microsoft software can come to review the source code

Where's the proof that the source code you see is exactly the same as that which gets compiled to make the Windows you buy?

Also does anyone else find it as highly suspicious as me that this center is only open to governments?

Re:...and.. (3, Interesting)

AHuxley (892839) | about 3 months ago | (#47366265)

re Where's the proof that the source code you see is exactly the same as that which gets compiled to make the Windows you buy?
Your experts compile/test the code as they wish over time at the site. The end result is then known.
A magic number is then produced as to the tested product on site. The application/suit as shipped then matches that same end test numbers.
ie the applications do not have ~extra code added.

Re:...and.. (0)

Anonymous Coward | about 3 months ago | (#47366363)

You know damn well they're not going to do all that.

Re:...and.. (2)

scsirob (246572) | about 3 months ago | (#47366607)

That will only work if government officials observe the creation of the gold RTM code and then every patch there after. Inspecting the source code today and not finding anything is no guarantee that this will be the case tomorrow. You don't get 'your compiled version' as the production code. And even if you do, the next round of patches you are done for.

Using a checksum/hash for the produced files is no use either. Even with unmodified sources, if you compile the same code twice, the produced executable will have different metadata (creation date, file headers, build number) so the hash will be differrent.

Re:...and.. (1)

AHuxley (892839) | about 3 months ago | (#47366619)

The fun of the magic numbers :)

Re:...and.. (1)

Dr_Barnowl (709838) | about 3 months ago | (#47366731)

It wouldn't work at all - there's nothing magic about them numbers.

The only way to be sure that you got a copy of binaries that corresponded to the source code would be for each agency concerned to get it's own copy of the source, and build Windows for itself, using it's own audited compiler toolchain. This is not something that MS will allow to happen.

Re:...and.. (0)

Anonymous Coward | about 3 months ago | (#47366899)

Plus, you need an additional clean bootstrap compiler to compile the Visual Studio compiler and tools to counter the famous "on trusting trust". That's a major engineering effort and I doubt I'll see that one happen.

Re:...and.. (0)

Anonymous Coward | about 3 months ago | (#47366895)

Oh, please. Given that many compilers insert dates, the checksums won't match: you have to actually read the binaries and run them through debuggers, and there's just too much code to do this reasonably in modern Windows releases. The morass of interwoven tentacles, treating your operating system much like hentai monsters treat little blonde teens, makes it nearly impossible to analyze.

  Also given the number of fascinating vulnerabilities found and sent to CERN, and which CERN will not publish because Microsoft has not fixed them, the relevant US agencies need merely access the reports there. They need add *nothing* to the source code for full remote access.

Re:...and.. (0)

Anonymous Coward | about 3 months ago | (#47366633)

A page right of the Chinese Operating Manual. Sure, have a look at a source code, but it has to go through some QA and whatever other stuff they can think of before it becomes what is actually shipped. And if you want to look at that? well, then if you should find any problems they'll just have to go through QA again, won't they?

I've seen it many times. No surprise here.

How to prove the source code maps to the binary? (4, Insightful)

Vellmont (569020) | about 3 months ago | (#47366225)

So.. Microsoft let governments of the world look at the source code at your special center, and then double-dog-swears that there's nothing fishy going on between then, and compiling the source code, like say a patch applied somewhere in the build process? Riiiight.

If you WERE to put a backdoor in, that's probably how it'd be done. Would you really want a backdoor explicitly in the code for a developer to find? Of course not, you'd put in something only a few people know about. The secret to secret keeping is limiting the amount of people who know.

The other way to hide the backdoor is to make it a hard to find bug. Plausible deniability is quite high.

I have to believe this is good news though. It means a lot of foreign governments are suspicious of closed source software, to the point where Microsoft has had to announce a plan to make their code however less closed source.

Re:How to prove the source code maps to the binary (1)

AHuxley (892839) | about 3 months ago | (#47366319)

Its the old crypto hardware trick. You can look at all the messages as sent you like. Its encryption perfection for that decade/generation.
The plain text is from the tempest (emission security) friendly keyboard.
The only magic is getting your gov to buy the system and then use it for years :)
ie buying the system is the way in. Every trapdoor and backdoor is crafted around what the buyer might be aware of.

Re:How to prove the source code maps to the binary (0)

Anonymous Coward | about 3 months ago | (#47366333)

Regarding your last point, are they actually suspicious of closed source, or just suspicious of US based companies? And are they actually suspicious or just claiming suspicion as a front for a trade barrier? A Transparency Center might not need to actually placate suspicion, it may simply need to counter a hostile talking-point.

Re:How to prove the source code maps to the binary (1)

jlb.think (1719718) | about 3 months ago | (#47366623)

For smaller governments, below he the bottom three or more, you would be quite right. In total though, they have to trust whatever the fuck they use.

One NSA letter will negate all of this (1)

Anonymous Coward | about 3 months ago | (#47366241)

This is nothing more than security theater. We know of the NSA_KEY in Windows 95. All they need to do is to give Microsoft an NSA letter to install backdoors and they will do so. Just like Google and everyone else. I am surprised that anyone would fall for this.

Re:One NSA letter will negate all of this (1)

SuricouRaven (1897204) | about 3 months ago | (#47366999)

No such thing as an 'NSA letter' - you're thinking of a National Security Letter, the super-secret demands that are so classified recipients aren't even permitted to tell their own lawyers they received one.

Nice Strategy Attempt (1)

rmdingler (1955220) | about 3 months ago | (#47366275)

That is a great PR move, since the US government has recently been as effective as the New Coke campaign at promoting US companies abroad.

Intended Consequence? (0)

Anonymous Coward | about 3 months ago | (#47366277)

So governments can review Microsoft source code for back doors, great.

But:
1/ How can observers know that the source code shown results in the compiled binary sold.
2/ How can observers know that when compiled the compiler does not introduce vulnerabilities.
3/ Would not a malicious observer use the knowledge of the source to look for vulnerabilities for their intelligence agencies to exploit later.
4/ As a private citizen how can I be assured of or against all the above if I and a number of expert friends cannot also look at the source.

This is why I now only use open source.

BTW Microsoft already lets the US government look at its source code for "security assurance reasons", and of course nobody shares that information with the NSA do they.

Re:Intended Consequence? (2, Insightful)

exomondo (1725132) | about 3 months ago | (#47366335)

1/ How can observers know that the source code shown results in the compiled binary sold.

Compile the code and compare the binaries?

2/ How can observers know that when compiled the compiler does not introduce vulnerabilities.

Same way you would for open source software: inspect the compiler code.

3/ Would not a malicious observer use the knowledge of the source to look for vulnerabilities for their intelligence agencies to exploit later.

Maybe.

4/ As a private citizen how can I be assured of or against all the above if I and a number of expert friends cannot also look at the source.

You can't, but then you can't practically do it in the open source world either, at some point you have to trust somebody, if you don't then the simple answer is don't use the product. I inspect a lot of open source software but it's mostly for interest sake, I don't pretend to understand the full scope of it, much less the 3rd party libraries or the compilers or OS I run it on or the drivers for the hardware or the physical hardware or the microcode within that hardware (where I can even get to it), you have to trust far to many people to consider things safe even when using open source software.

Re:Intended Consequence? (0)

Anonymous Coward | about 3 months ago | (#47366383)

> Compile the code and compare the binaries?

You can't compare binaries for Microsoft's attempt at a C compiler. If you use the /GS (IIRC) flag, Microsoft will insert a different random value just before the return address of a function so any buffer overrun will change it. We used to version our application by taking the MD5 hash of the binary. That hasn't worked for us since VisualStudio 2008.

Re:Intended Consequence? (1)

exomondo (1725132) | about 3 months ago | (#47366561)

You can't compare binaries for Microsoft's attempt at a C compiler. If you use the /GS (IIRC) flag, Microsoft will insert a different random value just before the return address of a function so any buffer overrun will change it.

/GS only allocates space for a random value, the random value isn't computed at compile time.

Re:Intended Consequence? (1)

cbhacking (979169) | about 3 months ago | (#47366859)

Correct! It would be a remarkably stupid stack canary (which is a security measure) otherwise. Since the value would be the same on everybody's computer, you'd only need to find it once and then when you overflow the buffer be sure to write the canary value back as it was!

Instead, getting past stack canaries is considerably more difficult than that. It's possible, of course, with the right vulnerabilities... but it's *harder* and sometimes a program that would be exploitable without them (using the vulnerabilities known at the time) just isn't exploitable with them.

Re:Intended Consequence? (1)

thegarbz (1787294) | about 3 months ago | (#47366841)

1/ How can observers know that the source code shown results in the compiled binary sold.

You don't. You never do. What you do is build a system on trust. However in the legal world there is a difference. If I give you a closed source binary with a back door I have all sorts of excuses for you. "Our code review system broke down." "It was an unpatched bug." "We assume no liability, you accepted our licence agreement, right?"

But if you look at the source code and determine yourself it's not backdoored, and yet I put a back door in the final product, that would be an incredibly clear cut case of criminal fraud.

Re:Intended Consequence? (1)

StripedCow (776465) | about 3 months ago | (#47366963)

/ How can observers know that the source code shown results in the compiled binary sold.
Compile the code and compare the binaries?

On your own hardware.
But, I guess, MS won't let them download the source code to their laptops, or these laptops would have to be destroyed after the review process.

Doesn't Matter (0)

Anonymous Coward | about 3 months ago | (#47366283)

It does not matter of you can't take that source code and compile it yourself.

What about everyone else? (1)

Required Snark (1702878) | about 3 months ago | (#47366373)

So they opened a transparency center for governments. What about some transparency for everyone else who uses their software? Or are we going to continue to be left in the dark?

To give some context into user's response to Microsoft's products, Windows 8 market share just decreased. [betanews.com] Comparative figures showed that Windows XP share went up. That's right, the just discontinued OS is doing better then they current system.

I can't help but point that this is one of a painful series of mistakes that all happen when Ballmer was in charge. The question for the future of Microsoft is whether he was in command so long that they will never recover.

This is stupid and dangerous (1)

Grindalf (1089511) | about 3 months ago | (#47366375)

Never give anyone so much as a glimpse of your source code unless you are writing open source software and you are part of an open source program. It's just not clever for a business person to do. You are throwing away the crown jewels! Let them guess. Let them “eat static.”

Seriously? (4, Insightful)

NewtonsLaw (409638) | about 3 months ago | (#47366401)

Who the hell is going to sit down and scan a few million lines of source code with Microsoft looking over your shoulder and hope to spot a backdoor or two in the process?

Even then, how can you be sure that the source code they show you is the stuff you're actually running?

What a PR stunt this is!

TLS? who cares? (-1, Redundant)

epyT-R (613989) | about 3 months ago | (#47366477)

Microsoft is still operating under NSL restraints. That means the NSA has the keys anyway.

Re:TLS? who cares? (0)

Anonymous Coward | about 3 months ago | (#47366625)

And it wouldn't matter even if the NSA didn't have the keys. Microsoft's ridiculous claim of end-to-end security is just throwing TLS around one of the connections -- which should have been there from day one anyhow, especially since they already require proprietary code to run at each end of the connection!

Imagine a courier handcuffed to a briefcase, but he takes off the handcuff and rifles through the briefcase every time he sits down. It defeats the *entire* purpose, by design. Use PGP (GPG), people. If your message *ever* touches a cloud unencrypted (which it does with Outlook.com), you may as well just publish it.

Re:TLS? who cares? (1)

arglebargle_xiv (2212710) | about 3 months ago | (#47366809)

Microsoft is still operating under NSL restraints. That means the NSA has the keys anyway.

TLS doesn't work that way, the implementation trusts, and uses, whatever keys it's told to trust (via certificates). And that's the problem, while most implementations will allow you to manage your own certs, for example by creating self-signed certs, the Windows implementation will only trust certs from commercial CAs. You know, Diginotar, Trustwave, Comodo, those sorts of guys. So you can't just generate and manage your own keys and certs but are forced to pay, and trust hundreds of external CAs to manage your certs (and by extension keys) for you.

Too little too late? (2)

erroneus (253617) | about 3 months ago | (#47366495)

1. Government shouldn't use anything proprietary and the US should follow its own rules (AMD exists because gov't rules requirements, why not Microsoft compatible-competitors?)
2. Vendor lock-in always leads to over-pricing and government waste (also, see #1)
3. Microsoft did a deal with the devil (US Government) and now wants to regain trust. Sorry Microsoft. Not going to work.

And did anyone miss the work facebook has been doing with government? Holy crap. Not only is their censorship completely to the left, they are conducting psych experiments at the request of the US government. I personally avoid the social networking sites and [almost] always have.

(I have used LinkedIn due in no small part to my previous employer reducing its staff by over 90% Oh yeah, now I can talk about it too! Turns out the Fukushima incident and subsequent lies, deception, inaccuracies and omissions run pretty deep and even found its way to my former employer, a Mitsubishi company. Anyway, LinkedIn... i was checking that from my mobile device and it made mobile pages unusable through CSS and insisted I use an app. I loaded the app and agreed to whatever and the next thing I knew LinkedIn grabbed my whole addressbook and pulled it into their servers. I can't say whether they used the data to spam others, but I can say they used it to "suggest links" to my profile. That's pretty dirty and disgusting.)

Trust is a difficult thing these days... a fragile thing. And I hope companies everywhere, large and small, learn that lesson. They can learn the hard way or they can be good and decent people asking themselves "would I want someone doing this to me?!" (Just like government gun confiscation -- the answer is NO. The government wouldn't allow the citizens to take their guns, so why should the citizens allow government to take theirs?) Of course, too few people care about golden rules of morality because the world is run by psychopaths. Psychopaths think they can just buy trust. That may have been true, but the pendulum has reached its furthest point and is about to swing back the other way. Microsoft and others are only now figuring that out.

Liars (0)

Anonymous Coward | about 3 months ago | (#47366539)

End-to-end encryption has a defined meaning. Transport Layer Security is not end-to-end encryption. TLS encrypts a single link in the chain of systems which handle email. At each point, the mail emerges unencrypted. In particular, mail is stored unencrypted at each mail hosting provider (or if it is stored encrypted, the mail provider has to have the keys and is thus vulnerable to exploits and government intervention). End-to-end encryption does not expose the mail unencrypted to any point between the initial sender and the final receiver. End-to-end is what keeps the spooks out. Wonder why Microsoft wants to erode the meaning of the term.

YOU 7AIL IT!! (-1)

Anonymous Coward | about 3 months ago | (#47366759)

this very moment, they're gone Came [amazingkreskin.com] can be like hand...don't again. t4ere are AMERICA) might be Rival distribution, *BSD is dying It is bunch of gay negros

Publicity stunt - not practical (1, Interesting)

bradley13 (1118935) | about 3 months ago | (#47366785)

This is nothing but a feel-good publicity stunt, designed to offset international suspicions that Microsoft works a little too closely with the NSA.

Pick your favorite product: Windows 7? Office? SQL Server? IIS? It doesn't matter, you are talking about millions of lines of source code. No government, or government contractor will have the expertise, time an money to analyze such a mass of code. They will be utterly dependent on Microsoft to point them to the core routines responsible for whatever they're interested in. Say, email encryption.

However, there is no way they will be able to verify that the code provided is really the code used, than no code called before or after it compromises the security, etc, etc.. It is also unlikely that they will update or repeat the audit with every new release, patch or update of the product.

Microsoft must be feeling the pinch - a few too many international contracts being cancelled...

What this is more likely about ... (1)

aaaaaaargh! (1150173) | about 3 months ago | (#47366847)

Microsoft is giving other governments the possibility to install their own backdoors by cooperating in special "transparency centers", provided they pay for it and are buying enough Microsoft products instead of switching to open source alternatives.

what a joke... (0)

Anonymous Coward | about 3 months ago | (#47366873)

M$ is loading their product with spyware for these guys - this is a non-story...

And who says that this is the real source? (0)

Anonymous Coward | about 3 months ago | (#47366907)

They'll hopefully also provide a full build environment to enable reviewers to rebuild the binaries from the vetted sources and compare them to the distribution binaries. As in the truecrypt analysis shown here: https://madiba.encs.concordia.ca/~x_decarn/truecrypt-binaries-analysis/

And then there remains the question if the build environment can be trusted as shown in kens hack: http://cm.bell-labs.com/who/ken/trust.html

Provenance matters (2)

Antique Geekmeister (740220) | about 3 months ago | (#47366921)

For highly reliable code, knowing that the code you review is the code you compile with is vital both for stability and security. This can't be done by visual inspection: it requires good provenance at every stage of the game.

This is actually a security problems with many opensource and freeware code repositories. The authors fail to provide GPG signatures for their tarballs, or to GPG sign tags for their code. So anyone who can steal access can alter the code at whim. And anyone who can forge an SSL certificate can replace the HTTPS based websites and cause innocent users to download corrupted, surreptitiously patched code or tarballs.

I'm actually concerned for the day that someone sets up a proxy in front of github.com for a localized man-in-the-middle attack to manipulate various targeted projects.

Standards are meant to be broken (0)

gringer (252588) | about 3 months ago | (#47367081)

Microsoft notes that it worked with multiple international companies to secure its version of the standard.

Ah, yes. Once again, Microsoft has their own special idea about how to extend a standard. Said like a true Microsoft employee (or paraphrased by someone with a strong reporting bias -- it doesn't seem to be phrased in this way in the original Microsoft post about encryption and transparency).

give up microsoft... (1)

Anonymous Coward | about 3 months ago | (#47367095)

...and just run on top of the Linux open source stack. Leave the kernel and security to the seasoned experts in the open source community. Contribute to Wayland or run your own graphical subsystem. (It can be closed source, not everyone is an opensource zealot.).

IMO the windows desktop is all anyone cares about - port it to Linux.

I don't see a problem with this.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>