Archive for March 20, 2017

Is Wikileaks Blackmailing Tech Companies For CIA Hacking Details?… Good Question…

Posted in Commentary with tags on March 20, 2017 by itnerd

Wikileaks had the chance to become a bit of a hero by standing by its pledge to release details of the various CIA hacking techniques that it acquired. But it seems to have have decided that blackmailing the tech industry is far more important. Here are the details from Motherboard:

Wikileaks this week contacted major tech companies including Apple and Google, and required them to assent to a set of conditions before receiving leaked information about security “zero days” and other surveillance methods in the possession of the Central Intelligence Agency… Wikileaks’ demands remain largely unknown, but may include a 90-day deadline for fixing any disclosed security vulnerabilities. According to Motherboard’s sources, at least some of the involved companies are still in the process of evaluating the legal ramifications of the conditions.

Now, if Wikileaks is asking for a 90 day deadline to force these companies to fix these issues in a timely manner, that would be in line with responsible disclosure efforts like Project Zero. Thus there would be nothing to see here. However if there’s more to it, that will not inspire confidence.

Of course the cynic in me also sees this as some sort of litmus test. As in, they’re trying to see who’s potentially in bed with the CIA, or the Kremlin, or anyone else. After all, if you are a tech company and you have a bug out there that’s part of this dump, you’d think that you want to fix it ASAP. Unless you’re working with those who are spying on their citizens, or others, or both.

Other than the above reasons, I struggle to see a good faith reason for WikiLeaks to require agreement to any terms before they tell tech companies about these flaws. It gives the impression that they want the bugs to stay open and/or have a political stick to beat the vendors with. Perhaps it would be simpler for them to say “here’s the bugs we found in the documents that we got. Prove to us that they’re fixed or going to be fixed in 90 days or we go public with them” and leave it at that. The mystery over whatever else they want isn’t helpful IMHO.

Advertisements

Microsoft To Once Again Force Windows 10 Updates Upon You

Posted in Commentary with tags on March 20, 2017 by itnerd

Those who are brave enough to be part of the Windows 10 Insiders Program which gives you access to the latest versions of Windows 10, one of which is due in April, have spotted something that is sure to upset a lot of Windows users. The details first popped up on Windows Supersite where people noticed in the updates section of the control panel, it says this:

“We’ll automatically download and install updates, except on metered connection (where charges may apply). In that case, we’ll only download those updates required to keep Windows running smoothly,”

So… What that means is I get force fed some updates that Microsoft feels are required, or I get force fed everything. Lovely. When Windows Supersite asked the folks in Redmond about this, here’s what they said:

“We don’t plan to send large updates over metered connections, but could use this for critical fixes if needed in the future.”

Clear as mud. No?

Here’s the thing. I have said that users should be installing updates to whatever OS they use. Mac, Windows, Linux, whatever. The thing is users should be in control of that. This model has Microsoft in control. That has led to me making a fair amount of money from people who have had automatic updates on Windows 10 go horribly sideways. There’s something fundamentally wrong with that as frankly, I should not be making money in that scenario because users should have the choice to install updates when and how they choose to. Simply force feeding updates down people’s throats in whole or in part is just an #EpicFail waiting to happen. In fact, I can think of this occasion where it already has happened.