Tag Archives: windows 8

ShadowBrokers Releases NSA UNITEDRAKE Manual

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2017/09/shadowbrokers_r.html

The ShadowBrokers released the manual for UNITEDRAKE, a sophisticated NSA Trojan that targets Windows machines:

Able to compromise Windows PCs running on XP, Windows Server 2003 and 2008, Vista, Windows 7 SP 1 and below, as well as Windows 8 and Windows Server 2012, the attack tool acts as a service to capture information.

UNITEDRAKE, described as a “fully extensible remote collection system designed for Windows targets,” also gives operators the opportunity to take complete control of a device.

The malware’s modules — including FOGGYBOTTOM and GROK — can perform tasks including listening in and monitoring communication, capturing keystrokes and both webcam and microphone usage, the impersonation users, stealing diagnostics information and self-destructing once tasks are completed.

More news.

UNITEDRAKE was mentioned in several Snowden documents and also in the TAO catalog of implants.

And Kaspersky Labs has found evidence of these tools in the wild, associated with the Equation Group — generally assumed to be the NSA:

The capabilities of several tools in the catalog identified by the codenames UNITEDRAKE, STRAITBAZZARE, VALIDATOR and SLICKERVICAR appear to match the tools Kaspersky found. These codenames don’t appear in the components from the Equation Group, but Kaspersky did find “UR” in EquationDrug, suggesting a possible connection to UNITEDRAKE (United Rake). Kaspersky also found other codenames in the components that aren’t in the NSA catalog but share the same naming conventions­they include SKYHOOKCHOW, STEALTHFIGHTER, DRINKPARSLEY, STRAITACID, LUTEUSOBSTOS, STRAITSHOOTER, and DESERTWINTER.

ShadowBrokers has only released the UNITEDRAKE manual, not the tool itself. Presumably they’re trying to sell that

Zero-Day Vulnerabilities against Windows in the NSA Tools Released by the Shadow Brokers

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2017/07/zero-day_vulner.html

In April, the Shadow Brokers — presumably Russia — released a batch of Windows exploits from what is presumably the NSA. Included in that release were eight different Windows vulnerabilities. Given a presumed theft date of the data as sometime between 2012 and 2013 — based on timestamps of the documents and the limited Windows 8 support of the tools:

  • Three were already patched by Microsoft. That is, they were not zero days, and could only be used against unpatched targets. They are EMERALDTHREAD, EDUCATEDSCHOLAR, and ECLIPSEDWING.
  • One was discovered to have been used in the wild and patched in 2014: ESKIMOROLL.

  • Four were only patched when the NSA informed Microsoft about them in early 2017: ETERNALBLUE, ETERNALSYNERGY, ETERNALROMANCE, and ETERNALCHAMPION.

So of the five serious zero-day vulnerabilities against Windows in the NSA’s pocket, four were never independently discovered. This isn’t new news, but I haven’t seen this summary before.

An Open Letter To Microsoft: A 64-bit OS is Better Than a 32-bit OS

Post Syndicated from Brian Wilson original https://www.backblaze.com/blog/64-bit-os-vs-32-bit-os/

Windows 32 Bit vs. 64 Bit

Editor’s Note: Our co-founder & CTO, Brian Wilson, was working on a few minor performance enhancements and bug fixes (Inherit Backup State is a lot faster now). We got a version of this note from him late one night and thought it was worth sharing.

There are a few absolutes in life – death, taxes, and that a 64-bit OS is better than a 32-bit OS. Moving over to a 64-bit OS allows your laptop to run BOTH the old compatible 32-bit processes and also the new 64-bit processes. In other words, there is zero downside (and there are gigantic upsides).

32-Bit vs. 64-Bit

The main gigantic upside of a 64-bit process is the ability to support more than 2 GBytes of RAM (pedantic people will say “4 GBytes”… but there are technicalities I don’t want to get into here). Since only 1.6% of Backblaze customers have 2 GBytes or less of RAM, the other 98.4% desperately need 64-bit support, period, end of story. And remember, there is no downside.

Because there is zero downside, the first time it could, Apple shipped with 64-bit OS support. Apple did not give customers the option of “turning off all 64-bit programs.” Apple first shipped 64-bit support in OS X 10.6 Tiger in 2009 (which also had 32-bit support, so there was zero downside to the decision).

This was so successful that Apple shipped all future Operating Systems configured to support both 64-bit and 32-bit processes. All of them. Customers no longer had an option to turn off 64-bit support.

As a result, less than 2/10ths of 1% of Backblaze Mac customers are running a computer that is so old that it can only run 32-bit programs. Despite those microscopic numbers we still loyally support this segment of our customers by providing a 32-bit only version of Backblaze’s backup client.

Apple vs. Microsoft

But let’s contrast the Apple approach with that of Microsoft. Microsoft offers a 64-bit OS in Windows 10 that runs all 64-bit and all 32-bit programs. This is a valid choice of an Operating System. The problem is Microsoft ALSO gives customers the option to install 32-bit Windows 10 which will not run 64-bit programs. That’s crazy.

Another advantage of the 64-bit version of Windows is security. There are a variety of security features such as ASLR (Address Space Layout Randomization) that work best in 64-bits. The 32-bit version is inherently less secure.

By choosing 32-bit Windows 10 a customer is literally choosing a lower performance, LOWER SECURITY, Operating System that is artificially hobbled to not run all software.

When one of our customers running 32-bit Windows 10 contacts Backblaze support, it is almost always a customer that did not realize the choice they were making when they installed 32-bit Windows 10. They did not have the information to understand what they are giving up. For example, we have seen customers that have purchased 8 GB of RAM, yet they had installed 32-bit Windows 10. Simply by their OS “choice”, they disabled about 3/4ths of the RAM that they paid for!

Let’s put some numbers around it: Approximately 4.3% of Backblaze customers with Windows machines are running a 32-bit version of Windows compared with just 2/10ths of 1% of our Apple customers. The Apple customers did not choose incorrectly, they just have not upgraded their operating system in the last 9 years. If we assume the same rate of “legitimate older computers not upgraded yet” for Microsoft users that means 4.1% of the Microsoft users made a fairly large mistake when they choose their Microsoft Operating System version.

Now some people would blame the customer because after all they made the OS selection. Microsoft offers the correct choice, which is 64-bit Windows 10. In fact, 95.7% of Backblaze customers running Windows made the correct choice. My issue is that Microsoft shouldn’t offer the 32-bit version at all.

And again, for the fifth time, you will not lose any 32-bit capabilities as the 64-bit operating system runs BOTH 32-bit applications and 64-bit applications. You only lose capabilities if you choose the 32-bit only Operating System.

This is how bad it is -> When Microsoft released Windows Vista in 2007 it was 64-bit and also ran all 32-bit programs flawlessly. So at that time I was baffled why Microsoft ALSO released Windows Vista in 32-bit only mode – a version that refused to run any 64-bit binaries. Then, again in Windows 7, they did the same thing and I thought I was losing my mind. And again with Windows 8! By Windows 10, I realized Microsoft may never stop doing this. No matter how much damage they cause, no matter what happens.

You might be asking -> why do I care? Why does Brian want Microsoft to stop shipping an Operating System that is likely only chosen by mistake? My problem is this: Backblaze, like any good technology vendor, wants to be easy to use and friendly. In this case, that means we need to quietly, invisibly, continue to support BOTH the 32-bit and the 64-bit versions of every Microsoft OS they release. And we’ll probably need to do this for at least 5 years AFTER Microsoft officially retires the 32-bit only version of their operating system.

Supporting both versions is complicated. The more data our customers have, the more momentarily RAM intensive some functions (like inheriting backup state) can be. The more data you have the bigger the problem. Backblaze customers who accidentally chose to disable 64-bit operations are then going to have problems. It means we have to explain to some customers that their operating system is the root cause of many performance issues in their technical lives. This is never a pleasant conversation.

I know this will probably fall on deaf ears, but Microsoft, for the sake of your customers and third party application developers like Backblaze, please stop shipping Operating Systems that disable 64-bit support. It is causing all of us a bunch of headaches we do not need.

The post An Open Letter To Microsoft: A 64-bit OS is Better Than a 32-bit OS appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

Release 4.3.0 – The Rollover Release

Post Syndicated from Andy Klein original https://www.backblaze.com/blog/backblaze-release-4-3-0/


The current version of the Backblaze Personal Backup and Backblaze Business Backup applications is being updated to 4.3.0.1 on the PC and 4.3.0.2 on the Mac.

The list of fixes, changes, and updates is as follows:

  1. Update the version number to 4.3.0.
  2. Roll the build number back to start at 1.
  3. End of list.

If you are the curious type, you might have a question or two as to why we updated the version number and build number and nothing else. Here’s the story…

The tale begins over 9 years ago as Brian, Damon and others were crafting the code that would become Backblaze Online Backup 1.0. In the furious development cycles that usually accompany a version 1.0 product, some decisions are made that will have to be reconsidered at a later time. That’s normal. So why does that matter? We’ll start by breaking down a version number, for example, 4.2.0.989. Each version number is divided into four separate parts:

  • The “4” is the major release number and changes to this number are owned by Marketing. It reflects a major change to the product with lots of updates and added functionality. Marketing people get really excited when this number changes as they have lots to talk about.
  • The “2” is a minor release and changes to this number are also owned by Marketing. It reflects a minor change to the product that is usually limited to minor enhancements and updates to existing features. It is a marketing faux pas to get too excited about minor changes, but you still need to communicate the update to customers.
  • The “0” is a fix release and changes to this number are owned by Engineering. They change this number when they add a small fix to the product, like correcting a misspelled word or updating a graphical element. For example, the Backblaze flame icon on Mac Retina displays looks squished and needs a quick code update to fix it.
  • The “989” is the build number and changes to this number are owned by Engineering. Each time the engineering group does a build during the development process this number is incremented. The build number is at the core of this update.

Each of the four parts of the version number is something we decide, there is no concept of version number addition that underlies everything. For example, if we have a product version of 9.9.1.123 and we issue a minor release update, then the new release can be 9.10.1.123. We don’t have to “carry the one” to the left. We can also jump numbers, going from 4.2.0 to 5.0.0 all at once for example. It all depends on what we think has changed in the product each time we announce the latest version.

The Build Number

Nine years ago, when Brian and Damon were building the first version of Backblaze, it was incomprehensible for them to think they would have to build another 999 versions, but here we are.

Building a thousand versions of anything seems ridiculous, but first consider that we have two platforms, Mac and PC, and they have different build numbers. PC build numbers are odd numbers and Mac build numbers are even. That makes it about 500 builds for each platform, although many of those builds are not made public. Why?

Let’s say the PC client development group is working on build 631. Each developer turns in their code, and build 631 is built. This is the first time all that code is together. While integration testing was done prior to the build, sometimes things don’t quite play nicely together once a build occurs, so it’s on to build 633, then 635, and so on. It could easily be build 661 that eventually gets published as a public release.

The Backblaze client software also integrates with our backend servers and our website. Different teams work on these systems and sometimes, even if the client code is perfect, it doesn’t mesh with the server code and something breaks. This usually entails a meeting or two to discuss the issue and sometimes a new client build is the answer.

So after 9 plus years we’ve used nearly 1,000 build numbers.

Just Use a Four Digit Build Number

Using four digits may seem like the obvious answer, but 9 years ago, the decision was made to use three digits for the build number. There is no fourth digit to use. There’s another thing to know. When you update from one version of the product to another, you can only go up in version numbers – not down. So going from 4.2.0.990 to 4.2.0.998 is OK, but going from 4.2.0.990 to 4.2.0.2 will not work. This seems logical, but it plays a part in the 4-digit dilemma, as we’ll see.

Suppose we change the code in the product today so the build number can be four digits. That change is only in the product versions built from that point forward. None of the existing copies of the product in the field would understand four digits. When they got to build 999 and were told the next version was 1001, they would only see version 001 (3 digits). Determining that 001 is less than 999 they would not go backward and as a consequence, they would not update to the next version.

We could build, for example, version 995 with the 4-digit code changes and then get everyone to upgrade to build 995. That would be nirvana, but in practice it would create a ton of headaches. Why? Not everyone updates their copy of Backblaze to the latest version. Crazy, I know, but true. Even when we auto-update everyone, there are some laggards.

One reason for the laggards is anti-virus programs. We have a good relationship will all the major anti-virus vendors. We sign our binaries and follow all the rules for a good application. Still, there are some lesser-known anti-virus vendors that just don’t care. They won’t allow Backblaze to be updated at all or at the very least without extensive user intervention. If the user doesn’t take the actions needed, the Backblaze update is not installed. Whether it is because of an anti-virus block or some other reason, older versions of the Backblaze application are out there. That means if we produced the magical version 995 noted above, some customers would not update to it. Knowing that, if we did go to a four digit build number, those laggards would not be able to update to the latest version – ever.

Three Digits it is

Based on the way the update process works, you may be confused as to why changing the version number from 4.2.0.990 to 4.3.0.2 would work. It is because we evaluate the version number from left to right to decide which one is newer. For example, 5.0.0.2 is newer than 4.5.1.990 as the first part is greater and the update works. This means that changing from 4.2.0.990 to 4.3.0.2 would update as the “3” in the second part of the version number is greater than the “2”.

Why not just change the version from 4.2.0.990 to 4.2.1.2? We considered doing this, but thought the build number (the fourth part of the version number) rolling over would be noticed and we wanted to make sure people understood the change. We decided to treat this release like a minor product update and let marketing do their thing. We could have decided this was a major product update and pushed the version to 5.0.0.1, but we thought that was a bit over the top.

So, after 9 years, 1,000 builds, and over 1,000 words in this blog post, it is time to start over – 4.3.0.1 and 4.3.0.2 are here. We are now ready for another 9 years of product builds with actual updates and fixes in them. Enjoy.

Release Versions:

  • PC – 4.3.0.1
  • Mac – 4.3.0.2

Release Date: 12/15/2016

Upgrade Methods:

Cost: Free as an update for all active Backblaze customers and active trial users.

Supported Platforms:

Version 4.3 can be installed and is supported on the following operating systems:

  1. Mac OS 10.6 or higher
  2. Windows XP (32-bit)
  3. Windows Vista (32 & 64-bit)
  4. Windows 7 (32 & 64-bit)
  5. Windows 8 (32 & 64-bit)
  6. Windows 10 (32 & 64-bit)

Questions: Please contact Backblaze support at: https://www.backblaze.com/help.html

The post Release 4.3.0 – The Rollover Release appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

Microsoft Breaks Network Connectivity For Windows 8 & 10 Users

Post Syndicated from Darknet original http://feedproxy.google.com/~r/darknethackers/~3/sqgF_6-xh3M/

Microsoft breaks network connectivity for many Windows 8 and 10 users just in time for Christmas – what a lovely gift. It’s related to the network stack (obviously) but seems to be specific to DHCP, so if you statically assign your LAN addresses (like most of us probably do) then you’ll be alright. And if […]

The post Microsoft Breaks…

Read the full post at darknet.org.uk