Windows' error- and crash-reporting system sends a wealth of data unencrypted and in the clear, information that eavesdropping hackers or state security agencies can use to refine and pinpoint their attacks, a researcher said.
Not coincidentally, recently the popular German newsmagazine Der Spiegel reported that the U.S. National Security Agency (NSA) collects Windows crash reports from its global wiretaps to sniff out details of targeted PCs, including the installed software and operating systems, down to the version numbers and whether the programs or OSes have been patched; application and operating system crashes that signal vulnerabilities that could be exploited with malware; and even the devices and peripherals that have been plugged into the computers.
"This information would definitely give an attacker a significant advantage. It would give them a blueprint of the [targeted] network," said Alex Watson, director of threat research at Websense, which published preliminary findings of its Windows error-reporting investigation. Watson will present Websense's discovery in more detail at the RSA Conference in San Francisco on February 24.
Sniffing crash reports using low-volume "man-in-the-middle" methods—the classic is a rogue Wi-Fi hotspot in a public place—wouldn't deliver enough information to be valuable, said Watson, but a wiretap at the ISP level, the kind the NSA is alleged to have in place around the world, would.
To read this article in full or to leave a comment, please click here
ConversionConversion EmoticonEmoticon