So… Who would go to prison?

I would hope all Windows users are aware of the deliberate snooping built directly into Windows 10, and know not to “upgrade” to it. If not, the short form is that MicroNSA believes so strongly in the future of “cloud computing” that it’s going to make Win10 users do it whether they like it or not.

That’s bad.

Worse: It now appears that wasn’t good enough for the NSA’s corporate buttbuddy. They’re pushing a set of updates to Win7 and Win8 that implement some of the same file, email, browsing, and search data snooping to be found in 10.

If you must run Windows, do not upgrade to Windows 10. If you are running 7 or 8, turn off Automatic Updates immediately. Check your system (Control Panel=>Windows Updates=>View Update History) for the following updates:

  • KB3068708
  • KB3022345
  • KB3075249
  • KB3080149

Disable them.

If you aren’t on automatic, check the list of “Updates to install.” If you see them there, right-click on them and “Hide Update.”

Install Linux Mint and avoid this in the future. [grin]

Now about that “prison” reference. Imagine you work for a nursing company or in a doctor’s office. Imagine company IT hasn’t blocked these updates. Now imagine your machine reading emails about/to/from patients and forwarding the contents to Microsoft. The private HIPAA-protected contents.

Now imagine how huge a HIPAA violation that could potentially be. HIPAA violations can carry civil and criminal penalties, including fines as high as $1.5 megabucks.

That’s just in the medical field. Attorney/client privilege information can be breached, too. Or just corporate proprietary data. Can you say, “Liability”? Sure, you can.

Heh. Now imagine you’re a dishonest Secretary of State running classified email through a Windows machine… which helpfully forwards the TS/SCI data to Microsoft in violation of the Espionage Act. China wishes it could rootkit machines as extensively as MS. Hell, the FBI and NSA would probably be willing to pay MS beaucoup bucks for this surveillance functionality. Maybe they did. [/tinfoil hat off]

Advertisements

4 thoughts on “So… Who would go to prison?

  1. wdg3rd August 31, 2015 / 1:24 am

    Watson, you know my methods. I first installed SLS Linux in March 1993. I do have a Windows partition on one of my laptops so I can boot something “approved” when arguing with Comcast tech support.

    Like

  2. TRX September 1, 2015 / 9:41 am

    Long ago, before HIPAA, I worked in IT at a healthcare provider whose internal network was bridged over into a public network. This had been done long before, and my attempts to segment the provider’s network away from the outside world were bitterly opposed by two different competing IT departments (yes, it was that kind of outfit…) and almost all of the corporate higher-ups.

    I finally dragged one of the IT directors aside and said, “You know we have $EVIL_HARRIDAN’s medical records exposed to the internet, right?”

    “Nobody’s ever going to find them.”

    “Your name is at the top of the org chart. Remember Vince Foster?”

    A few months later – practically instantaneously by corporate standards – I was allowed to implement some basic segmentation and security measures.

    Like

    • Bear September 1, 2015 / 12:01 pm

      Hmm. I suppose in that case, prison might be the safer alternative.

      Like

      • wdg3rd September 1, 2015 / 10:52 pm

        She has connections in the prison systems. A few behind bars, but most behind desks.

        Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s