Microsoft gives zero-day exploits to military before patching them: Report
Microsoft is allegedly handing over zero day exploits - digital threats which use previously unknown computer system vulnerabilities to compromise a network - to the U.S. government for use before the company patches the vulnerabilities.
Microsoft, of course, isn't the only tech firm to do this.
In a Bloomberg report by Michael Riley, thousands of tech, finance and manufacturing firms are allegedly working closely with U.S. security agencies, ranging from the National Security Agency and Federal Bureau of Investigation to the Central Intelligence Agency and the Department of Defense, to gather data and vulnerabilities which could be used by U.S. cyberwarfare units against potential adversaries.
Microsoft spokesman Frank Shaw told Bloomberg that these releases are done cooperatively with many agencies, giving the U.S. government an early start on risk assessment for previously unknown bugs.
Riley's other sources say these Internet and telecom companies don't share their customers' private communication, though some companies do share data and information which is stored in facilities offshore. If true, this would negate the need for a judge's order in order to acquire information which would otherwise require a warrant.
In return for providing such information, these companies receive unique benefits, like access to classified information on cyber attacks on their companies and other classified information. These companies are, allegedly, also given help to infiltrate and spy on competitors. Company executives are also given guaranteed immunity from any civil actions as a result of sharing data and information.
These details of U.S. and corporate cooperation on cybersurveillance could be immensely damaging to the U.S. tech industry. As Forbes notes, if customers can't trust U.S. tech firms - from router makers to cloud storage companies - to keep their information safe and confidential, then customers may have a massive crisis confidence, and opt to find more trustworthy companies overseas.
And this news doesn't help the U.S. in negotiations with China over alleged state-sponsored hacking units. President Barack Obama went to the public in February in order to shame apparent Chinese-sponsored hackers from attacking U.S. companies and government agencies. China rebuffed this claim, saying the U.S. government is responsible for far worse hacking operations, pointing towards the joint U.S.-Israel virus Stuxnet as an example.
It appears the Communist nation was just handed a few more examples.
Java Exploits Used In Zero-Day Attacks Now Patched
Adobe and Oracle issued critical updated to fix security holed in the Java software.
Google, Facebook and other tech firms ask permission to show they're not spying with NSA
Edward Snowden, in conjunction with The Guardian and The Washington Post, revealed that the NSA and the FBI have direct access to the servers of nine major tech firms. Those firms, however, deny this, and are asking the government for permission to prove it.
U.S. Government Becomes Biggest Malware Buyer, Stoking Fears Over Security
The U.S. government is buying software vulnerabilities and exploits, driving a massive underground market, but it isn't sharing its information with software companies. Cybersecurity experts worry an aggressive U.S. policy towards exploits could squelch attempts at building a strong cyber defense.
Microsoft Reportedly Working On iPad 'Touch Cover'
New documents reveal the existence of an "iPad Touch Cover" from Microsoft.
Surface Book vs Surface Pro vs Surface Laptop: A Guide To Buying Microsoft Computer
There are cheaper computers out there. But if you want one that combines the premium quality of an Apple device with the flexibility and touchscreen of a Windows 10 laptop, you should check out the Surface line first.
MORE IN ITECHPOST
6 Must-Take Steps to Protect Yourself from a Data Breach
A data breach can take place in many ways. Whether it involves gaining physical access to your laptop or a malicious cyberattack on your device, the safety of your data could be easily compromised at any time.
How Do Personal Emergency Response Systems Work?
Personal emergency response systems, known as PERS for short, are systems that help people to raise the alarm and get immediate help when a medical or personal emergency occurs. They are ideal for older people and anyone with a mobility issue or an injury or illness that can cause falls.
Eight Must-Have Tools to Keep Your Car Out of Garage
We all dread taking our car to a garage for repairs. We might just want to avoid the inconvenience of being off the road or maybe the costs associated, which can even lead to knock-on effects on things like our holiday plans.
6 Hacks for Students to Choose a Laptop While on a Budget
The modern world tries to drown us in the sea of choices. One can’t simply buy a laptop - there are hundreds of laptops around and sometimes our budget becomes the only real limitation we can rely on. But how to choose other parameters to get the best laptop possible?