Microsoft Opens 'Transparency Center' For Governments To Review Source Code

MojoKid writes with news that Microsoft has announced the opening of a 'Transparency Center' at their Redmond campus, a place where governments who use Microsoft software can come to review the source code in order to make sure it's not compromised by outside agencies. (The company is planning another Transparency Center for Brussels in Belgium.) In addition, Microsoft announced security improvements to several of its cloud products: As of now, Outlook.com uses TLS (Transport Layer Security) to provide end-to-end encryption for inbound and outbound email — assuming that the provider on the other end also uses TLS. The TLS standard has been in the news fairly recently after discovery of a major security flaw in one popular package (gnuTLS), but Microsoft notes that it worked with multiple international companies to secure its version of the standard. Second, OneDrive now uses Perfect Forward Secrecy (PFS). Microsoft refers to this as a type of encryption, but PFS isn't a standard like AES or 3DES — instead, it's a particular method of ensuring that an attacker who intercepts a particular key cannot use that information to break the entire key sequence. Even if you manage to gain access to one file or folder, in other words, that information can't be used to compromise the entire account.

What's the point?

Governments shouldn't be using closed source garbage to begin with. It just locks them into a specific company and keeps them at their mercy, not to mention that even if the government reviews the source, the public can't do the same. Not a good message to send.

Re:What's the point?

[AHuxley]

At least then its your own countries option. No colonial box or product to buy, then rent support for and beg for fixes.
A domestic IT project at least offers your best experts to set standards and review the code.
Other nations do not all fail at complex math, code, design or funding.
Other nations may try to keep 5+ other countries out of a networked product as delivered.

Re:What's the point?

[dotancohen]

Governments shouldn't be using closed source garbage to begin with. It just locks them into a specific company and keeps them at their mercy, not to mention that even if the government reviews the source, the public can't do the same. Not a good message to send.

Actually, the _real_ point here is that Microsoft is now implying, quite strongly, that open-source software is preferable for security, privacy, and other sensitive purposes.

I hope the governments and other entities that this program targets are smart enough to read between the lines.

Re:What's the point?

[Dr_Barnowl]

And who says they build their binaries from those sources? The backdoors are probably kept in a separate branch and merged with the release branch at build time...

Re:What's the point?

[jenningsthecat]

And who says they build their binaries from those sources? The backdoors are probably kept in a separate branch and merged with the release branch at build time...

This, exactly. Now if Microsoft allowed governments to build their own binaries from the source they had just finished reviewing, there might be some reassurance that this isn't just a smoke-and-mirrors act. Then again, the toolchain might be compromised. Somehow I don't think MS will allow governments to have access to the toolchain sources as well. And even if they did, I suspect most governments don't have the resources to conduct such a comprehensive review.

Re:What's the point?

[Dr_Barnowl]

If you ask any IT team lead, the real reason is the usability and it-just-works qualities of the software.

If you ask most IT team leads, the real reason is that they know that users in general treat computers like voodoo - perform a particular ritual a particular way, and you get the desired outcome. This lack of mental flexibility means that when someone learns a particular GUI they are not keen to change to a new one - which is the reason you get exactly the same inertia about switching to a new version of MS Office (vis: all that Ribbon hoo-hah) that you do for switching to another OS (with it's other applications with other GUIs).

This is the "usability" part of that statement. That's the reason that people railed so heaviliy against Windows 8. Why do you think MS invest so heavily in giving copies of their software to schools? Get those GUI rituals in peoples heads.

As for it-just-works... MS software does plenty of infuriating and irritating does-not-just-work things.

* Linux : I can move a file while I have it open in an editor, and saving the file in the editor saves to the new location
* Windows : Won't let you move the file

Microsoft would solely have to lean on selling support and consultation services after that.

I can imagine that terrifies them ; presently, even if you pay for support, you get very little. You get better support for Windows and other MS software from the community. With popular OSS projects, you typically get good support from both the community and the authors, AND you get the ability to look at the source code to understand your problem better or even fix it (or hire a contractor to do this). This is one of the cornerstones of why I use OSS wherever possible in my technology stack - the larger the software company gets, the less my problems matter to them. IBM manages just fine in this model.

Windows works today, out of the box.

This is so untrue on so many levels.

When I install Linux, it usually takes about 20 minutes, with no driver downloads (because I do my homework and buy compatible hardware). Most distro's leave you with a machine that has a bunch of useful applications, out of the box.

With Windows, I've had to hunt for drivers, download drivers, slipstream special drivers into special install disk images (so that the install can proceed far enough for the real drivers to be installed...). This is for machines that were sold with Windows and provided with install images. It literally took me all night to reinstall my wife's laptop (reboot! reboot! reboot!) after her office decided that because the Linux install didn't support their proprietary disk encryption program it wasn't suitable (never mind that it had perfectly good encryption on it anyway). And that's just for the core OS, never mind the vast list of applications that you have to add to make it even marginally useful.

At that moment, the Linux guy will still be applying various fancy patches and trying out different distro and desktop environment combinations to see which works best.

I use Linux for all my real, productive work on a daily basis, use stock packages for the vast majority of things, use the standard Ubuntu image, again, out of the box, without doing anything to it bar installing packages and configuring a few of the options a little.

Unlike Windows, I don't need to tweak my install ; If I move to another machine (say, a hardware replacement cycle), I can literally move the disk from one machine to another and keep on trucking - Windows throws the most epic tantrum imaginable if you try that. If I want to go crazy and upgrade to a new version of the OS, I back up my home folder, install the new OS, install the packages I had before with a single command, restore my home folder and move over most of my files and config folders... and I'm off again. Again, if you try that on Windows, you're screwed, because mo

Code vs Binaries: Big Difference

Who cares if you can look at the code? What matters is what you're running.

Looking at the code gives you nothing if you can't compile it to the exact same binary that you are running.

And even if they let you do that... you still need to trust the compiler, and the compiler that compiled that compiler, etc.

...and..

[JustNiz]

>> a place where governments who use Microsoft software can come to review the source code

Where's the proof that the source code you see is exactly the same as that which gets compiled to make the Windows you buy?

Also does anyone else find it as highly suspicious as me that this center is only open to governments?

How to prove the source code maps to the binary?

[Vellmont]

So.. Microsoft let governments of the world look at the source code at your special center, and then double-dog-swears that there's nothing fishy going on between then, and compiling the source code, like say a patch applied somewhere in the build process? Riiiight.

If you WERE to put a backdoor in, that's probably how it'd be done. Would you really want a backdoor explicitly in the code for a developer to find? Of course not, you'd put in something only a few people know about. The secret to secret keeping is limiting the amount of people who know.

The other way to hide the backdoor is to make it a hard to find bug. Plausible deniability is quite high.

I have to believe this is good news though. It means a lot of foreign governments are suspicious of closed source software, to the point where Microsoft has had to announce a plan to make their code however less closed source.

Re:Somebody has to do it

[Anubis+IV]

The TL;DR version for folks who haven't seen it before or don't want to read it (which you really should do): just because the source is trustworthy doesn't mean the binaries are. The process to accomplish this sort of attack is fairly straightforward:
1) Modify, say, the compiler's source code so that it adds backdoors to some/all of the code it compiles.
2) Compile it, then replace the clean binary for the compiler with this new, tainted binary.
3) Revert the changes to the compiler's source code, erasing any evidence of wrongdoing.

By itself, that doesn't create a backdoor, but anything compiled using the tainted binary could potentially have a backdoor secretly added, even though the source code for both that code and the compiler would appear to be perfectly clean. The problem could be very hard to discover or pin down as well, only manifesting when a particular file is getting compiled, or even a particular line of code.

I think most of us are already familiar with this sort of attack, but it's worth repeating, since it's exactly the sort of thing that Microsoft's "Transparency Centers" don't address, and exactly the sort of thing we'd be expecting a government to be doing.

Re:Who thinks up these names?

"Perfect Forward Secrecy" is a standard term in cryptography. It seems to have been introduced by Diffie, van Oorschot, and Weiner in their paper Authentication and Autheticated Key Exchanges.

The description of Perfect Forward Secrecy in the summary seems pretty confused. A cryptographic protocol has perfect forward secrecy if the only long-term key pair is used solely for authentication; that is to protect against man in the middle attacks and the like. Since you can't perform a man in the middle attack once the message has been transmitted, this means that compromise of the private key only jeopardizes future communications. In contrast, if a service uses RSA or ElGamal in the usual manner, then once the private key is compromised (e.g. via a Heartbleed like vulnerability), then all messages ever transmitted can be decrypted using this private key.

Seriously?

[NewtonsLaw]

Who the hell is going to sit down and scan a few million lines of source code with Microsoft looking over your shoulder and hope to spot a backdoor or two in the process?

Even then, how can you be sure that the source code they show you is the stuff you're actually running?

What a PR stunt this is!

Re:Better way for Microsoft to earn trust

[exomondo]

Hundreds of legacy code developed for Windows platform using Windows development tools run only on XP and are not supported by 7 or 8.

So not only have you tied yourself to a particular version of a proprietary OS that - as we all know from previous experience - has a limited lifetime but you chose to do that by using proprietary software that won't run on anything else and you didn't think there might be a problem with that? Seriously? If you cut corners then you're going to get burned.

Somebody much smarter than you, dbIII

[cbhacking]

The summary's description of PFS is a complete clusterfuck, of course (this is /. so *obviously* the summary is going to be technically inaccurate, right?). Yours (LordLimecat) is more accurate, but the full concept isn't that hard so I'll explain it below.

First, some quick basics of TLS (I'm leaving out a lot of details; do *NOT* try to implement this yourself!):

• A server has a public key and a private key for an asymmetric cipher, such as RSA.
• When a client connects, the server sends their public key to the client. The public key is used to authenticate the server, so the client knows their connection wasn't intercepted or redirected.
• The client can also encrypt messages using the public key, and only the holder of the private key (the server) can decrypt those messages.
• Because RSA and similar ciphers are slow, TLS uses a fast, symmetric cipher (like AES or RC4) for bulk data.
• Before bulk data can be sent, the client and the server need to agree on a symmetric cipher and what key to use.
• The process of ensuring that both parties have the same symmetric key is called Key Exchange.
• Obviously, the key exchange itself needs to be protected; if the key is ever sent in plaintext, an attacker can decrypt the whole session.

Here's the scenario where PFS matters, and why it is "perfect":

• SSL/TLS (same concept, just different versions of the protocol really) is being used to secure connections.
• An attacker (think NSA) has been recording the encrypted traffic, and wants to decrypt it.
• The attacker has a way to get the private key from the server (a bug like Heartbleed, or possibly just a NSL).

Here's where it gets interesting:

• Without PFS (normal SSL/TLS key exchanges), the key exchange is protected using the same kind of public-key crypto used to authenticate the server. Therefore, without PFS, our attacker could use the private key material to either decrypt or re-create the key, and decrypt all the traffic.
• With PFS, the key exchange is done using randomly generated ephemeral (non-persistent) public and private parameters (Diffie-Hellman key exchange). Once the client and server each clear their private parameters, it is not possible for anybody to reconstruct the symmetric key, even if they later compromise the server's persistent public/private key pair (the one used for authentication).

It is this property, where the secrets needed to recover an encryption key are destroyed and cannot be recovered even if one party cooperates with the attacker, which is termed Perfect Forward Secrecy. Note that PFS doesn't make any guarantees if the crypto is attacked while a session is in progress (in this case, the attacker could simply steal the symmetric key) or if the attacker compromises one side before the session begins (in which case they can impersonate that party, typically the server). It is only perfect secrecy going forward.