Slashdot Mirror
Microsoft Has Your Encryption Key If You Use Windows 10 (theintercept.com)
An anonymous reader writes with this bit of news from the Intercept. If you login to Windows 10 using your Microsoft account, your computer automatically uploads a copy of your recovery key to a Microsoft servers. From the article: "The fact that new Windows devices require users to backup their recovery key on Microsoft's servers is remarkably similar to a key escrow system, but with an important difference. Users can choose to delete recovery keys from their Microsoft accounts – something that people never had the option to do with the Clipper chip system. But they can only delete it after they've already uploaded it to the cloud.....As soon as your recovery key leaves your computer, you have no way of knowing its fate. A hacker could have already hacked your Microsoft account and can make a copy of your recovery key before you have time to delete it. Or Microsoft itself could get hacked, or could have hired a rogue employee with access to user data. Or a law enforcement or spy agency could send Microsoft a request for all data in your account, which would legally compel them to hand over your recovery key, which they could do even if the first thing you do after setting up your computer is delete it. As Matthew Green, professor of cryptography at Johns Hopkins University puts it, 'Your computer is now only as secure as that database of keys held by Microsoft, which means it may be vulnerable to hackers, foreign governments, and people who can extort Microsoft employees.'"
Large public corporations are going to be logging in using Active Directory credentials, not their Microsoft accounts. The article summary (which may be wrong, because they usually are) states that this behavior only happens when logging in with a Microsoft account.
that is a totally out of context comment from an anonymous poster.
large corporate entities will not deploy windows 10 for years anyway due to incompatible or uncertified line of business software platforms. it has nothing to do with this particular feature.
moreover, this has to do with logging into your microsoft.com account, nothing to do with windows 10 pro joined to a domain.
So one important thing to remember is that these keys don't give anyone a login or remote access to your box whatsoever. Instead, Windows 10 now turns on disk encryption by default. That's a good thing, but of only limited value since disk encryption really only helps if the disk is physically stolen from you.
So what we have here is a copy of the key that allows recovery of an encrypted disk being stored in the cloud unless you delete it. Not the greatest thing ever but it doesn't panic me all that much when the same people who scream about not upgrading to Windows 10 because OMG NSA are also running old systems without any disk encryption whatsoever.
To put it another way: The vast VAST majority of Linux systems in operation that don't use full disk encryption are actually LESS secure than this setup simply because there's no need to get your hands on a recovery key to decrypt anything. Yes, I'm well aware that Linux systems with full-disk encryption exist. So what, they did (and still do) on Windows too.
AntiFA: An abbreviation for Anti First Amendment.
It's certainly possible that you're right, but equally if the GP poster really does have insider knowledge and really does want to speak without betraying a confidence then surely they really would post anonymously.
In any case, I can tell you the answer to your follow-up questions for at least some small to medium-sized companies I work with: Windows 10's biggest competition is probably Windows 7, which is what the majority of these organisations are already running as their standard desktop.
The difficulty Microsoft has with these customers is that Windows 10 doesn't have a lot of big selling points. I watched and listened to some of the early promotional material, and the loudest message I heard was "it's not Windows 8". Obviously to business customers who standardised on Windows 7 anyway, that's not exactly a good reason to undertake an inevitably expensive and disruptive migration to a new OS.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Good to remember, that Congress just passed new (clearing companies to share any data with the NSA directly without liability) surveillance legislation tucked into the 2015 budget bill:
http://arstechnica.com/tech-po...
The way this (and the data uploading with Windows 10) dovetails with the budget spy bill just passed you'd think it was hatched out in a back room - in D.C.. Obviously don't use Windows 10 if possible (you can still get 7 or 8.1 on most systems) and don't use Microsoft's built in encryption option (which Microsoft kneecapped starting with Windows Version 8 by removing the elephant diffusor making it more vulnerable to brute force attacks), there are other options for Windows Encryption.
Because they didn't by the pro version and have to use the Microsoft account.
This is simply false. So far, at least.
Live today, because you never know what tomorrow brings
we have yet to find a way of disabling the keylogger built in to the Kernel. (recorded does not necessarily mean stored long term, but long enough to evaluate in memory.)
Wait, what exactly does this mean? Even in Linux every keystroke goes through the kernel, it's kind of the purpose of the kernel to handle hardware stuff like that (of course Linux doesn't record it anywhere unless you want it to).
"First they came for the slanderers and i said nothing."