Translate

Wednesday, January 20, 2021

PSexec failing with no process on the other end of the pipe

Recently we had a new strange issue with current Windows versions and PSExec.



If you execute something like PSExec -s -i cmd.exe 

which is creating a CMD under local system context you may receive an error like this

Error communicating with PsExec service on [MACHINE_NAME]:
No process is on the other end of the pipe.

Solution: Simply update PsExec to the latest version!
Minimum here is 2.32!

Monday, January 11, 2021

Surface device - driver and firmware support lifecycle

Recently a friend ask me for an updated driver for an issue with an older device in the surface family. So I thougth it would be a good idea first to check if the device is still supported. As we have the row of devices now for a couple years.



The good news were the devices up to Surface 3 are still under "firmware and driver" support. So in this case I could open a case for this driver issue and still believe it may be served. Actually its not a guarantee that PG agrees with my issue and will fix it. But there is some how a legal basis for it according to their own support policies.

Checkout here the list!

DeviceRelease DateEnd of Servicing Date
Surface RT1October 26, 2012April 11, 2017
Surface Pro1February 9, 2013April 11, 2017
Surface 21October 22, 2013April 10, 2018
Surface Pro 21October 22, 2013April 10, 2018
Surface Pro 3June 20, 2014November 13, 2021
Surface 3May 5, 2015November 13, 2021
Surface BookOctober 26, 2015November 13, 2021
Surface Pro 4October 26, 2015November 13, 2021
Surface Book with Performance BaseNovember 10, 2016November 13, 2021
Surface Studio (1st gen)December 15, 2016November 13, 2021
Surface Laptop (1st gen)June 14, 2017November 13, 2021
Surface Pro (5th gen)June 15, 2017November 13, 2021
Surface Book 2November 17, 2017November 17, 2021
Surface Pro LTE (Model 1807)December 1, 2017December 1, 2021
Surface GoAugust 2, 2018August 2, 2022
Surface Studio 2October 2, 2018October 2, 2022
Surface Laptop 2October 16, 2018October 16, 2022
Surface Pro 6October 16, 2018October 16, 2022
Surface Go with LTE AdvancedNovember 20, 2018November 20, 2022
Surface Laptop 3October 22, 2019October 22, 2023
Surface Pro 7October 22, 2019October 22, 2023
Surface Pro XNovember 5, 2019November 5, 2023
Surface Go 2May 6, 2020May 6, 2024
Surface Book 3May 26, 2020May 26, 2024
Surface Pro X SQ2October 13, 2020October 13, 2024
Surface Laptop GoOctober 13, 2020October 13, 2024

1. Indicates devices with a previously declared end of firmware/driver servicing support date.


More details especially also the differentiation on device support and OS version support you will find here: https://docs.microsoft.com/en-us/surface/surface-driver-firmware-lifecycle-support


To dig deeper its also very helpful to checkout the surface update history which is found here: https://support.microsoft.com/en-us/help/4036283

Saturday, December 5, 2020

Why a former open source fan trusts in Microsoft and their secure data handling

In the beginning of my IT "career" in mid-80's I was a open source fan and had bad prejudices against Microsoft. For me this was a huge "bad" US corporation and in these days it sounded also bad to pay money for software. Especially for kids having just their small pocket money. So illegal software copies were very widespread. Also people did not understand the concept of intellectual property in software these days. May be also as it was just too easy to make a simple copy of a program. Nobody was missing something (like it was physically stolen) as you made a copy out of "nothing".

Later on I was working as CAD administrator in my first job. There we also had Unix systems (Silicon Graphics IRIX, IBM AIX and still the evil Windows 3.1/3.11). Followed in my next job as 2nd level supporter for a SIEMENS affiliate company we used SCO Unix and Linux together with the (still evil) Windows 95/ NT 4.0. I loved Linux for the open source concept. Making things available for all for free.



But one day in my IT career a consulting company offered me a job to work as vendor lab engineer for (the big evil) Microsoft Corporation near Munich (Unterschleissheim). It took a while to think about it. I had so many (pre-)judices against them. But I realized I need to find out myself if I was right or wrong!

Until then I only got in contact with some Microsoft sales men and in these days these guys were very snobbish. At least it felt like snobbish. But I was willing to give it a chance and may be correct myself.

After a few weeks I realized the big difference between my thoughts and the reality. The tech guys there were as cool as the open source guys. Same techy mindset and all very open and friendly. But there was also this other difference which I understood better by then. Microsoft's techies realized they have to pay their bills at the end of each month for their houses, cars etc. So there was really a a very good justification for paying money for software. Actually this also paid my own bills :-$

So this was my personal conversion from a Linux open source minded "Saul" to a Microsoft/Windows minded "Paul"!

But when it comes to data protection (which is the origin topic of this article) then there is even a different story to tell. And why I absolutely trust in Microsoft's data handling way more than all others. I was one of the "victims" of this data handling. Victim in the sense as I learned on my own hands what does this really means to them!

Many people argue that Microsoft is making money with customers data. As far as I observed this is absolutely not true! Even the opposite is true!

First of all you have to think about different companies and their business models. Many of the "I-give- it-for-free" companies like Google, Facebook, Twitter (just to name a few more prominent) have a business model based on data. 

Rule of thumb is: "Whenever you do not pay for a product - YOU are the product."

Actually this is not bad and also very popular. Most people still like stuff they have not to pay for. But you need to make yourself aware that your personal usage pattern is used for marketing and advertisement purposes. So Google, Facebook and Co. doing their business based on advertisement.

If you use their services you need to accept that! And believe it or not I still use Google for searching.

Whenever you are a data protection officer arguing against Microsoft regarding data handling (obviously without knowing it better) then you also need to be consequent and stop using Google for search in your company!

Microsoft's business model is different. You actually pay for the services. The free stuff there is normally "just" to bind people to the paid stuff. Actually I myself use Office365 Home (for me and my family) and pay for it. I get all the cool new stuff and lots of services for a little price. So I do not care anymore. This meaning they make money with software & services not originally with data (only).

To be fair they are also getting usage data to help them making better advertisement to you (when it comes to Microsoft services) but they do not sell this data. 

To check this out in detail check it here in English or German (Microsoft Privacy statement).

Even Google states that they do not sell your data. They just create advertisement based on your behavior on their platform (or platform "legs" on other websites (with embedded google advertisement frames)) as stated here. As I was not working there I can not judge on this seriously!

Now lets come to Microsoft's internal data handling behavior. And this was even done by myself as how I was instructed to do:

  1. Whenever a customer went into our lab with some sort of personal data we refused it.
  2. If it was necessary we only allowed at least pseudonymized data.
    1. Then the data need to reside on dedicated systems
      (hardware or VMs on dedicated hardware)
    2. Not connected to any IP network
    3. Accessible only by KVM switch (just keyboard, video, mouse extension, no data transmission)
    4. KVM switch only accessible via dedicated VPN into our internal lab network and only from Microsoft corporate network
    5. Data deleted with DoD wipe process (DOD 5220.22-M) afterwards with 5 times writing "trash" on the whole hard disk (certified)
Actually we "feared" real customer / personal data in our lab environment as we had to take it very serious which introduced also a lot of extra work for us!

In my life I have seen many companies handling with data. But none of them was by far so strict as Microsoft is. And in days of GDPR Microsoft take it even more serious. They have today literally a dozen different personal data classifications and different handling instructions.

Also in terms of layered security (starting with access, process data, store data and even data disposal) Microsoft is really THE ultimate model student). And less they can not accept.

Just think of their cyber defense operation center (CDOC) which takes care of all Microsoft's assets on premise an in the clouds (public and private). Or the Microsoft Digital Crime Unit (DCU). They are helping to make the world actively safer every day. Just checkout their current reports.

This is why I absolutely trust in security & secure data handling at Microsoft. They do much more then even my bank does (and I had a IT project with my own bank as well many years ago!)

    




Wednesday, November 25, 2020

Schrems-II OR the myth of data security outside of US companies like MS

UPDATED 18.12.2020 (Added 7. Dagger Complex)

Today its time to sort out some important things on cybersecurity & the Schrems II myth on "data is secure when it is not anymore in reach of NSA or US based companies forced by NSL (National Security Letters)" which would include Microsoft with its Cloud offerings (as its headquarter is based in Seattle Washington (State)) as well as Google, Facebook or Amazon.


The very short story: When it comes to cyber security and cyber protection there are multiple players. From some you can protect yourself (even with MS security tools and the Microsoft Security Graph and its relying toolset which is still unbeaten in this area). These include typical hackers. 

And others you simply can't protect yourself as they operate on a complete different level which includes NSA and probably also MOSSAD / SHIN BET (during my time in Israel I learned some former Israel militaries (e.g. Unit 8200) they are now working in cyber security. Did you ever thought why most of the cyber security startups coming from Israel? Its caused by their military as they are forced to be specialists on this while surrounded by their enemies). If you are more interested in this - here is a great article from Jerusalem Post


Now lets come to the really long story (Hopefully you have time. Its worth I think but grab a coffee! After the legal part it becomes better than James Bond!)

But first lets us sort out some things and be open.

1. Lets come first to Mr. Max Schrems. He is an austrian lawyer, author and data protection activist. I do not want to judge on his motives and if he is a US or MS hater or not who knows.


2. Now lets come the the current Schrems II court rule. Originally as answer of the Schrems I court rule the EU Privacy Shield was created. This was falling last summer.

"The CJEU ruled that the Privacy Shield does not provide adequate protection, and invalidated the agreement. The court also ruled that European data protection authorities must stop transfers of personal data made under the standard contractual clauses by companies, like Facebook, subject to overbroad surveillance. This decision has significant implications for U.S. Companies and for the U.S. Congress because it calls into question the adequacy of privacy protection in the United States." ( epic.org Press Release)

Microsoft created a smart solution for this until (slower) law rulers in the EU and the US will sort out these things in another legal way.

a. the Microsoft cloud is acting under EU standard clauses which are independent of the EU Privacy Shield.

b. the very long story on this and how it relates to Microsoft365 in this blog post (from data protection lawyer Koellner (sorry its in German especially as this relates very much to Germans as we are taking everything very serious. What is a joke? I don't know Jokes. I am a German :-D)

c. Latest MS answer on this by Julie Brill (Corp VP for Privacy and Chief Privacy Officer at MS 11/19/2020) including financial commitment. I think this is up to now still a good reason to stick with the Microsoft Cloud.

Ok for now I think we can stop this legal discussion and come to the real beef!



3. Lets talk first about the NSAs global surveilance capabilities. The capabilities they had some years ago were revealed by the Snowden leak. And this is what is known (un-)officially. As this leak has passed 7 years for now; don't think they did not improved their systems.

We always talk about legal access to data in a central datacenter and we need to protect this. You are absolutely wrong! From a legal (only) perspective you are wright but not in the NSA case. 

If they had not (yet) direct access on the data in an US companies datacenter somewhere on earth. The data will be transmitted from or to your computer. And this is the real crown jewel. Then they have everything. Your data, access to your mic and your camera and everything that's going on on your screen. 

The toolset they have is utilizing lots of still unknown Zero day exploits in an very automated manner. They point to an IP and finally that's it. Game over (for you). 

And don't think "my virus scanner" is saving me. Often they cant as 50% of attacks are ongoing "in memory only" so the AV scanner does not see anything. 

Microsoft developed Advanced Threat Protection (Microsoft ATP; now called Microsoft Defender for Endpoints) to cover also this sort of attacks. 

Another serious and very hard to handle attack vector are firmware attacks. As this is done on a hardware layer no software can see or control it. Just imagine a hacked network adapters firmware. Everything is done and manipulated on the last piece before the bytes hit the wire!



4. Now lets talk about encryption. We believe (oh yeah) we use the latest and greatest encryption. (And I don't talk right now about quantum computing which is another huge threat just around the corner. I will cover this in another blog post). 

When you do some research on this you will come across NSA encryption suite B (WARNING NIST official website!) (now replaced by Commercial National Security Algorithm Suite CNSA) (WARNING NSA official website!)

Hmm lets think a moment! When there is a Suite B (officially known encryption algorithms) isn't there also a Suite A and when does NSA advice to use which one?

First of all. There is also a Suite A. While Suite B is using lots of algorithms you already know very well like AES (Advanced Encryption Standard) there are also others you may never heard of in Suite A. So fancy names like ACCORDION, BATON, FIREFLY, JOSEKI, KEESEE, MAYFLY, MEDLEY, SAVILLE, SHILLELAGH, WALBURN or WEASEL.

Ok when to use which one (according to official CNSSI 4009 National Information Assurance term definitions)

"Suite A:
A specific set of classified cryptographic algorithms used for the protection of some categories of restricted mission critical information.

Suite B:
A specific set of cryptographic algorithms suitable for protecting both classified and unclassified national security systems and information throughout the US government and to support interoperability with allies and coalition partners."

Translated: When Suite B is not safe enough US government will use Suite A for the real sensitive stuff.

Wait a moment there is something which come into my (history) mind. When did the US government released officially SSL encryption in browsers with 128 bit encryption end of 1990's ? They started to release when they were able to break it!

Translated: We give others only encryption stuff when we are able to break it by ourselves.



5. And now lets come to the greatest coup CIA did ever (still cant stop laughing on it how bold they were). Its the case of Crypto AG also known as "Operation Rubikon". And that's actually why you are not even safe in Germany with German vendors!

But for a better understanding a short lesson on sigint (signal intelligence) history. The so-called 5-Eyes (US, UK, Canada, Australia, New Zealand) operating the global surveillance network. 

The German BND (Bundesnachrichtendienst / the German version of CIA) had it's roots from Organization Gehlen  the successor of the German military intelligence in 2nd world war. After the war lots of these guys were recruited again for Gehlen Org which become later the BND and had already in its early years very strong connection to the CIA. Also caused due to the cold war. So lets say BND is a very good buddy of CIA and NSA. Just read the book "Bedingt dienstbereit: Im Herzen des BND" (from the former BND agents Norbert Juretzko and Wilhelm Dietl, sorry its in german only)

And believe it or not many countries and militaries in the good old time thought hey its a bad idea to buy encryption stuff from US companies. They might have embedded backdoors. Lets go better to guys they have a strong "security" reputation in any way. And that's Switzerland. They are absolutely neutral to anybody (What they state. If they are really I don't know).

Lets look for a swiss company to get really trustworthy and reliable encryption devices for real safe communications to prevent any espionage on our communication and data.

CIA also realized this behavior. And they feared to loose control. Hmm what to do? This was the birth of "Operation Rubikon" and it lasts for 5 decades until 2018!

Here the story (directly form Wikipedia. I couldnt write it better):
"Crypto AG was a Swiss company specialising in communications and information security. It was secretly jointly owned by the American Central Intelligence Agency (CIA) and West German Federal Intelligence Service (BND) from 1970 until about 1993, with the CIA continuing as sole owner until about 2018. With headquarters in Steinhausen, the company was a long-established manufacturer of encryption machines and a wide variety of cipher devices. 

The company had about 230 employees, had offices in Abidjan, Abu Dhabi, Buenos Aires, Kuala Lumpur, Muscat, Selsdon and Steinhausen, and did business throughout the world. The owners of Crypto AG were unknown, supposedly even to the managers of the firm, and they held their ownership through bearer shares. 

The company has been criticised for selling backdoored products to benefit the American, British and German national signals intelligence agencies, the National Security Agency (NSA), the Government Communications Headquarters (GCHQ), and the BND, respectively. On 11 February 2020, The Washington Post, ZDF and SRF revealed that Crypto AG was secretly owned by the CIA in a highly classified partnership with West German intelligence, and the spy agencies could easily break the codes used to send encrypted messages. The operation was known first by the code name "Thesaurus" and later "Rubicon". According to a Swiss parliamentary investigation, "Swiss intelligence service were aware of and benefited from the Zug-based firm Crypto AG’s involvement in the US-led spying"."

6. And believe it our not it's getting even better. The new BND law is legalizing global data gathering (sorry its in German and also valid for other countries worldwide) the. Even into an amount of data the BND could probably not handle (initially "limited" to max 50% of all global communication). Just to give them a kind of limit. We do not want to have them off limits. :-D

7. Since the end of 2nd World War the US intelligence community had a couple SIGINT stations in Germany. For example checkout the story behind the Dagger Complex in Darmstadt (which soon is moved to Wiesbaden). Checkout the Wiki article.

Conclusion: Just thinking that you are a German company storing data in Germany with a German vendor does mean nothing! You are even not safe in your own premises. 

Unless you put your computer in an independent bunker with own electricity and no internet connection your are definitely not safe in this world!

So my recommendation: Don't do anything unlawful and you are not interesting for them.

Thursday, October 1, 2020

Microsoft Security Report 2020 is out!

Recently MS news released the new Microsoft Security Report for 2020. The original press release text was in german only. But the report is in english.

The report shows the actual threat landscape. This year threats in relationship to Corona where very broadly used. Also nation state attacks and human driven threats as well. Also supply chain and IOT where at risk.

Get the full report here: https://www.microsoft.com/en-us/download/confirmation.aspx?id=101738



Thursday, September 24, 2020

Microsoft Defender XDR

Upps they did it again. Another name change. But it make fully make sense! Microsoft Defender Advanced Threat Protection is becoming Microsoft Defender Endpoint Protection and much more! The whole thing is now Microsoft Defender XDR (eXtended Detection & Response)

Checkout this Microsoft Garage Video!


The Microsoft 365 Defender line will include:

  • Microsoft 365 Defender (previously Microsoft Threat Protection)
  • Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection)
  • Microsoft Defender for Office 365 (previously Office 365 Advanced Threat Protection)
  • Microsoft Defender for Identity (previously Azure Advanced Threat Protection)

Similarly, the Azure Defender line will include:

  • Azure Defender for Servers (previously Azure Security Center Standard Edition)
  • Azure Defender for IoT (previously Azure Security Center for IoT)
  • Azure Defender for SQL (previously Advanced Threat Protection for SQL)

Differences on Windows Versions Pro/Business/E3/E5

Recently a customer asked me about the specific differences between Windows Defender and Microsoft Defender Advanced Threat Protection (aka MD ATP or its new name "Microsoft Defender for Endpoints")


There is a great "Windows 10 commercial edition comparison" chart available which I want to share with you. Each feature is clickable and tells you more what MS is meaning with it!

Acutally the biggest differentiator is the security area. Standard security is pretty good so far even with Windows Defender (standalone). But the extra costs for E5 is bringing you cloud powered mega security facilitating the Microsoft Security Graph. So the extra bucks are running and operating the cloud facilities for you (hardware, power, cooling, people (3500 security researcher working for you day/night))

To see the full 8 pages version checkout here:
https://go.microsoft.com/fwlink/p/?linkid=2069559

Thanks to Simon for pointing me to this valuable ressource!