Playing around with the manufacturers' version of the not-yet-widely released Windows 8, programmer (and hacker) Nadim Kobeissi discovered that the operating system "tells Microsoft about everything you install" and does that "not very securely." Basically, the new Windows has this program called SmartScreen that's designed to protect users but instead gives Windows (and possible hackers) access to a lot of information. Here's the crux of the issue from Kobeissi's blog:
- Windows 8 will, by default, inform Microsoft of every app downloaded and installed by every user. This puts Microsoft in a compromising, omniscient situation where they are capable of retaining information on the application usage of all Windows 8 users, thus posing a serious privacy concern. The user is not informed of this while installing and setting up Windows 8, even though they are given the option to disable SmartScreen (which is enabled by default.)
- Windows 8 appears to send this information to Microsoft to a server that relies on Certificate Authorities for authentication and supports an outdated and insecure method of encrypted communication. It is possible that these insecurities could allow a malicious third party to target a Windows 8 user and learn which applications they are using. This allows them to profile the user and decide how to best exploit their personal selection of applications and their computing habits.
Read more at The Atlantic Wire.