THE NATIONAL SECURITY Agency develops advanced hacking tools in-house for both offense and defense—which you could probably guess even if some notable examples hadn’t leaked in recent years. But on Tuesday at the RSA security conference in San Francisco, the agency demonstrated Ghidra, a refined internal tool that it has chosen to open source. And while NSA cybersecurity adviser Rob Joyce called the tool a “contribution to the nation’s cybersecurity community” in announcing it at RSA, it will no doubt be used far beyond the United States.
You can’t use Ghidra to hack devices; it’s instead a reverse-engineering platform used to take “compiled,” deployed software and “decompile” it. In other words, it transforms the ones and zeros that computers understand back into a human-readable structure, logic, and set of commands that reveal what the software you churn through it does. Reverse engineering is a crucial process for malware analysts and threat intelligence researchers, because it allows them to work backward from software they discover in the wild—like malware being used to carry out attacks—to understand how it works, what its capabilities are, and who wrote it or where it came from. Reverse engineering is also an important way for defenders to check their own code for weaknesses and confirm that it works as intended.
“If you’ve done software reverse engineering, what you’ve found out is it’s both art and science; there’s not a hard path from the beginning to the end,” Joyce said. “Ghidra is a software reverse-engineering tool built for our internal use at NSA. We’re not claiming that this is the one that’s going to be replacing everything out there—it’s not. But it helped us address some things in our workflow.”
“There’s really no downside.”
FORMER NSA HACKER DAVE AITEL
Similar reverse-engineering products exist on the market, including a popular disassembler and debugger called IDA. But Joyce emphasized that the NSA has been developing Ghidra for years, with its own real-world priorities and needs in mind, which makes it a powerful and particularly usable tool. Products like IDA also cost money, whereas making Ghidra open source marks the first time that a tool of its caliber will be available for free—a major contribution in training the next generation of cybersecurity defenders. (Like other open source code, though, expect it to have some bugs.) Joyce also noted that the NSA views the release of Ghidra as a sort of recruiting strategy, making it easier for new hires to enter the NSA at a higher level or for cleared contractors to lend their expertise without needing to first come up to speed on the tool.
The NSA announced Joyce’s RSA talk, and Ghidra’s imminent release, in early January. But knowledge of the tool was already public thanks to WikiLeaks’ March 2017 “Vault 7” disclosure, which discussed a number of hacking tools used by the CIA and repeatedly referenced Ghidra as a reverse-engineering tool created by the NSA. The actual code hadn’t seen the light of day, though, until Tuesday—all 1.2 million lines of it. Ghidra runs on Windows, MacOS, and Linux and has all the components security researchers would expect. But Joyce emphasized the tool’s customizability. It is also designed to facilitate collaborative work among multiple people on the same reversing project—a concept that isn’t as much of a priority in other platforms.
Ghidra also has user-interface touches and features meant to make reversing as easy as possible, given how tedious and generally challenging it can be. Joyce’s personal favorite? An undo/redo mechanism that allows users to try out theories about how the code they are analyzing may work, with an easy way to go back a few steps if the idea doesn’t pan out.
The NSA has made other code open source over the years, like its Security-Enhanced Linux and Security-Enhanced Android initiatives. But Ghidra seems to speak more directly to the discourse and tension at the heart of cybersecurity right now. By being free and readily available, it will likely proliferate and could inform both defense and offense in unforeseen ways. If it seems like releasing the tool could give malicious hackers an advantage in figuring out how to evade the NSA, though Dave Aitel, a former NSA researcher who is now chief security technology officer at the secure infrastructure firm Cyxtera, said that that isn’t a concern.
“Malware authors already know how to make it annoying to reverse their code,” Aitel said. “There’s really no downside” to releasing Ghidra.
No matter what comes next for the NSA’s powerful reversing tool, Joyce emphasized on Tuesday that it is an earnest contribution to the community of cybersecurity defenders—and that conspiracy theorists can rest easy. “There’s no backdoor in Ghidra,” he said. “Come on, no backdoor. On the record. Scout’s honor.”
A new reminder for those who are still holding on to the Windows 7 operating system—you have one year left until Microsoft ends support for its 9-year-old operating system.
So it’s time for you to upgrade your OS and say goodbye to Windows 7, as its five years of extended support will end on January 14, 2020—that’s precisely one year from today.
After that date, the tech giant will no longer release free security updates, bug fixes and new functionalities for the operating system that’s still widely used by people, which could eventually leave a significant number of users more susceptible to malware attacks.
However, the end of free support doesn’t end Windows 7 support for big business and enterprise customers. As always, Microsoft does make exceptions for certain companies that are willing to pay a lot of money to continue their support.
According to a ‘Death of Windows 7’ report from content delivery firm Kollective, as many as 43% of enterprises are still running the nine-year-old operating system, of which 17% didn’t know when Microsoft’s end of support deadline hit.
Millions of Users Are Still Using Windows 7
Want to know how popular Windows 7 is among users? Even after aggressively pushing Windows 10 installations since its release in 2015, its market share finally managed to overtake the user-favorite Windows 7 just by the end of last year.
Windows 7 was released in 2009 and, according to December 2018 stats from Netmarketshare, is currently running on about 37 percent of the world’s PC fleet, which is far ahead of its radically redesigned successor Windows 8 and 8.1 combined.
Microsoft stopped the mainstream support for Windows 7 in January 2015, but Windows users have continued to receive security updates and patches for known security issues as part of the company’s extended support, which runs for at least five years.
In March 2017, Microsoft also started blocking new security patches and updates for Windows 7 and Windows 8.1 users running the latest processors from Intel, AMD, Qualcomm, and others.
“For Windows 7 to run on any modern silicon, device drivers and firmware need to emulate Windows 7’s expectations for interrupt processing, bus support, and power states- which is challenging for WiFi, graphics, security, and more,” the company said.
“The lifecycle begins when a product is released and ends when it’s no longer supported. Knowing key dates in this lifecycle helps you make informed decisions about when to update, upgrade or make other changes to your software.”
Besides ending support for Windows 7 next year, Microsoft will also end support for MS Office 2010, Windows Server 2008/2008 R2, SQL Server 2008/2008 R2, Exchange 2010 and Windows Embedded 7 in 2020.
As for Windows 8, the operating system’s extended support is set to end on January 10, 2023.
What Should Affected Windows 7 Users Do?
If you and/or your business are still running Windows 7, you still have one year left to shift to the latest operating system.
Government agencies and big enterprises can still pay for expensive extended support to continue receiving security updates and patches from the company if they need more than a year to migrate to the newer version.
However, regular users should upgrade their operating system immediately to Windows 10 or a Linux distribution, rather than running an unpatched and increasingly vulnerable version of Windows operating system.
Google is acting on its promise to kick deceptive websites to the curb.
The newly released Chrome 71 now blocks ads on “abusive” sites that consistently trick users with fake system warnings, non-functional “close” buttons and other bogus content that steers you to ads and landing pages. The sites themselves won’t lose access the moment Google marks them abusive, but they’ll have 30 days to clean up their acts.
The browser has more safeguards, too. Chrome will warn you when a site appears to be hiding the real costs and terms for a transaction. If a site is trying to rope you into a subscription without telling you that you’ll be charged, you might get an alert that could save you a lot of money. Google will try to get in touch with affected sites to have them modify their sites, but they’ll have to appeal the decision to have a chance at lifting the warning.
Chrome 71 is available now for Linux, Mac and Windows, and it’s rolling out to Android and iOS users over the course of the weeks ahead. Google hasn’t detailed everything that’s new, but the efforts to thwart malicious sites are clearly the highlights. The company has moved from blocking obvious threats like malware to the sneakier tactics that may not compromise your computer, but could prove annoying at best and costly at worst.