Nice to see Microsoft join the DNS Over HTTPS crowd.
Here in Windows Core Networking, we’re interested in keeping your traffic as private as possible, as well as fast and reliable. While there are many ways we can and do approach user privacy on the wire, today we’d like to talk about encrypted DNS. Why? Basically, because supporting encrypted DNS queries in Windows will close one of the last remaining plain-text domain name transmissions in common web traffic.
Providing encrypted DNS support without breaking existing Windows device admin configuration won’t be easy. However, at Microsoft we believe that “we have to treat privacy as a human right. We have to have end-to-end cybersecurity built into technology.”
We also believe Windows adoption of encrypted DNS will help make the overall Internet ecosystem healthier. There is an assumption by many that DNS encryption requires DNS centralization. This is only true if encrypted DNS adoption isn’t universal. To keep the DNS decentralized, it will be important for client operating systems (such as Windows) and Internet service providers alike to widely adopt encrypted DNS.
Ian Haken makes a fascinating presentation of his research on bypassing Bitlocker on a Windows machine if you have physical access to the machine you’re trying to crack into. Especially interesting is the point Haken makes at the end that this particular attack worked (Microsoft has since fixed this particular issue) because of assumptions about the security model that Microsoft made years ago that are no longer true–but those assumptions are instantiated in the way that various parts of Windows authentication works.
The Xbox One Sign Out troll pretty much nails everything wrong with voice control in the way that Microsoft has implemented it with its Xbox Kinect. The troll sets his Xbox username to “Xbox Sign Out”, then tricks people into saying his name which will then bring up the Xbox Sign Out screen for that user.
The Kinect on the Xbox 360 has this problem in spades. If I’m watching Netflix and my daughter says something like “I hope they stop him him in time,” the idiot Kinect complies by stopping the video.
In fact, there’s a whole host of words that you can’t say around the Xbox, including words that might sound like a control word. We’ve managed to inadvertently interrupt our Netflix viewing by saying pop, pencil, claws, and similar words that sound close enough to stop, cancel and pause to the Kinect.