Microsoft Gives Vista Backdoor Keys To The Police
from the meaning-the-crooks-have-it-too dept
It's long been assumed that Microsoft has built in various "backdoors" for law enforcement to get around its own security, but now reader Kevin Stapp writes in to let us know that the company has also been literally handing out the keys to law enforcement. Apparently, they're giving out special USB keys that simply get around Microsoft's security, allowing the holder of the key to very quickly get forensic information (including internet surfing history), passwords and supposedly encrypted data off of a laptop. While you can understand why police like this, the very fact that the backdoor is there and that a bunch of these USB keys are out there pretty much guarantees that those with nefarious intent also have such keys. The second you build in such backdoors, no matter how noble the reason, you can rest assured that they will be used by criminals as well. No matter what, for those of you who didn't already know it, now you have more evidence as to why trusting Microsoft's "security" isn't such a good idea. Update: Some folks in the comments, and Ed Bott, claim that this post is a misreading of the original story. The USB key includes a bunch of standard tools, not access to a "backdoor." The confusion, on my part, was due to the original article claiming that the device "can decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer." In saying so, it appeared that the device must have access to a backdoor to decrypt the password -- but an update claims that it's merely "password security auditing technologies."Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Unbelievable, Mr. Balmer.
This single action will do more to kill off closed source OS software in private and corporate use than anything else I could imagine.
Mr. Balmer, you have a great deal of explaining to do and if you had one ounce of sense you would offer a test program to confirm this back door's existence on any particular machine and a matching patch to rip out this vulnerability.
Oh...and if you were still clinging to any wild imaginings that Vista had a future, kiss them goodbye. Right now.
[ link to this | view in chronology ]
Re: Unbelievable, Mr. Balmer.
Steve...Stevie buddy...What a monumentally stupid thing to do.
This single action will do more to kill off closed source OS software in private and corporate use than anything else I could imagine.
GE, GE Buddy, what a monumentally stupid post. Try reading the story (stories) and thinking a bit before posting. (Note: This may require removal of a cranial-rectal impaction) Do you really think that MS NT-based Operating Systems, having been around for about 15 years, would have not been discovered to contain backdoors by now. Surely, you must admit that the hackerz and haters would have found and revealed them by now.
If the key were to exist, it would be illegal in many locales - do you think MS would PUBLICLY announce the presence of a tool to exploit this supposed backdoor and expose themselves to untold legal liabilities? Usually conspiracy creators at least try to make them plausible. Please insert another quarter andtry again. It's almost as if you are biased or something....
[ link to this | view in chronology ]
Re: Re: Unbelievable, Mr. Balmer.
GE, GE Buddy, what a monumentally stupid post. Try reading the story (stories) and thinking a bit before posting. (Note: This may require removal of a cranial-rectal impaction) Do you really think that MS NT-based Operating Systems, having been around for about 15 years, would have not been discovered to contain backdoors by now. Surely, you must admit that the hackerz and haters would have found and revealed them by now.
If the key were to exist, it would be illegal in many locales - do you think MS would PUBLICLY announce the presence of a tool to exploit this supposed backdoor and expose themselves to untold legal liabilities? Usually conspiracy creators at least try to make them plausible. Please insert another quarter andtry again. It's almost as if you are biased or something....
===
Uhh, they already have a known backdoor check out the NSAKEY scandal that broke some years ago.
[ link to this | view in chronology ]
Re: Unbelievable, Mr. Balmer.
https://www.schneier.com/blog/archives/2015/03/can_the_nsa_bre_1.html
and this
https://www.elcomsoft.com/efdd.html
there is much more... just do a google search...if anyone wants to know if backdoors exist. Microsoft is a traitor to the people...our country and no one should ever trust them again. Bill Gates... how can you sleep at night?
[ link to this | view in chronology ]
does it work
[ link to this | view in chronology ]
wow.Since when?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Vista was secure?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Please supply some of this proof.
[ link to this | view in chronology ]
Wow, it staggers the mind they would even put something like this out in the wild. Ok, place your bets. How long until the hacker community gets hold of one of these USB's?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Backdoor Keys in the wild and with police.
Bribery is all well and official in almost all Asian countries... and I expect it is in most countries including the USA. Look at how many dishonest police there are...and that is only the ones we hear about. We all know there is a certain percentage of police... fbi and all legal professions who are dirty and will sell nearly anything for the right price, doesn't matter who the receiver is.
I know this for a fact, as I have experienced this myself... in the many Asian countries I have traveled. Fact is... bribery is the normal way for those in the know to get out of trouble. And it is practiced quite openly. If you travel abroad... and don't know this... I pity you, you will have little way for redress in Asia in most cases. Even most attorney's split there fees with public officials, and so you can now imagine where at least 50% of your attorney's fees automatically go. If you don't believe me... ask and you will find out for yourself.
[ link to this | view in chronology ]
Re: Re: Backdoor Keys in the wild and with police.
https://www.schneier.com/blog/archives/2015/03/can_the_nsa_bre_1.html
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
old and busted: brute forcing a new password.
new hotness: cracking the password so no one knows you have it.
[ link to this | view in chronology ]
Re: Re:
Doesn't work with long (>14 characters) passwords.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Replacing Passwod
[ link to this | view in chronology ]
It's not much of a backdoor
to do that already.
It seems that cofee is a collection of tools
on a USB drive for live forenisic analysis.
This is interesting,
http://www.techsec.com/pdf/Tuesday/On%20Demand%20Mike%20Duren.pdf
[ link to this | view in chronology ]
Did you even read the article
The article is sadly anemic on the details besides it being apparent that MS is providing forensics tools tailored to its OS, tools which in your fearmongering scenario would be useless against any intelligent criminal, and the unintelligent criminals probably aren't going to be using security features which this, in your mind, works around. All we really glean from this is you can more quickly obtain a password (which was already crackable on windows machines). It doesn't mention the ability to bypass any drive encryption, even BitLocker, which MS also says is secure from any backdoors.
[ link to this | view in chronology ]
Re: Did you even read the article
As far as I know, there is no other tool that will directly reveal a user's Windows password (not counting key-loggers). The only other method is brute force guessing which is ineffective against suitably strong passwords.
Once you've got a user's password on the machine you can login as that user and access all of that user's BitLocker files. This tool provides those passwords. Understand how that works?
[ link to this | view in chronology ]
Re: Re: Did you even read the article
you use john.
if you want to use a few extra PCs to help you crack a truely "strong" password there is distributed john.
[ link to this | view in chronology ]
Re: Re: Re: Did you even read the article
[ link to this | view in chronology ]
Re: Re: Did you even read the article
[ link to this | view in chronology ]
Re: Re: Re: Did you even read the article
[ link to this | view in chronology ]
Re: Did you even read the article
[ link to this | view in chronology ]
FTC
Oh, It's for the Children....
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Microsoft security = lol
I don't know how probable this really is, but I've had the feeling that all (most?) of those really extreme security holes in Windows products have been created intentionally, to let organizations like the CIA, NSA, FBI, etc. have backdoor access to computer systems when they deem they have the need for it. I remember reading an article about China not choosing to run their government systems on Windows for this very reason, as the source is closed and they couldn't easily check it for backdoors.
Wouldn't building a secure OS that cannot be backdoor hacked by someone like the NSA be considered a dangerous weapon/national security risk? At least, that's how they used to (or maybe they still are?) look at secure encryption systems, with export bans/restrictions and all that good stuff.
[ link to this | view in chronology ]
Re: Microsoft security = lol
Are you sure you are not thinking of the Tom Clancy novel "The Bear and the Dragon"? This is exactly what happened in that story. Or maybe the Chinese read the novel instead.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
And I thought the article itself reached peak stupidity
[ link to this | view in chronology ]
Backdoor?
The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer.
Most people who do computer forensics already have a similar toolkit. This sounds like Microsoft just saved people the trouble of compiling their own. From the article, it sounds like the improvement here is the law enforcement equivalent of a script kiddie. Instead of actually having to understand and know how to use the technology, you can use a collection of scripts to do it all for you automatically.
News flash: Microsoft's password-hashing algorithm used on local PCs has never been that hard to crack, and as others have pointed out you can use any number of products to reset the password from a non-Windows boot disk if you don't want to crack it. So that's not a new capability.
If you have a password to log onto the system, especially for an admin account, it is trivial to pull the IE browsing history. There are several logs, and parsing them all can be a pain in the butt, but there are already tools that exist to simplify this process.
Finally, if you have access to a PC's hard disk it is trivial to run any number of disk tools to scan/analyze the hard disk. You certainly don't need a password, let alone an MS tool to do it.
There's nothing in the article anywhere that refers to there being a backdoor, or anything that even sounds like a backdoor. Mike should probably remove references to that, but then he loses his "story". Furthermore there is absolutely nothing in the article that indicates a capability to circumvent disk encryption, though that didn't stop some posters here from speculating that the capability existed.
Maybe I should buy each of you a "jump to conclusions" map.
[ link to this | view in chronology ]
Re: Backdoor?
Resetting the password will NOT give you access to the user's BitLocker encrypted files. And brute force cracking isn't practical with strong passwords.
Good luck with encrypted areas.
Again, most security people would disagree with that. A built-in ability that Microsoft can use to decrypt passwords is a backdoor in most people's books.
Why should he? If the what the story says is true, then it's a backdoor.
If you have the user's password on the system, you can decrypt their BitLocker files. That seems pretty straight forward to me.
Maybe you should buy yourself a clue first.
[ link to this | view in chronology ]
Re: Backdoor?
-Des
http://techwatch.reviewk.com/
[ link to this | view in chronology ]
Physical access can still mean 'back door'
Also, just because it might not be remotely exploitable doesn't mean that once in the hands of bad guys it won't have devastating consequences.
[ link to this | view in chronology ]
So, instead lets make an OS that ties the hands of law enforcement and gives terrorists the tool they need to kill us all.
idiots. complacent idiots. All of you.
Someone else out there said it best. If it requires physical access (and a USB key would) then its a moot point you are all making.
[ link to this | view in chronology ]
Re:
By the way the root of "terrorist" is terror. Obviously worked on you since you are so willing to give up your rights. America is not just a piece of land, it was a concept of true democracy. Therefore when you give up your rights that the people voted for, you just allowed terrorist to attack "America".
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Just can't wait to get to hell, can you?
[ link to this | view in chronology ]
Who cares!
I don't use computer to store sensitive material because I am not stupid. I only use vista to watch porn and watch legal DVDs.
I DONT CARE
[ link to this | view in chronology ]
Re: Who cares!
How would you like to spend years in prison for an "Information Crime" that you did not commit?
All it takes is:
a) Some who dislikes you.
b) Physical access to a computer you use.
c) A Microsoft(tm) USB Vista(tm) Backdoor key.
d) Kiddie porn.
e) A dime phone call to the local PD.
Enjoy your time in prison thinking about who to trust next time.
[ link to this | view in chronology ]
Re: Re: Who cares!
[ link to this | view in chronology ]
Re: Re: Re: Who cares!
[ link to this | view in chronology ]
Re: Re: Who cares!
When this tool is analyzed, it will be shown to be nothing more than a collection of tools which automate already existing processes of finding evidence on a Windows machine. Period.
[ link to this | view in chronology ]
Re: Who cares!
I don't use computer to store sensitive material because I am not stupid."
Yes, let's willingly give up more of our freedoms and privacy. What a brilliant idea!
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Remote exploit
[ link to this | view in chronology ]
BTW Anonymous Coward, You don't need criminal intention to want security of your data. If this backdoor allows access to personal information stored on a computer even if encrypted,then caveat emptor!
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re: Encryption
[ link to this | view in chronology ]
Re: Re: Re: Encryption
No Privacy Rights
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Encryption
I have a volume set up using AES-Twofish-Serpent encryption, a 768-bit key, and a 20-character password made up of numbers, upper/lowercase letters, and symbols. The password and volume information aren't stored in Keychain or cached anywhere in the system, nor are they written down anywhere.
Mathematically, it's pretty much uncrackable - The only potential problem is if someone finds a flaw in TrueCrypt's implementation of the encryption algorithms. Given that it's open-source, that at least improves the chances of any such flaws being discovered.
[ link to this | view in chronology ]
Re: Encryption
And even if you've switched off there are tools available that can pull enough of your pre-power-down ram state to explorer for your truecrypt pass.
[ link to this | view in chronology ]
Re: Re: Encryption
I tried to go to the links you used as references, but they didn't seem to exist.
[ link to this | view in chronology ]
COFEE
In year 2006, inspired by WFT, Ricci Ieong started the development of Computer Online Forensic Evidence Extractor (COFEE) (Ieong 2006):
http://www.marcomattiucci.it/ieong.pdf
[ link to this | view in chronology ]
Windows passwords
No, because MS wrote the password hashing code and likely planned in advance to distribute a tool to LE to get around Vista passwords. Since no one outside MS sees the source, no one knows what methods exist to do this.
It seems :stupid: to hand LE a brute-force tool to solve the password hashed by your own code, since they already know how to brute-force if they want. The tool adds nothing, so why spend $$$ distributing it?
But, if your tool has a much more efficient method of cracking (or retrieving) passwords, then you're giving LE an amazing advantage in forensic tech. This seems worth the $$$ invested.
Vista uses NTLM passwords by default (when not in a domain), so I don't really fear anyone with a brute force trying to break my strong login password. (LM, however, scares the hell out of me and I disable it in the XP registry to be safe.) Also, an attacker armed with this key scares the hell out of me because I'm sure my NTLM 14+ char passwd is no match for a retrieval solution that doesn't care how well-crafted my login is.
Physical access to my Vista laptop = knowing when I'm out of my room + cutting my Kensington lock. A real problem, and not a moot point for laptop installs.
[ link to this | view in chronology ]
Windows USB "Backdoor" NOT
I have worked for Microsoft doing Windows security for a few years now, but the truth of the situation is clearly much different than reported.
There is no Microsoft USB backdoor key to Windows. But both the USB bus and the 1394 (Firewire) bus were designed with inadequate attention to security. A compliant implementation of both can cause security issues for the OS supporting them. With Vista, Microsoft supports the ability to restrict the security vulnerabilities associated with the USB bus. This security policy significantly reduces the usability of consumer usage scenarios and is off by default (it can be set by Group Policy). The 1394 interface is insecure by default -- the cure for hostile 1394 devices is epoxy. For the more paranoid organizations, the cure for USB interface vulnerabilities is epoxy as well, requiring HW that supports PS2 plugs – as you never know if the USB device you are talking to is actually what it reports itself to be.
Evidence gathered by the police is only useable if it meets very stringent standards of data gathering and clear control and possession. Hence, specialized forensic tools have to be used that do not alter data on the system. And it is important to gather evidence, typically a table of hashes, that allows the investigators to show that data / evidence was not altered if and when such evidence may be used at a trial. As such, having certified scripted data acquisition tools that create memory and disc images and associated hashes are invaluable. I am not familiar with this particular tool set, but it would appear that Microsoft has made such a tool set for the gathering of forensic evidence from systems. Other providers supply such tools as well.
If the user has enabled bitlocker and EFS, configured them correctly, and the system is powered down (enough for transient charges and polarization of dielectrics to discharge), there is no technical attack against the system. There is a legal one – hold one or more parties who have knowledge of the key until they divulge it. Depending upon the perceived value of the data in question, governments have shown themselves to be quite persuasive. Attackers with physical access to a running system have more opportunities to compromise the system, and it does not matter what OS is running on it. A physically compromised system must be viewed as compromised; it is a question of time and resources to break it.
[ link to this | view in chronology ]
Re: Windows USB
You mean, that you know of? If you can prove that, then please do so. But an anonymous claim on a blog isn't exactly convincing and I haven't seen The Seattle Times retracting their story.
Then how is it that you can say that it does not do what the Seattle Times article says it does? And do you mean for us to believe that someone who has "worked for Microsoft doing Windows security for a few years now" isn't familiar with this tool? Then I'd question if you were really in the know at MS (if you actually worked there).
[ link to this | view in chronology ]
Now, however, it's sadly no longer possible to trust any government agency with any such device. The most depressing part is that someone shoving one of these into one of my computer's USB ports without a warrant is probably the least of my civil liberties worries these days.
[ link to this | view in chronology ]
You're a bloody moron.
Do the world a favour, stop writing, please. Keep your stupidity to yourself, hypocritical whore.
[ link to this | view in chronology ]
The software is called Cofee
[ link to this | view in chronology ]
I have an idea how to keep us all safe; Let's install close-circuit TV cameras in every room of everyone's home so that they can be monitored at will by the police, or the FBI, or the NSA. I'm sure you won't mind since you obviously have nothing to hide, right? Sure, there's a chance that a humorous video of you sitting on the toilet having an attack of explosive diarrhea might find it's way onto YouTube, but if that's the price we have to pay to be safe, it's worth it, right?
[ link to this | view in chronology ]
Microsoft NSA_KEY
[ link to this | view in chronology ]
where's the .iso ?
[ link to this | view in chronology ]
Vista
[ link to this | view in chronology ]
What time is it?
God I hate those commercials.
[ link to this | view in chronology ]
Key for sale
[ link to this | view in chronology ]
Microsoft hosts its own police academy
http://www.news.com/8301-10784_3-9930664-7.html
[ link to this | view in chronology ]
Good Work
[ link to this | view in chronology ]
Vista security backdoors no problem for Linux users
Hence such rumors about MS scewing people have been out there since many years ...
They have no effect for serious security oriented ppl using Linux. If governments such as Swiss federal government can run their top level servers all on such SuSE/Novell Linux servers - and many other governments and largest companies as well, then just move on in life into the secure environment of open source operating system.
Welcome in the world of freedom!
[ link to this | view in chronology ]
and you trust cops with this..?
On the plus side, they gave it to cops, which means it will be easy for us to buy a copy off of some degenerate gambling alchoholic with a badge.
Let me first say that I am a huge Microsoft and Vista supported. I fight and argue every bad thing some ignorant half educated citizen has to say about them. And yes, Vista is the best OS. However on this one action, damn, how stupid. There is no way to stick up for you this time Bill.
[ link to this | view in chronology ]
Re: and you trust cops with this..?
BTW, your good friend "Bill" isn't running the company anymore.
[ link to this | view in chronology ]
Oy
More at Impatient Sufferance.
[ link to this | view in chronology ]
Old news
What is a bigger problem security wise is even though you THINK you deleted something it has a nasty habit of just getting moved around. Take a sector editor to any windows machine and you'd be amazed what you find just sitting around on the HD. Especially since the default moves the cache files all over the HD. So you've got cache files basically scattered all over your drive just waiting to be seen. Internet history, documents and all sorts of potentially sensitive data is cached as well. When recovering documents for users I've found copies of those documents in some really strange places. The user was just glad I recovered some or all of their lost work. I just sat there scratching my head as to why there was a copy there and not in the normal temp dir where you'd think such files would be kept. Varies from version to version as to where those things turn up.
If you want security on any machine with any OS you have to zero out the free space periodically to truly erase files. Even then if a well funded agency wants that data merely zeroing it out is not enough. There are several good free multi-platform utilities that allow for obliterating the data. Unfortunately windows does not work and play well with multiple partitions so it's a real pain on a windows machine to move everything off a partition and wipe it good. Luckily it's only necessary if your facing somebody that REALLY might want your data like spies from other countries, law enforcement and such. The average hacker today is a glorified script kitty who wouldn't know what to do with a hex dump and probably has never heard of a sector walker. Hacking windows is so easy they don't need much skill or knowledge to accomplish it. Enough people don't even know to empty their trash cans, erase cache files and temp files that it's no challenge. Think about it, every time your app crashes all those cache files remain. So whatever you were in the middle of, a snapshot of it sits there on the hard drive until you manually delete it. If you were in the middle of a sensitive document it's there. Thumbnails from images you deleted long ago generally sit around forever. I've made a buck or two doing data forensics for suspicious spouses and it's not hard to figure out where and what a windows user has been up to. Microsoft is messy, very messy. Leaves all sorts of stuff laying around.
Social engineering is easier anyway. Most people have a copy of their passwords stuck in a drawer, on them or it's something related to them. Birthdays, SSNs, pet names, stuff like that. A little knowledge about a person and with most people you can figure out their password pretty quickly. Just a stacked dictionary attack will find most passwords. When doing security audits on passwords it's usually %75 to %80 of passwords are easily cracked if you don't have stringent controls on what can be used as a password. However the more stringent the controls the more likely their password is to be written down nearby the computer. Admins are often lazy too. The more stringent the controls the more often users show up at your door asking for a password reset because they forgot theirs. Some every friggin weekend grrrrr.
Last lets look at Microsoft's philosophy. Microsoft was eager to put the Clipper chip into effect. Microsoft was happy to filter the MSN search engine results for China. It doesn't stop at China. Do a search on Google, Yahoo and MSN about something Microsoft doesn't want you to know and you'll see dramatically different results. Two searches especially show the manipulation of Microsoft. Search for Linux topics on MSN and you'll find anti-Linux sites all over the top 2 or 3 pages, maybe more, I only went 2 to 3 pages. The results from Yahoo and Google are fairly close. Look for searches on a windows vulnerability and you again see from Google and Yahoo close results and often example exploit code. You won't find that on the MSN search engines.
Microsoft was a leader in the use and development of DRM. It is the archetect of it really. Microsoft partnered with the big record companies and movie studios and used it's weight to attempt to force Intel and AMD to include DRM as chip level hardware features.
You didn't see any Microsoft programmers in jail along side the author of PGP when the Clinton administration cracked down on encryption software. Microsoft happily gave the Gov backdoor keys to it's encryption. You do not need a USB key for that, just the keys the Gov has had for over a decade.
The examples go on and on of Microsoft cooperating with governments and not even informing people they have sold them out. If you use windows you HAVE NO PRIVACY. The use of Windows assures exactly that because of Microsoft's core ideals and philosophy. Think about it, Gates actually said we should all be constantly under camera survaliance so that if we are accused of a crime we can prove our innocence. Can you expect anything from Microsoft to not reflect that philosophy?
[ link to this | view in chronology ]
Re: Old news
>>Think about it, Gates actually said we should all be constantly under camera survaliance so that if we are accused of a crime we can prove our innocence.
citations, please
[ link to this | view in chronology ]
Microsoft Gives Vista Backdoor Keys To The Police
Google these terms:
windows back door nsa key
It's fascinating reading.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
This article is misleading
if anyone wants to read an accurate article from "wired" on the topic:
http://blog.wired.com/27bstroke6/2008/04/microsoft-gives.html
[ link to this | view in chronology ]
Grow up and learn to read...
There is not a security backdoor built into Windows - if you say there is, prove it, rather than running around like children who think they have a secret.
Do any of you seriously believe that such a conspiracy could be successfully hidden more than 30 minutes? Do you think that MS spokespersons would be attributed in a story about a tool to exploit the supposed backdoor if it were anything as nefarious as some fanboyz allege? Maybe, just maybe they would choose to not comment if there did exist such a tool? The only tools here are the ones running around half-cocked, spewing BS they have no ability to verify, validate, or even understand.
I heard that the new Ubuntu has a built-in feature which reports every download to the RIAA and FBI. Sure it's supposedly open-source, but there's no guarantee that the Ubuntu distro is actually built from the open=source listings, is there? And Ubuntu developers HAVE NOT DENIED IT, have they?
[ link to this | view in chronology ]
RE: Windows USB "Backdoor" NOT
Law enforcement cannot use arbitrary hacker tools for evidence gathering because of the issue of integrity and provenance - do you know what the tools do and who will stand up and testify as to what the tools do and do not do?
As for much of the highly emotional flames, as an old security hand, I have a rather thick skin. If not, the fire from the feature teams I am bugging would long ago have incinerated me.
Proving the absence of a specified characteristic in complex software is essentially impossible. Hence the Common Criteria evaluation, which looks for security relevant issues and has access to the source code, design documentation, and internal tools. Major governments also have source code reader access so that they can verify that the code is appropriate. Many major corporations do so as well.
Do you think Microsoft's governmental or enterprise customers would deploy servers and clients with engineered-in back-doors? If so, you have a far lower opinion of the professional competence of their IT and Information Assurance experts than I. I have met some idiots, it is true, but I have met a lot of deeply knowledgeable professionals.
[ link to this | view in chronology ]
vista back door
no back doors ) makes containers on hard drive. Impossible to crack without pass sentence. no restriction as to bit strength.let THEM look at anything on your computer as long as you keep the pass sentence off the computer in your head! all your secrets will be safe not counting the truth drugs...
[ link to this | view in chronology ]
How is that you are qualified to write about anything?
[ link to this | view in chronology ]
Re: How is that you are qualified to write about anything?
Always nice to have people accuse you of sheer idiocy rather than take the time to understand what you wrote.
I did not say that was the only way to break a password. But from the description in the original article, it was made to sound like this key would merely *give* the user the password. There was no indication that it involved an auditing tool to determine the password.
I'm sorry if that makes me stupid -- but based on the initial information, it sounded like a backdoor. I updated the post to clarify once the details were known.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
I hardly dont know anyone
[ link to this | view in chronology ]
Police access to your PC
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Nothing new...
[ link to this | view in chronology ]
Re: Nothing new...
__-=-__ brandon __-=-__
-=- -=-
[ link to this | view in chronology ]
Government forensics has a lab situated in the FBI headquarters where technicians are paid ridiculous amounts of money to retrieve important "National security" information. If a laptop was retrieved in Texas, it would have to be sent out via secure delivery to HQ, then let the techs take their sweet time doing their jobs.
This key wasn't made to place fear, but to save costs and improve efficiency and cut out the long process of sending out and confirming, they now have the power to take the PC back to the station, and plug in a key and get what they want.
But key point, they need reason of confiscation to take it, so if you're not a security exploiter, media pirate, or any other "internet-illegal" position, then you have nothing to worry about.
However, the probability of hackers gaining access and making this technology into line-level processes, then we definitely have something to talk about.
[ link to this | view in chronology ]
100th comment
[ link to this | view in chronology ]
Right First Time
Pretty much if you have USB on your system, you are hosed.
[ link to this | view in chronology ]
and is this set of keys remotely exploitable i am absolutely sure it is and if not as part of a Trojan it is still useful for criminal activity
any time a backdoor is written for any purpose it is bad news this will get out to the hackers no doubt and they will at the very least pair it up with a remote admin/user hack and be able to download all your private data with ease as ms did half the work for em ms should be doing everything in their power to make the system uncrackable not a open book for the select few
but micro$oft has a very big market share that they use as a product in it of the system so they can enforce computing rules of the rich and powerful and we all buy the product we have a problem of vendor lock in
http://badvista.fsf.org/
knoppix.org
for those who fear terrorist do you the theft of your bank records being used to found terrorism yes banks use windows as well as you and me
[ link to this | view in chronology ]
windows
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Now you're talking! That's not even James Bond though. That's Bourne Identity stuff!
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re: Bill Bott, "famous Microsoft authority" mocks "conspiracy buffs".
Bill eventually got discredited and proved himself both a fraud and a http://www.urbandictionary.com/define.php?term=sycophant&defid=148137.
http://www.washingtonsblog .com/2013/06/microsoft-programmed-in-nsa-backdoor-in-windows-by-1999.html
[ link to this | view in chronology ]