No back door?
Luckily there are several wide open ones round at the front.
Microsoft has once again denied rumours that it built a backdoor into Windows 7. Long standing conspiracy theories that Redmond outfits Windows with a covert entry point for law enforcement resurfaced after a senior National Security Agency (NSA) official told Congress it had worked with Redmond on the operating system. …
It's a standard user/home operating system...I really can't see that grandmas pictures of her cats or cynthias spreadsheets of whos turn it is to make the tea are of so much intrest to the NSA that they would spend shed loads of time and money developing something to achieve what a 14 year old social leper could achieve with a £100 laptop and a net connection.
about the NSA if they are supposed to have hardened Windows as it's still buggy, fully of holes and cracked, trojaned, hacked, malware infected etc on what seems like a daily basis.
Microsoft might as well contract out to me, I also don't have a clue about what I'm doing but I bet I'd be cheaper.
"Microsoft has not and will not put 'backdoors' into Windows," a company spokeswoman said
What wasn't quoted was the following:
"But we will turn our backs and let the NSA do it. Internally we at MS call them sidedoors. Therefore what I just said about backdoors still stands."
I bet there are backdoors for all kinds of american agencies, the NSA ist just one.
When you have windows, you don't need doors.
But they don't like to talk about that because, you know, it's bad for business and all that.
Seriously, they must have _some_ way to mess their users up all the way from Redmond, just like they did with all those millions of xbox users the other day.
"Seriously, they must have _some_ way to mess their users up all the way from Redmond, just like they did with all those millions of xbox users the other day."
yes and no
there's nothing stopping MS punting out a security update that has dodgy side effects (for maximum effect don't activate it until a few months after it's distributed) other than the fact that it would be the end of the company. if they did that with malice aforethought, nothing could save them, the class action lawsuit would kill them even if the drop in sales didn't
there is no back door in Win 7, I have to ask.. do the NSA have a skeleton key to BitLocker?
As I will never use Windows 7, other than messing around with the release candidate, I am not particularly concerned.
To those of you who will use Win 7... Use trycrypt, a trusted hardware firewall and trusted software firewall and remove the Windows 7 firewall just to be on the safe-ish side. ;-)
Course they have, security services have demanded these for years and with digital mobiles,
(Hello GCHQ, hows a you?)
So the first thing the spooks tell the programmers would be?
obvious:
- Deny everything.
- You know nothing.
That's because the vast majority do know nothing - didn't think they were going to tell everyone @ MS the garden entrance was there, did ya?
No who's being silly?
I refer to the principle of Occams Razor in my defence.
It doesn't matter if there is a back door or not if you have half a clue about setting up your network security.
If conspiracy theorists had have the sense they were born with they would use an app like "little snitch" on OSX that tells you what network data is being sent from your machine... then you can block some of it. A backdoor that opens on a brick wall is useless.
People really are getting more stupid.
"The agency was the chief backer of the discredited Clipper chip plan back in the '90s, so it's not altogether surprising that sections of the information security community view any of its actions with suspicion."
I read that "Clipper" as "Clippy" aka the Office Assistant. Funnily enough the sentence still made sense in my mind...
Are people really getting more stupid? It is quite a long time ago now since Milgram did his famous experiment. And there have been a no. of social facilitation experiments at regular intervals since. Hard to see how you could think people could get more stupid. But surely you mean 'gullible'?
Microsoft is stupid to even discuss this issue. Who would believe Microsoft if they answered "no" to the accusation of a backdoor?
Although I doubt there is a backdoor, I'm not closed off to the idea. As long as the source code is closed-source, I will never be 100% certain Microsoft doesn't have ways to gain illegal entry into our computers.
Sometimes I feel that bugs are Microsoft's way to ensure they can always get a foot-hold into your Windows PC.
... When it comes down to it, if there is a back door, it will be found and they'll have nowhere to turn.
Also, if you all remember, the reason Windows XP didn't have any easter eggs (Like the Win98 developers in a specially named folder) is due to the fact that no secure locations would run the software if it had undocumented features - It was considered a security risk. So, unless MS are willing to give up every public sector client, they wouldn't do this intentionally.
That's not to say there aren't holes you could drive a bus through - I just don't believe they're there intentionally :)
Of course there is a back door there.
Ever hear of "Trusted Computing"?
Specifically TTP or "Trusted Third Party"?
Well if you haven't then do some research on it.
A set of back door keys can be issued to a trusted third party granting them entrance into any system.
Microsoft has been at this and working closely with American intelligence agencies on this since 2005 and even before.
And of course they will deny it because they don't want the general public knowing anything about it.
After all, it's no good if people aren't using it.
This is a link to some postings by Ellen Messmer of Network World, dating back to July 20, 1998 about the NSA involvement in software development.
http://jya.com/nsa-lsa.htm
And yet they claim that it's not true.
Like I have said before, all Microsoft does is lie about everything.
"The NSA main role involves signals intelligence, or spying. Information assurance (i.e. helping to make US IT systems in critical areas of the economy more secure) is a more recent priority."
-----
The NSA's role in CompuSec/InfoSec goes back quite a ways. Just look up "Orange Book", "Rainbow Series", "National Computer Security Center" and "Computer Security Act of 1987".
Recall Cliff Stoll's "Cuckoo's Egg"? The DOCKMASTER system he discusses was the NCSC's Multics based gateway system used for CompuSec and InfoSec applications.
Recall the "Morris Worm"? You might want to look it up and see where the young Mr. Morris' dad worked.
While in theory, the NSA's role was historically limited to classified govt. computer systems and NIST was to handle non-classified systems, the logical reality is that NIST can't do much without NSA's involvement at some level and there has been much tension between the two organizations over their roles.
NSA is hardly new to this domain...
This post has been deleted by its author
Claiming that there is no backdoor has no validity. Does anyone think that if there were an NSA Backdoor that MS would acknowledge its existence? The existence or nonexistence of a backdoor would always trigger a "there is no backdoor" claim. Note: I am not saying what my opinion on its existence is, but pointing out the fact that its existence would be denied even if it did exist.
It doesn't matter whether you are running OpenBSD, custom Linux, Mac, or Windows. Since most Internet traffic worldwide passes through NSA sniffers installed in San Francisco and Boston. The rest they get with Echelon and its progeny, or subsea fiber taps & repeaters. Even hard core encrypted traffic can be cracked nearly real time by their computing hardware. They actually want to secure your system endpoints enough to feel that they are trustworthy, so that then the "bad guys" will use them online where they can intercept the communications. After all they still have no legal mandate to snoop inside your PC or Mac, nor even listen in if you don't communicate outside the US borders... unlike say the CIA or FBI, who can (and do) bug, remotely eavesdrop, install keyloggers, image hard drives covertly, etc.
I tend to agree with this. Although I myself am only a barely competent network admin, a *really good* network admin will know exactly what packets are going where, and what process sent them. Even if the backdoor were built into the tcp-ip stack so an endpoint viewer wouldn't register them, the suspect packets would be picked up by the firewall/router logs somewhere and dissected manually if they were suspicious. If a *really good* admin got suspected odd behavior, he wouldn't rest till he found out what it was all about. When a few others had confirmed the findings, there would be a shitstorm that would make the sony rootkit issue look like a church coffee morning.
in response to kevin biswas,
If I were a spook tasked with delivering best intelligence to my lords and masters, and I could lean on MS with a huge antitrust case that might go away, I'd get a backdoor written that could be exploited from the network. I would NOT write a general 'retransmit everything to nsa.gov' function for exactly the reason you give. It'd be found and soon. The value in the 'feature' is not general snooping on aunties' collection of cat pictures, it's in getting a tipoff that Osama uses the 3rd box from the left at Happy Sams Internet Cafe in Mogadishu, so you can plant a keylogger or something on that specific box. For general snooping, they already have eschalon and such.
If I was an NSA (or cia or homeland sec) spook writing a backdoor for windows, it would work something like this. I have some kind of lead from Eschalon, or similar, and I want to access [this] computer. So I send it a long password, and it activates the remote help-desk function in windows, which grants me full access to the machine. I can then watch what the user is viewing and doing, or I can operate the machine as if I were sitting at it - when nobody is watching. When I'm done, it wipes all evidence that I've been there. Unless I activate it, it sends nothing to anyone.
If the network admin happened to be investigating an existing problem, using a packet sniffer, at just the time I was doing this, I might get caught. Otherwise...
One guy doesn't know how to spell "Echelon", another commenter apparently does not have a clue how information from a network is processed once it hits the network interface. But all these idiots -- sensu stricto -- are sure that MS has nothing better to do than sell them a backdoored OS.
Leaving moral and ethical issues aside (and having worked on parts of Win7 that would be relevant to a backdoor, I do so only for the sake of this discussion), here is why the NSA or any of the other agencies that you cretins fear more than the FSB would never permit a backdoor: The code would be found. The time you spend whining about MS (instead of fixing the bugs and holes on _your_ favourite platform, natch) is used by others to take apart the network stack, from the offloaded code on the network interface up to the crypto layers and beyond.
So go back to playing with whatever OS is your favourite today, and keep in mind the old saw "si tacuisses, philosophus mansisses."
Let me see, what does that mean in English? 'It's better to keep your mouth shut and be thought a fool, than to open it and remove all doubt.'
"Echelon" Sorry, my bad.
I don't trust Microsoft. Microsoft have never said or done anything that I'm aware of that indicates they are worthy of trust. If you have worked on parts of Win7 then I presume you work for MS or the NSA, in which case, respectfully, I don't trust you either. I don't trust the US government, or any of the many security agencies it employs. I don't trust the Pope. I don't trust telemarketers, used car salesman, people who tell the cheque is in the mail, strange dogs or plactic shopping bags either.
This lack of credulity may mark me as an 'idiot' or a 'cretin' to you, but from my point of view - I've been around for a while and seen some things.
I think this tinfoil hat idea should be put down once and for all just by simple logic- Microsoft knows its worldwide market for Windows would be destroyed if a backdoor was ever revealed, most domestic businesses and certainly a majority of foreign customers would simply refuse to purchase their products again. Likewise the NSA knows that if revealed, a backdoor would be accessible to any foreign entity as well- whether it was corporate or military and scientific espionage and risk compromising American interests on a widespread scale.
Besides, legitimate unique and secretive ways to compromise Windows are always found simply through exploiting flawed design - why ever risk the revelation of a deliberate one?
"there's nothing stopping MS punting out a security update that has dodgy side effects (for maximum effect don't activate it until a few months after it's distributed) other than the fact that it would be the end of the company. if they did that with malice aforethought, nothing could save them, the class action lawsuit would kill them even if the drop in sales didn't"
Really? Is that what happened to ATT after it was disclosed THEY installed a backdoor in their telecom network for NSA? How many customers have they lost? How many of their employees have been prosecuted? I think MS will do just as well as ATT did with the old "the government made me do it" defense.