NSA backdoors in Win 10.?

[michael louwe]

https://www.zdnet.com/article/aclu-want ... messenger/ - ACLU wants court to release documents on the US' attempt at backdooring Facebook Messenger - While the FBI-vs-Apple battle played out in the public, the FBI-vs-Facebook encryption backdoor war remained a secret for months. - By Catalin Cimpanu for Zero Day | December 1, 2018

Chances of the US government/NSA having backdoors into M$'s Win 10 seem pretty high. No.?

[kukamuumuka]

Windows has always used different doors.
https://securingtomorrow.mcafee.com/mca ... -god-mode/

[absque fenestris]

Windows are closely related to doors - as a rule a little smaller and transparent. On account of these qualities a door is not necessarily required.

[thx-1138]

...you don't even need three-letter US agencies to be involved actually... MS can handle such just by itself
https://www.dailydot.com/debug/tor-botn ... re-remove/

[michael louwe]

...you don't even need three-letter US agencies to be involved actually... MS can handle such just by itself
https://www.dailydot.com/debug/tor-botn ... re-remove/

.
It's quite normal for M$ to remove botnets and malware with the built-in or user-installed Windows Defender and M$ Security Essentials programs or Windows Update's Malicious Software Removal Tool.

Backdoors purposely created by the OS developers for the government are a different kind of beast or security/privacy risk. ...
https://searchsecurity.techtarget.com/d ... /back-door

[michael louwe]

Windows are closely related to doors - as a rule a little smaller and transparent. On account of these qualities a door is not necessarily required.

.
In the case of M$'s Windows 10, maybe backdoors should be called backwindows or backwindoors.

[Moem]

Chances of the US government/NSA having backdoors into M$'s Win 10 seem pretty high. No.?

Yes. If I remember correctly, William Binney is convinced they are there and he knows about these things. Interestingly, when I asked him about similar back doors in Linux, he would not answer.

[thx-1138]

..............................................

...michael -> https://thehackernews.com/2014/01/micro ... owser.html
Or:
https://www.tripwire.com/state-of-secur ... eroaccess/
Microsoft has stealthily removed outdated Tor software,
from as many as two million systems remotely without having to get consent from the systems’ owners.

...and this was in 2013 (ie. Win 7 / 8 era - before Win10). Ie. nowadays,say in contrast to late '90s / early '00s...
they don't even care to 'hide' or even downplay the fact, that at any moment,
if they deem it necessary for their own reasons, they can get into whatever Windows installation,
and perform whatever actions they feel like doing so (in a stealthy manner, without user consent etc).
Would even be tempted myself to say that...in contrast, they kinda show it off
(all your base are belong to us...and not to random / other hackers out there).

But yes, other than that, of course i agree that having NSA and/or similar involved takes it to another level.
Then again, did anyone ever had any doubts about such products?

[ImpWarfare]

Chances of the US government/NSA having backdoors into M$'s Win 10 seem pretty high. No.?

Yes. If I remember correctly, William Binney is convinced they are there and he knows about these things. Interestingly, when I asked him about similar back doors in Linux, he would not answer.

Maybe he wouldn't answer because maybe he doesn't know the actual answer, does he even use or have tried Linux-based systems?

[Moem]

Yes. If I remember correctly, William Binney is convinced they are there and he knows about these things. Interestingly, when I asked him about similar back doors in Linux, he would not answer.

Maybe he wouldn't answer because maybe he doesn't know the actual answer, does he even use or have tried Linux-based systems?

That is certainly possible, that he doesn't know, or isn't certain.

I'm not sure whether or not he personally does use Linux-based OSes, but I don't think that he would need to use them himself just in order to know whether there might be a backdoor in them. He might know from the other end, if you know what I mean.

[rene]

He might know from the other end, if you know what I mean.

Not really; Linux is open source; significantly harder if not... almost, near, take your pick of qualifier .... impossible to hide backdoors in. But related: https://www.omgubuntu.co.uk/2013/11/nsa ... r-says-yes. That attempt is believed to be the third one.

Much more recently (suspected),

https://www.wikitribune.com/article/67004/.
https://www.spinics.net/lists/linux-cry ... 33291.html

SPECK was added to 4.17 and will be gone from the upcoming 4.20. Note, given the usual level of paranoia around these things: no, you don't have to rush into a kernel upgrade; you are not in fact using SPECK unless you quite explicitly are. F2FS users would/could be affected, and if I'm not mistaken not actually anything else...

[Moem]

He might know from the other end, if you know what I mean.

Not really; Linux is open source; significantly harder if not... almost, near, take your pick of qualifier .... impossible to hide backdoors in. But related: https://www.omgubuntu.co.uk/2013/11/nsa ... r-says-yes. That attempt is believed to be the third one.

Yes. I specifically asked him what he thought Linus meant when he said yes and no at the same time (and later said that he was joking), and that's the question he would not answer.

Of course, 'has a backdoor been requested' is a different question than 'is there a backdoor'.

[rene]

Yes. I specifically asked him what he thought Linus meant when he said yes and no at the same time (and later said that he was joking), and that's the question he would not answer.

Which to me always more than anything else evokes an impression of posturing but as to that specific point: I'd somewhat doubt that Linus would let his father make a fool of himself in front of the EP if indeed he was "obviously joking". Am on the other hand rather certain that if the NSA had explicitly banned him from ever speaking of an actually occurred attempt, they'd have the (American) law to back that up. That is, rather certain Linus had a good reason to deny it being more than an obvious joke, both when it was and when it wasn't. Nils Torvalds tips the scale...

And yes, you can really be quite certain there's no actual backdoor to be found in all of that quite extensively studied open source code, at the very least in the explicit sense rather than just e.g. weak encryption algorithms being present in the tree (which certainly they are).

[Portreve]

I don't delve into conspiracy theory discussions because, absent credible proof, they invariably prove themselves to be 100% b******t.

That said, for someone in his position to refuse to answer suggests to me only one of two possibilities: he has something to hide (personally, or through a sense of obligation) or he's trying to puff up his ego. I've dealt with a great many folks over the years of all walks of life, and I can tell you for a fact that, in this regard, there are no exceptions.

[thx-1138]

...............................

...i wouldn't personally trust any whistleblower's claims (...and / or posturing),
any more than i would trust the 'official' claims of their 'previous'(?) masters.
I appreciate that a certain level of 'public concern' has been raised in the past due to leaks etc, but up to that...
Because the whole situation with such nowadays has more or less degenerated into...

...'they' don't need to directly backdoor the Linux kernel upstream after a certain point.
If you control (or can subvert) the hardware, you control the (whatever) stack above it.
Although sure, such would very likely make their life way much easier in establishing a 'direct channel' if & when needed.
The hardware is proprietary, the firmware running on such as well, Intel ME / AMD PSP as well.
Numerous other blobs being loaded on the OS. The routers' firmware also etc.
You can never have enough 'open-ness' to speak off...we are far away from such.

Research has shifted to hardware-based vulnerabilities in the last yrs exactly because nowadays,
there exists a thirsty high-profile market which is willing to pay for such low-level access: 'serious' state actors etc.
Accordingly, such research appears to take place and be funded from...equally powerful & 'serious' companies.
Eg. take Google, that came up with the recent Meltdown / Spectre - surely they didn't discover such by coincidence:
more or less, when there's a buyer, there's a seller...who further advertises the goods 'in public' from time to time.

[Portreve]

...'they' don't need to directly backdoor the Linux kernel upstream after a certain point.
If you control (or can subvert) the hardware, you control the (whatever) stack above it.

It is for precisely this reason my next round of hardware purchases will almost certainly be from Purism. Maybe or maybe not my smartphone, depending upon software availability, but my next desktop (which is to say, laptop) will be from them.