How the feds asked Microsoft to backdoor BitLocker, their full-disk encryption tool


#1

[Permalink]


#2

"No, we're not giving you the shaft, we're merely commoditizing the shaft,"

Ice burn, man. Ice burn. It's probably good that cruelty to animals legislation doesn't apply to that kind of pig. I wish I had turns of phrase that good.


#3

I think that's $250M, not $250B.


#4

Yes.


#5

This is all thoroughly entertaining! I can see both sides of the argument though. And I'm now 100% certain that BitLocker does have a backdoor as Microsoft have denied it. How about that 'always-on' XBOX One Kinect? I'm kinda paranoid that my Wii Fit has 1000 pics of my balls now...


#6

I'm sure your balls are nice, but just don't have any groups over there in front of the cam. Once facial recognition sees there's a group at hand, that's probably when they get more interested. Perfect time to listen in on business plans or the dreaded organizing of activism of any sort.

By the way, I heard that the Miley twerking ration would be reduced from thirty ass shakes to twenty.


#7

If any government agency wants to see my balls then I'm happy to oblige a live showing at a discounted rate.


#8

And this is when some of the more prudish watchers get hazard pay.


#9

Ed Snowden gets my vote for entertainer of the year, hands down! I'd love a reveal showing the FBI has been actively monitoring 4chan and can identify posters. Can you imagine the reaction to such news? smile


#10

Speaking of encryption... I had an interesting "response" from Apple. This is what I posted at Apple's official tech support "discussions" forum:

Has anyone proved or disproved that Apple's DMG format is lacking a backdoor to allow the ATF, NSA, FBI, DEA, etc. access to the data within them?

I'm not suggesting that I believe the AES encryption itself has an
issue, I want to know if anyone has been able to independently verify
that Apple's implementation with DMG is lacking a backdoor that can
bypass AES.

We already know there's a backdoor for iPhones that Apple will access
for law enforcement.

Is an Apple DMG also subverted with a backdoor as well?

This was the "response":

https://discussions.apple.com/thread/5300176

I'll go ahead and err on the side of caution and take that as a "yes".


#11

Can you imagine the reaction to such news?

I can imagine...


Hacks continue as FBI claims to have dismantled Anonymous

The FBI is claiming to have dismantled the hacker organization Anonymous. But shortly after an official's statements were published in the press, Anons dumped large amounts of data that appears to have been stolen from FBI servers.

Article: http://www.globalpost.com/dispatches/globalpost-blogs/the-grid/hacks-continue-spite-fbi-claims-dismantlement-anonymous



#12

Have you heard the good news? I heard the Miley Cyrus twerking ration has been increased to twenty ass-shakes from ten.


#13

Right there Microsoft has a better slogan than anything it has used before.

Microsoft - Commoditizing the Shaft Since 1975


#14

The NSA have been monitoring everyone, and can identify anonymous authors by the distinguishing features of their writing styles, word usage, word frequencies - It's pretty trivial.


#15

Right you are! Thanks.


#16

Speaking of Bitlocker, I'm reminded of TrueCrypt.

My home desktop is configured for dual-booting, and I was looking into using TrueCrypt for drive encryption, since it works for multiple operating systems. TrueCrypt wasn't available in the repositories for Fedora Linux, and the immediate reason was a group of concerns about TrueCrypt's licensing terms. The biggest problem with the license terms is that the TrueCrypt developers explicitly retain the right to sue users for copyright violations -- making it unclear what rights users have to use TrueCrypt.

From what I can make out, where things really get weird is that no one is sure who the developers are, and the FSF, et. al., haven't been able to reach them to discuss changes in the licensing terms.

TrueCrypt is open source, and supposedly experts have checked the source code thoroughly, so it seems unlikely that there's a back door embedded in that code. But the weirdness of the license, and the mystery about the identity of the developers, strikes me as possibly significant, given what we're hearing now about the NSA's efforts to poison standards and push software developers to add back doors.


#17

Truecrypt as written is probably secure. However, can you be sure that the version you downloaded is? Bad actors (IE NSA) could be man-in-the-middling downloads and inserting their own hacked version with a back door. Try to verify it - but who's to say that they aren't also replacing the web page with the MD5 signature with a different one too? Get one that's crypto signed - but maybe they're intercepting calls to PGP key servers as well. You can't really be sure unless you have the MD5 handed to you by the developer in person, and even he can't be sure unless he has decompiled the binary to make sure the compiler isn't inserting back doors. The rabbit hole goes as deep as you like.


#18

It's time to use encryption in a way to introduce strangers to one another securely.

Check out my blog: The Holy Grail of Cyptography and A Subversive Idea.

TL;DR: It's difficult to create the first secure channel between strangers but after that, you can't stop them from communicating securely.

Guido.


#19

Although I like TrueCrypt, I have a problem with "Open Source" authors who try to keep too much control over who does what.

It seems that the TC license, specifically Section VI Paragraph 2, has changed for the (somewhat) better (perhaps) since that mail-archive thread you link to. I haven't read everything and IANAL, so I'll reserve judgment.


#20

How did they ask? Yes, that's right. In a meeting. Nefarious bastards.