How the feds asked Microsoft to backdoor BitLocker, their full-disk encryption tool

[Permalink]

1 Like

ā€œNo, weā€™re not giving you the shaft, weā€™re merely commoditizing the shaft,ā€

Ice burn, man. Ice burn. Itā€™s probably good that cruelty to animals legislation doesnā€™t apply to that kind of pig. I wish I had turns of phrase that good.

1 Like

I think thatā€™s $250M, not $250B.

1 Like

Yes.

This is all thoroughly entertaining! I can see both sides of the argument though. And Iā€™m now 100% certain that BitLocker does have a backdoor as Microsoft have denied it. How about that ā€˜always-onā€™ XBOX One Kinect? Iā€™m kinda paranoid that my Wii Fit has 1000 pics of my balls nowā€¦

Iā€™m sure your balls are nice, but just donā€™t have any groups over there in front of the cam. Once facial recognition sees thereā€™s a group at hand, thatā€™s probably when they get more interested. Perfect time to listen in on business plans or the dreaded organizing of activism of any sort.

By the way, I heard that the Miley twerking ration would be reduced from thirty ass shakes to twenty.

3 Likes

If any government agency wants to see my balls then Iā€™m happy to oblige a live showing at a discounted rate.

2 Likes

And this is when some of the more prudish watchers get hazard pay.

Ed Snowden gets my vote for entertainer of the year, hands down! Iā€™d love a reveal showing the FBI has been actively monitoring 4chan and can identify posters. Can you imagine the reaction to such news? :smile:

Speaking of encryptionā€¦ I had an interesting ā€œresponseā€ from Apple. This is what I posted at Appleā€™s official tech support ā€œdiscussionsā€ forum:

Has anyone proved or disproved that Appleā€™s DMG format is lacking a backdoor to allow the ATF, NSA, FBI, DEA, etc. access to the data within them?

Iā€™m not suggesting that I believe the AES encryption itself has an
issue, I want to know if anyone has been able to independently verify
that Appleā€™s implementation with DMG is lacking a backdoor that can
bypass AES.

We already know thereā€™s a backdoor for iPhones that Apple will access
for law enforcement.

CNET: Product reviews, advice, how-tos and the latest news

Is an Apple DMG also subverted with a backdoor as well?

This was the ā€œresponseā€:

Iā€™ll go ahead and err on the side of caution and take that as a ā€œyesā€.

3 Likes

Can you imagine the reaction to such news?

I can imagineā€¦


Hacks continue as FBI claims to have dismantled Anonymous

The FBI is claiming to have dismantled the hacker organization Anonymous. But shortly after an officialā€™s statements were published in the press, Anons dumped large amounts of data that appears to have been stolen from FBI servers.

Article: http://www.globalpost.com/dispatches/globalpost-blogs/the-grid/hacks-continue-spite-fbi-claims-dismantlement-anonymous


Have you heard the good news? I heard the Miley Cyrus twerking ration has been increased to twenty ass-shakes from ten.

6 Likes

Right there Microsoft has a better slogan than anything it has used before.

Microsoft - Commoditizing the Shaft Since 1975

The NSA have been monitoring everyone, and can identify anonymous authors by the distinguishing features of their writing styles, word usage, word frequencies - Itā€™s pretty trivial.

Right you are! Thanks.

Speaking of Bitlocker, Iā€™m reminded of TrueCrypt.

My home desktop is configured for dual-booting, and I was looking into using TrueCrypt for drive encryption, since it works for multiple operating systems. TrueCrypt wasnā€™t available in the repositories for Fedora Linux, and the immediate reason was a group of concerns about TrueCryptā€™s licensing terms. The biggest problem with the license terms is that the TrueCrypt developers explicitly retain the right to sue users for copyright violations ā€“ making it unclear what rights users have to use TrueCrypt.

From what I can make out, where things really get weird is that no one is sure who the developers are, and the FSF, et. al., havenā€™t been able to reach them to discuss changes in the licensing terms.

TrueCrypt is open source, and supposedly experts have checked the source code thoroughly, so it seems unlikely that thereā€™s a back door embedded in that code. But the weirdness of the license, and the mystery about the identity of the developers, strikes me as possibly significant, given what weā€™re hearing now about the NSAā€™s efforts to poison standards and push software developers to add back doors.

Truecrypt as written is probably secure. However, can you be sure that the version you downloaded is? Bad actors (IE NSA) could be man-in-the-middling downloads and inserting their own hacked version with a back door. Try to verify it - but whoā€™s to say that they arenā€™t also replacing the web page with the MD5 signature with a different one too? Get one thatā€™s crypto signed - but maybe theyā€™re intercepting calls to PGP key servers as well. You canā€™t really be sure unless you have the MD5 handed to you by the developer in person, and even he canā€™t be sure unless he has decompiled the binary to make sure the compiler isnā€™t inserting back doors. The rabbit hole goes as deep as you like.

Itā€™s time to use encryption in a way to introduce strangers to one another securely.

Check out my blog: The Holy Grail of Cyptography and A Subversive Idea.

TL;DR: Itā€™s difficult to create the first secure channel between strangers but after that, you canā€™t stop them from communicating securely.

Guido.

Although I like TrueCrypt, I have a problem with ā€œOpen Sourceā€ authors who try to keep too much control over who does what.

It seems that the TC license, specifically Section VI Paragraph 2, has changed for the (somewhat) better (perhaps) since that mail-archive thread you link to. I havenā€™t read everything and IANAL, so Iā€™ll reserve judgment.

How did they ask? Yes, thatā€™s right. In a meeting. Nefarious bastards.