dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
6

Irving Rowe
@reserver.ru

Irving Rowe to FF4m3

Anon

to FF4m3

Re: Confirmed: U.S. & Israel Developed 'Flame'

We must realize the true ramifications about this, then combine it with other news/leaks, and we can gather a better picture. Either way, it's a dangerous omen, especially for windows as a viable OS over the long term from this point forward.

1) Source code for these threats is readily available, which means they can be used by others to cause more harm. Or altered, and given different attack vectors, etc. Even used by other states against its own populace.

2) Windows is compromised, and is no longer viable as a platform for anyone remotely concerned with privacy and security. Regardless of where they live, as evidence coming out suggests either direct operational access by the NSA/CIA/Mossad to Windows, or windows is at the very least 'complacent', either is equally alarming. This could be the worldwide catalyst that causes Microsofts downfall, we can only hope - right?

3) There has been collateral damage by potential state sponsored threats. What constitutes cyber-terrorism? I believe these threats themselves can be defined as terrorism. Therefore our govt. is actively involved with terrorist activities.

4) How many folks in the USA were also targeted by these threats? I would wager a whole lot of folks, since the threat was found "ITW" in North America by some companies as long as several years ago. A good case can be made this was readily deployed against folks here. That constitutes a clear violation of our rights, and likely could be defined as domestic terrorism sponsored by our own govt.

Lessons for today? Our Govt. sucks, and is the enemy of not only it's citizens, but the entire planet. Windows sucks more than before, and needs to die a grisly death.

Link Logger
MVM
join:2001-03-29
Calgary, AB

Link Logger

MVM

said by Irving Rowe :

2) Windows is compromised, and is no longer viable as a platform for anyone remotely concerned with privacy and security. Regardless of where they live, as evidence coming out suggests either direct operational access by the NSA/CIA/Mossad to Windows, or windows is at the very least 'complacent', either is equally alarming. This could be the worldwide catalyst that causes Microsofts downfall, we can only hope - right?

And what OS do you recommend as being secure and why do you think its more secure?

Blake
OZO
Premium Member
join:2003-01-17

OZO

Premium Member

Open source OS, of course, where public can always check and see what is inside. It's the same as with any cryptography software.

Link Logger
MVM
join:2001-03-29
Calgary, AB

Link Logger

MVM

said by OZO:

Open source OS, of course, where public can always check and see what is inside. It's the same as with any cryptography software.

You believe the public knows how to read code and understand what it does, especially OS code? How many people actually read the code and frankly one good coder eyes are worth billions of 'public' eyes when it comes to reviewing code so the idea of public code is vastly over rated and looking at security records of open source, it must be over rated.

Blake
OZO
Premium Member
join:2003-01-17

OZO

Premium Member

No, absolutely not. It's not important (while it's always pushed as a main argument) that majority of people can't read and understand the code. The most important thing is the trust, that comes with opening source code to public. It's completely enough for many to believe that some will actually look at at least some parts of the code (for many completely different reasons, including self-education, re-using well designed parts of it, making own programs to run more efficiently, etc). The confidence comes with realizing, that if some one will discover a backdoor and will reveal it to the public (again, for many different reasons) we will stop that trust immediately. And it will be hard to restore it back and we all will benefit from that.

On the other hand no one can trust black boxes, which all proprietary, closed source products essentially are. How you can trust a program (or OS) if you don't know what is inside (moreover, you're prohibited from knowing that and sharing it with others). Especially keeping in mind, that usually those programs are made for making money. And we all know that money may come from different sources and interests...

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

Snowy to Link Logger

Premium Member

to Link Logger
said by Link Logger:

You believe the public knows how to read code and understand what it does, especially OS code?

C'mon, I know you can do better than that!
How long would a popular malicious OS code app go undetected after release?
Hours, days, weeks, it's a finite length of time before someone discovers it.

Link Logger
MVM
join:2001-03-29
Calgary, AB

Link Logger to OZO

MVM

to OZO
said by OZO:

No, absolutely not. It's not important (while it's always pushed as a main argument) that majority of people can't read and understand the code. The most important thing is the trust, that comes with opening source code to public. It's completely enough for many to believe that some will actually look at at least some parts of the code (for many completely different reasons, including self-education, re-using well designed parts of it, making own programs to run more efficiently, etc). The confidence comes with realizing, that if some one will discover a backdoor and will reveal it to the public (again, for many different reasons) we will stop that trust immediately. And it will be hard to restore it back and we all will benefit from that.

On the other hand no one can trust black boxes, which all proprietary, closed source products essentially are. How you can trust a program (or OS) if you don't know what is inside (moreover, you're prohibited from knowing that and sharing it with others). Especially keeping in mind, that usually those programs are made for making money. And we all know that money may come from different sources and interests...

Lots of things in your everyday life are a black box, but that doesn't stop you from using them or even trusting them with your life (eg traffic lights, navigation system in the plane your flying in, the control system running the elevator your riding in). Do you trust those? I have trust that Microsoft is spending the money, time, resources to earn my trust in their software, and I know their OS isn't nearly as 'closed' as people think it is. Work at a University and want to see Windows source, I'm pretty sure you can get it, if you have legitimate credentials.
»www.facultyresourcecente ··· -us&c2=0

How long has Microsoft been making OS's and how many backdoors have been found? How many hackers around the world with how many different agendas have poured through the binaries looking for anything they can exploit, frankly I'd say that Microsoft has the most inspected code on the planet.

Do you make money, are you evil? Can a company make money without be evil too?

Blake
OZO
Premium Member
join:2003-01-17

OZO

Premium Member

We have recently discovered, that US govt is in a business of making computer viruses (as they're start calling it - "cyberwar"). And it signs its malware with Microsoft's certificates. How is it possible without cooperation of the signer? And what does it tell everyone about trustworthiness of that company and their products?

Link Logger
MVM
join:2001-03-29
Calgary, AB

Link Logger

MVM

said by OZO:

We have recently discovered, that US govt is in a business of making computer viruses (as they're start calling it - "cyberwar"). And it signs its malware with Microsoft's certificates. How is it possible without cooperation of the signer? And what does it tell everyone about trustworthiness of that company and their products?

Is this the first time a cert has been hacked, nope. Is there a process to deal with hacked certs, meaning it was expected to occur, yep that is why they can be revoked.

For example this happened to Google last summer »www.darkreading.com/auth ··· ued.html

So what makes you think that Microsoft was involved with this?

Blake
OZO
Premium Member
join:2003-01-17

OZO

Premium Member

Read this recent post.

Link Logger
MVM
join:2001-03-29
Calgary, AB

Link Logger

MVM

said by OZO:

Read this recent post.

OK Microsoft didn't sign this code, it was done via a hack, and so Microsoft revoked the offending certs, how does that involve Microsoft other then the group involved used a holy grail of certs (a Microsoft cert) which they hacked together? The authors of this code aren't a bunch of unemployed pimple faced kids living in their parents basements as the last time I checked the NSA was very well funded and equipped and staffed by a pile of rather smart folks and could very well still be unknown if they limited who was invited to the party.

Why would they wanted to use a Microsoft cert, rather then say an Apple cert and do you think they couldn't cobble one of those together? Next question would be could a lessor group pull off the same hack?

Blake

Debbie Gamle
@ubiquityservers.com

Debbie Gamle to OZO

Anon

to OZO
said by OZO:

No, absolutely not. It's not important (while it's always pushed as a main argument) that majority of people can't read and understand the code. The most important thing is the trust, that comes with opening source code to public. It's completely enough for many to believe that some will actually look at at least some parts of the code (for many completely different reasons, including self-education, re-using well designed parts of it, making own programs to run more efficiently, etc). The confidence comes with realizing, that if some one will discover a backdoor and will reveal it to the public (again, for many different reasons) we will stop that trust immediately. And it will be hard to restore it back and we all will benefit from that.

On the other hand no one can trust black boxes, which all proprietary, closed source products essentially are. How you can trust a program (or OS) if you don't know what is inside (moreover, you're prohibited from knowing that and sharing it with others). Especially keeping in mind, that usually those programs are made for making money. And we all know that money may come from different sources and interests...

I am pretty sure MS knew about this, but created a situation where they could have deniability when it finally comes out. That's very common. Also people need to understand the billions of dollars blackops, counterintel, and other spooks can toss around with impunity. CIA openly offered 'billions' for skype backdoors, but in reality they probably just had someone buy Skype that would hand them the keys - Skype was sold shortly after this offer.

I know some brilliant, and very nosy opensource folks, they find stuff if it is there. I trust them to find stuff because that's what they do for a living. They do not trust closed source products for the simple reason is THEY KNOW, these people have enough experience in this area to know what is hidden in closed source products. I would never trust closed source products again, my last real experience with this was when I started using "Sticky Passwords" to encrypt my password database. I ran process/traffic monitors while I observed it, and someone explain to me why when I created a master password it 'dialed home' instantly once it was created? Explain why when auto-updates are toggled off, it is 'routinely' dialing home when I update the database? This is yet another reason I won't trust these closed source products.

You can make plenty of money opensource, this has been proved time and time again. I make and sell a product on the internet (non-computer), but I also give away instructions to make it to anyone that asks.. My product is opensource. I have great sales, and customers are confident of what is in it and how it works, and can see for themselves. This creates trust, acceptance, and the intention behind my product is benevolent. Big food companies hide ingredients, they hate disclosure, they don't want you informed as a consumer about what they do or have in their products. Secret societies are occult(hidden), because they don't want the public to know what they are up to - why? Other organizations have nothing to hide, they open the books to anyone that wants to see or know. It has been said anything done for greed, money, and power is blessed by satan, anything done with love, compassion, and benevolence is blessed by God. Your choice.

Microsoft has lost any remaining credibility they had with this whole episode, and unless they go opensource, I don't know anyone that would still consider them a viable company offering a safe and secure product.. Err.. Anyone that actually still believed that of course.

KodiacZiller
Premium Member
join:2008-09-04
73368

KodiacZiller to Link Logger

Premium Member

to Link Logger
said by Link Logger:

How long has Microsoft been making OS's and how many backdoors have been found?

Quite a few. Going back over 10 years we have the infamous _NSA_KEY variable that was found in the crypto library (after someone disassembled the code). MS had no comment at first. Later they said it was just an "unfortunate variable name and entirely coincidental." Finally they said "we did it for the NSA so they could run their own specialized crypto in security sensitive applications." No one to this day knows what really went on or why. Some professional cryptographers (like Schneier) buy the official explanation, while others are still skeptical.

And then you had the university researchers in Israel who decompiled the random number generator code in Windows 2000. It took them months of reverse engineering to figure out how it worked. I read the paper. They were able to attack the RNG to retrieve any crypto key generated by it in seconds (and they could do it retroactively or predict future keys, which means the RNG had no "forward secrecy"). Basically they concluded that one of two things were going on (they actually said this in an academic paper):

1) MS has some very amateur cryptographers working for them who have no idea whatsoever how to design a decent CSPRNG.

2) MS (or a close ally --*cough cough* NSA) purposely sabotaged the RNG.

Either scenario is equally as scary.

I know for a fact that this crappy RNG would never have gotten off the ground in the Linux world. The code is audited, it is open and it doesn't take months to reverse engineer it. /dev/random (Linux's main RNG) has had many papers written on it over the years. It is well studied and generally thought to be pretty strong. In fact, the same guys who reverse engineered the Windows 2000 RNG also wrote a paper on Linux's /dev/random. They were not able to successfully attack it, though they did provide suggestions on how to slightly improve it from a theoretical standpoint. Interestingly, their biggest complaint was that the Linux RNG code was not documented well enough and void of comments.

A good illustration of how open-source flaws are discovered and fixed was the famous Debian Linux OpenSSL flaw. What happened is some code maintainer for Debian (who was not a crypto expert) went into the OpenSSL codebase and "cleaned it up." When he did this he broke the OpenSSL RNG. The flaw was found pretty quickly and security advisories were shouted from the rooftops. If the code would have been closed, it might have taken months or years to discover it.

How many hackers around the world with how many different agendas have poured through the binaries looking for anything they can exploit, frankly I'd say that Microsoft has the most inspected code on the planet.

Dealing with binaries is not the same as reading source code. It's true that being closed-source does not stop flaws from being found, but if the code were open, it would make auditing easier and faster.

You mention that open-source has more flaws found (I doubt this is true, but let's assume it is). I say that's natural. If the code is open, it is easier to find flaws (and also faster and easier to fix them). I propose to you that if MS's code were 100% open, you would see *many* more flaws found by various researchers around the world. It would be equal to or worse than Linux, BSD or whatever.

Linux, Windows and OSX all have a similar number of LOC. Any time you have multiple millions of LOC, you will have bugs. There is no reason to believe that MS has more "talented" coders. Most of the Linux kernel code is written by professionals who work for companies like Red Hat, IBM, Intel, Oracle, etc. The notion that the code is written by some amateur in his basement is an urban legend. Most of them are pros, with university degrees.

Do you make money, are you evil? Can a company make money without be evil too?

Has nothing to do with it. Linus Torvalds himself has said people who blindly hate Microsoft are stupid. He has even defended MS on several occasions. Torvalds is not and never has been against Linux making money. Red Hat is doing very well financially. IBM and Intel both contribute code to the kernel and they are doing well. Richard Stallman and his extreme views are not really mainstream (Torvalds has publicly bashed Stallman on numerous occasions). In fact, even Stallman himself is a proponent of FOSS coders being paid.

Link Logger
MVM
join:2001-03-29
Calgary, AB

1 recommendation

Link Logger

MVM

said by KodiacZiller:

Quite a few. Going back over 10 years we have the infamous _NSA_KEY variable that was found in the crypto library (after someone disassembled the code). MS had no comment at first. Later they said it was just an "unfortunate variable name and entirely coincidental."

The keys were even reverse engineered and apparently no one was able to use this backdoor, perhaps because it wasn't?

»en.wikipedia.org/wiki/NSAKEY
said by KodiacZiller:

And then you had the university researchers in Israel who decompiled the random number generator code in Windows 2000. It took them months of reverse engineering to figure out how it worked. I read the paper. They were able to attack the RNG to retrieve any crypto key generated by it in seconds (and they could do it retroactively or predict future keys, which means the RNG had no "forward secrecy"). Basically they concluded that one of two things were going on (they actually said this in an academic paper):

1) MS has some very amateur cryptographers working for them who have no idea whatsoever how to design a decent CSPRNG.

2) MS (or a close ally --*cough cough* NSA) purposely sabotaged the RNG.

Either scenario is equally as scary.

I know for a fact that this crappy RNG would never have gotten off the ground in the Linux world.

But it did happen in the Linux world and with the example you mentioned as the Debian OpenSSL flaw was caused by a poor RNG which was released in Sept 2006 and the problem wasn't discovered until 2008.

Problem with random number generators are nothing new and aren't going away anytime soon (choosing a random number is illogical, but computers are logical, hence the problem), so does RSA have the same problems mentioned above as Microsoft as their RNG allorigtms also have recent problems.

»www.eff.org/rng-bug
said by KodiacZiller:

A good illustration of how open-source flaws are discovered and fixed was the famous Debian Linux OpenSSL flaw. What happened is some code maintainer for Debian (who was not a crypto expert) went into the OpenSSL codebase and "cleaned it up." When he did this he broke the OpenSSL RNG. The flaw was found pretty quickly and security advisories were shouted from the rooftops. If the code would have been closed, it might have taken months or years to discover it.

The vul was introduced in OpenSSL packages starting with 0.9.8c-1 (released in September 2006), advisories were only shouted from the rooftops in May 2008, what happened?
said by KodiacZiller:

Dealing with binaries is not the same as reading source code. It's true that being closed-source does not stop flaws from being found, but if the code were open, it would make auditing easier and faster.

Didn't seem to stop the Israel researchers from decompiled the random number generator in Windows 2000, of course having source code would help and I wonder why he didn't apply to get it from Microsoft (Shared Source Initiative)? Wonder if they grabbed a copy of the source code for Windows 2000 which had been leaked onto the internet in 2004?

Windows source code isn't as closed source as people think, about the only code that is restricted to Microsoft is the bits dealing with product activation, its use of cryptography and code from other firms it cannot license directly, otherwise if you can show the credentials and agree to maintaining the privacy around the code, you can get it and lots of people outside Microsoft have.

Ultimately there is no need to install a backdoor in any OS as OS's are so complex that they will have vuls not matter if they are closed or open sourced and the proof is amply listed in CERT's National Vulnerability Database for example see »www.us-cert.gov/cas/bull ··· 170.html . Second given the source to Windows isn't as closed as people think, why would the NSA code in a backdoor that is going to be shown to other governments and researchers? The NSA is into keeping secrets, not sharing them.

Blake

KodiacZiller
Premium Member
join:2008-09-04
73368

1 edit

KodiacZiller

Premium Member

said by Link Logger:

The keys were even reverse engineered and apparently no one was able to use this backdoor, perhaps because it wasn't?

»en.wikipedia.org/wiki/NSAKEY

A researcher found yet a third key a while after this was published. This Heise article is highly recommended reading. »www.heise.de/tp/artikel/ ··· 3/1.html

But it did happen in the Linux world and with the example you mentioned as the Debian OpenSSL flaw was caused by a poor RNG which was released in Sept 2006 and the problem wasn't discovered until 2008.

It wasn't caused by a poorly designed RNG (I already explained what caused it). It was caused by some code maintainer (who had no expertise in cryptography) cleaning up code he didn't understand. He deleted one line of code he thought was redundant (because the compiler was throwing errors). This broke the whole RNG. This problem was specific to Debian and did not affect OpenSSL as a whole (i.e. it was not present in the upstream codebase). This goes to show that crypto is a highly specialized field and average code maintainers should never muck around with it.

Problem with random number generators are nothing new and aren't going away anytime soon (choosing a random number is illogical, but computers are logical, hence the problem)

It's true that computers cannot create truly random numbers. But you don't need a TRNG to have a secure RNG. You can design a secure RNG that runs on a computer -- they are called CSPRNG'S. There are well known ways to securely design a CSPRNG and there are many textbooks out there on the subject. NIST has even released detailed standards and recommendations on how to do it.

Microsoft's design was very poor, and as the researcher's said, their engineers had very little knowledge of the subject (as evidenced by some of their rookie mistakes). This was not a case of a well designed RNG being cracked by some brilliant researchers, but was a case of a poorly designed RNG.

The vul was introduced in OpenSSL packages starting with 0.9.8c-1 (released in September 2006), advisories were only shouted from the rooftops in May 2008, what happened?

Again the bug only affected Debian and was not present in the upstream OpenSSL codebase. And I already explained what happened. Luckily someone found it, eventually.

Didn't seem to stop the Israel researchers from decompiled the random number generator in Windows 2000, of course having source code would help and I wonder why he didn't apply to get it from Microsoft (Shared Source Initiative)? Wonder if they grabbed a copy of the source code for Windows 2000 which had been leaked onto the internet in 2004?

No, they decompiled the code in one long painstaking process. It took them a few months to get everything straight and understand how it all worked. I have no idea why they didn't apply for the "Shared Source Initiative." I would imagine it takes special credentials and a special purpose to get approved for that. Merely being a security researcher probably isn't good enough, but I have no idea really.

Windows source code isn't as closed source as people think, about the only code that is restricted to Microsoft is the bits dealing with product activation, its use of cryptography



Interesting how they keep their crypto code close to the vest, eh? I would never trust any crypto key generated on Windows. There is too much evidence of funny business on the part of NSA.

Ultimately there is no need to install a backdoor in any OS as OS's are so complex that they will have vuls not matter if they are closed or open sourced and the proof is amply listed in CERT's National Vulnerability Database for example see »www.us-cert.gov/cas/bull ··· 170.html .

Bugs in OS's happen. Most OS's have many millions of LOC, and when you have that large of a volume of code, you will have bugs. But that's a bit different than intentional backdoors.

Second given the source to Windows isn't as closed as people think, why would the NSA code in a backdoor that is going to be shown to other governments and researchers? The NSA is into keeping secrets, not sharing them.

Didn't you say above that Windows does not release the source to their cryptographic code?

Also, one other thing to note is that Lotus Notes (back in the day) had purposely weakened the crypto in their product at the behest of the NSA (mainly the versions to be exported). This is a well known fact today and readily admitted by IBM. If IBM was doing it, I am sure NSA has gotten to Microsoft as well.

Link Logger
MVM
join:2001-03-29
Calgary, AB

Link Logger

MVM

said by KodiacZiller:

A researcher found yet a third key a while after this was published. This Heise article is highly recommended reading. »www.heise.de/tp/artikel/ ··· 3/1.html

Given that article was written in 1999, in the last 13 years no one has been able to demonstrate and thus prove the existence of this legendary back door. If I painted a doorknob on a brick wall I wonder how long it would take people to agree if it can't be opened its not a back door.
said by KodiacZiller:

It wasn't caused by a poorly designed RNG (I already explained what caused it). It was caused by some code maintainer (who had no expertise in cryptography) cleaning up code he didn't understand. He deleted one line of code he thought was redundant (because the compiler was throwing errors). This broke the whole RNG. This problem was specific to Debian and did not affect OpenSSL as a whole (i.e. it was not present in the upstream codebase). This goes to show that crypto is a highly specialized field and average code maintainers should never muck around with it.

No doubt, but that sort of defeats the idea behind open source doesn't it? Crypto code is the domain of elite coders and not for the masses.
said by KodiacZiller:

It's true that computers cannot create truly random numbers. But you don't need a TRNG to have a secure RNG. You can design a secure RNG that runs on a computer -- they are called CSPRNG'S. There are well known ways to securely design a CSPRNG and there are many textbooks out there on the subject. NIST has even released detailed standards and recommendations on how to do it.

The problem is one of nature, you have a logical device which tries to base its attempt to simulate the illogical choice of a random number using a concocted collection of entropy which is then run through logical code in an attempt to statistically simulate the selection of a random number, if you know the state of its entropy and the code which it is then run through then you don't have a random number anymore and given its a logical computer that maintains the entropy pool then you can predict future random numbers. Its a piss poor process tainted by statistics. If I can figure out the state of your entropy pool, then you have a bigger problem then the code behind your RNG, and yes Microsoft made it too easy, but really, how many process elevation hacks are there which will give me access to that pool (ie the system manages it so something has access to it). This is one reason I like external entropy devices, however even then they have exploits in that I can 'manage' the data you get from these so I can inject my own 'data' and viola, a not so random number generator again. In short random isn't much liked in the universe and I don't care who writes a RNG, its not going to be perfect or safe from hacking of some form, its only a matter of time and effort, so we can only attempt make it as difficult and costly as possible as the limiting factors, and really thus far the world hasn't collapsed because of hacked RNG so apparently the objectives have been meant, again thus far.
said by KodiacZiller:

Interesting how they keep their crypto code close to the vest, eh? I would never trust any crypto key generated on Windows. There is too much evidence of funny business on the part of NSA.

said by KodiacZiller:

Bugs in OS's happen. Most OS's have many millions of LOC, and when you have that large of a volume of code, you will have bugs. But that's a bit different than intentional backdoors.

Much talk but again no one has ever been able to demonstrate a NSA backdoor in Windows, sounds like a Sasquatch to me. Sometimes I think the biggest thing the NSA has going for it is that people believe it has almost mystical powers and intelligence. If the Windows development team was staffed by NSA folks then their code would also be mystical in all areas, otherwise the non-NSA coders would blab the secret which is amazing again that in how many years no solid proof has been found of anything like this happening at Microsoft. How many coders have come and gone from the OS development teams at Microsoft and nothing has come to light. This is ultimately why the legal systems in most of the intelligent world operate under 'Ei incumbit probatio qui dicit, non qui negat'. If you can prove the guilt, I'll happily help throw them under the bus, but otherwise saying something else is better because you have unproven rumors is a big pile of steamy BS. I've never claimed windows was perfect security wise, but when I hear folks making claims that X is better then Y, all I ask for is proof, and no one has been able to deliver that yet.

Blake

KodiacZiller
Premium Member
join:2008-09-04
73368

KodiacZiller

Premium Member

said by Link Logger See ProfileGiven that article was written in 1999, in the last 13 years no one has been able to demonstrate and thus prove the existence of this legendary back door. If I painted a doorknob on a brick wall I wonder how long it would take people to agree if it can't be opened its not a back door.

From the article:
quote:
According to those present at the conference, Windows developers attending the conference did not deny that the "NSA" key was built into their software. [b :

But they refused to talk about what the key did,[/b] or why it had been put there without users' knowledge.


and:
quote:
But according to two witnesses attending the conference, even Microsoft's top crypto programmers were astonished to learn that the version of ADVAPI.DLL shipping with Windows 2000 contains not two, but three keys. Brian LaMachia, head of CAPI development at Microsoft was "stunned" to learn of these discoveries, by outsiders.
and finally:
quote:
According to Fernandez of Cryptonym, the result of having the secret key inside your Windows operating system "is that it is tremendously easier for the NSA to load unauthorized security services on all copies of Microsoft Windows, and once these security services are loaded, they can effectively compromise your entire operating system".
So, no one really knows what MS or NSA was up to here. Some speculate, as I said, that these keys were put there so the government could run their own classified crypto systems. Others believe it is a backdoor. Or perhaps it is both. There's really no way to know for sure.

No doubt, but that sort of defeats the idea behind open source doesn't it? Crypto code is the domain of elite coders and not for the masses.

It doesn't defeat the purpose of open-source, but it does mean code maintainers should not muck around with specialized code like crypto services unless they really know what they are doing (and have checked with the upstream developers first). The same mistakes can and do happen with closed-source coders at MS. Just because they work for a corporation doesn't make them somehow better or more expert.

The problem is one of nature, you have a logical device which tries to base its attempt to simulate the illogical choice of a random number using a concocted collection of entropy which is then run through logical code in an attempt to statistically simulate the selection of a random number,

Not exactly how it works. Typically the OS will gather entropy from hardware peripheral devices like mouse movements and keystrokes (neither of which are algorithms). Then that entropy is usually mixed in a pool with a secure hash function like SHA-1 and then sometimes ran through a block cipher like AES before being output. Assuming the entropy itself is not compromised, breaking the RNG would be as hard as breaking SHA-1 or AES (i.e. not very likely).

Fortuna, which was co-designed by Schneier, is one such CSPRNG that is resistant to injection attacks (which means if an attacker compromises part of the entropy pool, the other pools allow quick recovery). Of course if an attacker controls *all* of the entropy all bets are off. However, that is highly unlikely to occur without physical access to the machine.

Much talk but again no one has ever been able to demonstrate a NSA backdoor in Windows, sounds like a Sasquatch to me. Sometimes I think the biggest thing the NSA has going for it is that people believe it has almost mystical powers and intelligence. If the Windows development team was staffed by NSA folks then their code would also be mystical in all areas, otherwise the non-NSA coders would blab the secret which is amazing again that in how many years no solid proof has been found of anything like this happening at Microsoft. How many coders have come and gone from the OS development teams at Microsoft and nothing has come to light. This is ultimately why the legal systems in most of the intelligent world operate under 'Ei incumbit probatio qui dicit, non qui negat'. If you can prove the guilt, I'll happily help throw them under the bus, but otherwise saying something else is better because you have unproven rumors is a big pile of steamy BS. I've never claimed windows was perfect security wise, but when I hear folks making claims that X is better then Y, all I ask for is proof, and no one has been able to deliver that yet.

I am not saying MS is staffed by NSA. I am saying there is a good chance, based on past evidence, that there has been some funny business occurring. Perhaps MS was complicit in it and looked the other way (you know, gotta catch terrorists and all that). Perhaps NSA slipped the code in themselves without MS's knowledge.

Neils Ferguson, who works at Microsoft, is a well known cryptographer. He is the one who discovered that a PRNG designed by NSA might have a backdoor in it. It's known as Dual_EC_DRBG. It is a NIST standard and is found in Windows (though Ferguson points out it is not the default PRNG). So, there is a good chance NSA designed a PRNG that only they know how to break and then unleashed it on the world. If you can compromise an RNG that everyone "trusts" then it makes your intelligence gathering much easier. And since you are the only one who knows how to compromise it, then you don't have to worry about criminals exploiting it. It's smart and what I would do if I was in charge.

If you don't think NSA partakes in such activity, you obviously don't understand how SIGINT works and have never researched Crypto AG (Crypto AG was a crypto company back in the 80's and 90's that sold crypto equipment to foreign nations. It came out later than NSA had backdoored their products).

And I am not going to argue that open-source would be 100% immune from moles. It is certainly possible to slip a mole into an open-source project and have him/her submit patches with cleverly crafted code with subtle bugs. It would just depend on how vigilant the other members of the project are in their auditing, etc.

Link Logger
MVM
join:2001-03-29
Calgary, AB

1 recommendation

Link Logger

MVM

said by KodiacZiller:

From the article:

quote:
According to those present at the conference, Windows developers attending the conference did not deny that the "NSA" key was built into their software. [b :

But they refused to talk about what the key did,[/b] or why it had been put there without users' knowledge.


Do you comment on code you don't know? Windows code is how big and do you think every Windows developer knows all the code? As for comment, you won't find Windows OS Developers who will get into details about Windows Code around things like crypto today, ditto for Apple's OS or any other proprietary commercial product, as it usually against company policy.
said by KodiacZiller:

and:

quote:
But according to two witnesses attending the conference, even Microsoft's top crypto programmers were astonished to learn that the version of ADVAPI.DLL shipping with Windows 2000 contains not two, but three keys. Brian LaMachia, head of CAPI development at Microsoft was "stunned" to learn of these discoveries, by outsiders.

this is actually a really interesting quote as its referenced in a lot of places, but nothing more, including from Brian LaMachia. What was he stunned to learn, that someone released a build with the debug symbols still in the code, or that someone bothered to look at variable names and who are the two witnesses? Without more information, I'm sorry the quote doesn't mean much to me as it assumes a lot without the meat to back it up.

We don't have to look to hard to find lots of witnesses who claim they have seen a sasquatch, but when we have an opportunity to review what they saw, it hasn't held up yet.
said by KodiacZiller:

and finally:

quote:
According to Fernandez of Cryptonym, the result of having the secret key inside your Windows operating system "is that it is tremendously easier for the NSA to load unauthorized security services on all copies of Microsoft Windows, and once these security services are loaded, they can effectively compromise your entire operating system".
So, no one really knows what MS or NSA was up to here. Some speculate, as I said, that these keys were put there so the government could run their own classified crypto systems. Others believe it is a backdoor. Or perhaps it is both. There's really no way to know for sure.

Its no secret that the government has its own crypto routines called Suite A, who knows, but I'm pretty sure that no one has publicly claimed success at using this 'backdoor', so at best it still a door knob painted on a brick wall.
said by KodiacZiller:

No doubt, but that sort of defeats the idea behind open source doesn't it? Crypto code is the domain of elite coders and not for the masses.

It doesn't defeat the purpose of open-source, but it does mean code maintainers should not muck around with specialized code like crypto services unless they really know what they are doing (and have checked with the upstream developers first). The same mistakes can and do happen with closed-source coders at MS. Just because they work for a corporation doesn't make them somehow better or more expert.

Well actually it does and open source knows that as well as you mentioned that a lot of the people who work on Linux are professional coders working on the behalf of corporations and when it comes to crypto, someone has to pay for that education/skill as not a lot of folks come into the world as natural born crypto experts.
said by KodiacZiller:

The problem is one of nature, you have a logical device which tries to base its attempt to simulate the illogical choice of a random number using a concocted collection of entropy which is then run through logical code in an attempt to statistically simulate the selection of a random number,

Not exactly how it works. Typically the OS will gather entropy from hardware peripheral devices like mouse movements and keystrokes (neither of which are algorithms). Then that entropy is usually mixed in a pool with a secure hash function like SHA-1 and then sometimes ran through a block cipher like AES before being output. Assuming the entropy itself is not compromised, breaking the RNG would be as hard as breaking SHA-1 or AES (i.e. not very likely).

I don't want to break the algorithm as that is too hard, I just want to compromise the entropy as that is where the 'random' comes from, I'm counting on the algorithm not changing. A request for a random number comes in, the algorithm follows its instruction as to how to wade out into the pool and grab a 'random' number (it might play with it afterwards but who cares), and the important part is it then stirs the pools so the next time it wades out and grabs a number its different, so the pool is everything as the algorithm itself is purely logical, its the pool that is 'random'. Its like just about everything anymore, hacking the algorithm is so difficult that really attacking the keys is the best approach.
said by KodiacZiller:

Fortuna, which was co-designed by Schneier, is one such CSPRNG that is resistant to injection attacks (which means if an attacker compromises part of the entropy pool, the other pools allow quick recovery). Of course if an attacker controls *all* of the entropy all bets are off. However, that is highly unlikely to occur without physical access to the machine.

So what is more expensive to own a single pool or multiple dependent pools, this is just an example of protection by driving up the cost of defeating the system. As for the physical access, why is there a postit note on the side of the machine with the key (sorry I could pass that one up)? I'd much rather have access to the memory so I can get the state of pool(s).
said by KodiacZiller:

Much talk but again no one has ever been able to demonstrate a NSA backdoor in Windows, sounds like a Sasquatch to me. Sometimes I think the biggest thing the NSA has going for it is that people believe it has almost mystical powers and intelligence. If the Windows development team was staffed by NSA folks then their code would also be mystical in all areas, otherwise the non-NSA coders would blab the secret which is amazing again that in how many years no solid proof has been found of anything like this happening at Microsoft. How many coders have come and gone from the OS development teams at Microsoft and nothing has come to light. This is ultimately why the legal systems in most of the intelligent world operate under 'Ei incumbit probatio qui dicit, non qui negat'. If you can prove the guilt, I'll happily help throw them under the bus, but otherwise saying something else is better because you have unproven rumors is a big pile of steamy BS. I've never claimed windows was perfect security wise, but when I hear folks making claims that X is better then Y, all I ask for is proof, and no one has been able to deliver that yet.

I am not saying MS is staffed by NSA. I am saying there is a good chance, based on past evidence, that there has been some funny business occurring. Perhaps MS was complicit in it and looked the other way (you know, gotta catch terrorists and all that). Perhaps NSA slipped the code in themselves without MS's knowledge.

Slipping in code would be brutally difficult at Microsoft because of how code is managed and how many people review and test it etc.
said by KodiacZiller:

Neils Ferguson, who works at Microsoft, is a well known cryptographer. He is the one who discovered that a PRNG designed by NSA might have a backdoor in it. It's known as Dual_EC_DRBG. It is a NIST standard and is found in Windows (though Ferguson points out it is not the default PRNG). So, there is a good chance NSA designed a PRNG that only they know how to break and then unleashed it on the world. If you can compromise an RNG that everyone "trusts" then it makes your intelligence gathering much easier. And since you are the only one who knows how to compromise it, then you don't have to worry about criminals exploiting it. It's smart and what I would do if I was in charge.

If you don't think NSA partakes in such activity, you obviously don't understand how SIGINT works and have never researched Crypto AG (Crypto AG was a crypto company back in the 80's and 90's that sold crypto equipment to foreign nations. It came out later than NSA had backdoored their products).

And I am not going to argue that open-source would be 100% immune from moles. It is certainly possible to slip a mole into an open-source project and have him/her submit patches with cleverly crafted code with subtle bugs. It would just depend on how vigilant the other members of the project are in their auditing, etc.

I trust and count on the NSA to be the NSA and its even in their mandate to collect and analyze of foreign signals intelligence, but its a two faced mandate as they are also responsible for protecting information which only makes sense as its the same expertise to protect and hack information. »www.nsa.gov/about/missio ··· ex.shtml so no secrets there. The problem is what to do about it assuming first you think its a problem and second if you can do something about it. Even Bruce Schneider would agree the NSA plays on an entirely different level then anyone else (all that cash and resources apparently can get you something a little better when what the average group can come up with), and we must trust them somewhat as they the source for a lot of commonly used encryption routines such as Suite B.

I know the NSA has some top people working for them, but I also know the NSA doesn't have an exclusive on smart people as the Russians and Chinese have some pretty bright people working in their NSA equivalents.

The issue of an intentional backdoor is an interesting topic as really how do you know unless someone admits that it was an intentional piece of code vs a vul, good thing most secrets come with a limited life time before someone blabs.

Blake