Windows has Secret NSA Backdoor

[steve_s]

Ok, I'm not a conspiracy theorists...well, not entirely.

But I did come across this site yesterday.

Is this for real? Is that old news?

If so, yet another reason to use Linux...as if we needed another reason.

[Everitt]

You seem to be assuming that linux doesn't... Sure, it's less likely, but who still looks as the old, old kernel code? Who knows what could have been hidden in there with the maintainers help?

[Lobster]

There are I believe 3 different backdoors for Windows. One of which is officially acknowledged by MS as for NSA purposes.

Does Unix, The various Bios and Linux have them?
Perhaps so. One of the BSD is probably the most secure if you are a uber-tin-hat

So many people have difficulty getting into their own system - anyone
else attempting so is to be welcome. Perhaps they can provide tips

[steve_s]

So many people have difficulty getting into their own system - anyone
else attempting so is to be welcome. Perhaps they can provide tips

...awesome! So true.

[puppyluvr]

Oh yes, it it real.. Hunted it down in 98se and removed it, no effect on windows..
Still cant find it in XP, but dont run XP enough to look either...

[koolie]

And on top of that, Windows has more than 30 applications that phone home every time you start them up, if you are online.

[Bruce B]

And on top of that, Windows has more than 30 applications that phone home every time you start them up, if you are online.

Version Dependant

Windows 3.11 didn't
Windows 95 can easily be installed without worthless software like IE 2.0
Windows 98 can use 98Lite to rid yourself of IE and Mplayer

In spite of that the 'phone home' addresses are in the registry and can be modified.

--------------------------

XP if it does - and you use it - and you know it - you are a willing participant.

[KF6SNJ]

Just one more excuse to delete WinME from that laptop if my pastor doesn't want it back.

[Bruce B]

You seem to be assuming that linux doesn't... Sure,
it's less likely, but who still looks as the old, old kernel code? Who
knows what could have been hidden in there with the maintainers
help?

NSA involvement in the Linux kernel was starting with 2.5, not old
releases, as far as I can tell.

If there is any open source project that is scrutinized, it's the kernel.
The kernel is developed in the open. Anyone who wants to watch its
development can do so.

It is human readable, every line of code is human readable and open.
Hard to hide things that would do such evil when one can read what it
does.

For what motive would they do it? Money I suppose.

At what risk? High risk that someone like China would notice.

At what penalty? Thorough and total loss of credibility.

Linus going to risk becoming synonymous with the anti-Christ? I don't
think so, but if his project were found with Microsoft type backdoors,
that's right where he'd be.

When NSA and its contractors start submitting to the kernel, scrutiny
really gets high, as it should. Anytime any country's equivalent of the
US NSA wants to become kernel developers, scrutiny will be high. It
has to be that way.

I'm just sort of offended at the implication that any country could insert
a back door into the open source kernel and not be noticed.

Too many people of varied interests and at total cross purposes
watch over this one.

The defacto OS doesn't have credibility and it doesn't make any
difference. The reason why is, even if you tell people about the calls
home and the back doors, it will not make any difference. They will still
value, use and trust their Microsoft OS.

A rare few might use their noggins and make a change, but not enough
to affect Microsoft concerns.

NSA is not the average Microsoft user, they have different standards,
purposes and agenda. In this case, NSA wants a more secure OS and
is willing to spend resources to get one.

They are not slipping in binary patches either. Their contributions are
human readable open source.

Just read their contributions and you will KNOW.

If you can't read C, this is not an indication there is any ground for
doubt. It merely means that you aren't in a position to read C.

But if the kernel maintainers and developers can't read C, they
wouldn't be maintainers and developers. The wouldn't even know how
to integrate the code. If it isn't in the code, it isn't there.

[alienjeff]

Is that old news?

A rhetorical question, I trust. To wit, from the link you provided:

How NSA access was built into Windows

Duncan Campbell 04.09.1999

[Everitt]

Bruce: The ability to read C (Which I have) doesn't automatically include the ability to understand C. Not everything does exactly what you'd expect all the time. It's really not that hard to write code that looks perfectly harmless, but does something slightly unusual. I'm sure the NSA submitted code has been heavily scrutinised, but after reading 1000's of lines of code, how easy is it to spot something that is, at first glance, totally harmless? The kernel is complex. Very complex, who knows all the functions, exactly how they're supposed to work? See the link in my last post, you'd be amazed what's possible by miss using existing functions.

I highly doubt that there is anything dodgy there, but I'm sick of people thinking that just because it's open source it's totally clean. It's certainly less likely to include nasties than proprietary software, but I still wouldn't trust it 100%. It's still possible to hide things in plain sight. Look at how long that recently found bug was in the BSD kernel. 25 years. It wasn't hidden, it wasn't cleverly designed to hard to spot, but still it wasn't found.

By old code, I mean code that's been in place for a long time. It works, it works well, so nobody bothers with it. Few people care any more. I highly doubt that anyone reads entire patch files, most people concentrate one certain areas of the kernel, it's just too big. So a patch gets submitted that claims to tidy some code slightly, and add a lot of helpful comments. Who bothers to closely scrutinise it?

Really, what I'm saying is the FOSS is like democracy. It's by far the best system, it's a good system, but it's not perfect. It's not something we should have blind faith in.

[alienjeff]

http://zapatopi.net/afdb/

[urban soul]

Is this for real? Is that old news?

This is funny stuff. Funny, because I left W98 when the first rumors about 'backdoors' came up.

But those untrustworthy code was created intentionally. This is for sure not true for the linux kernel. Or Mach-O (the darwin kernel).

I am just a bit afraid of these encrypted instruction sets for next generation CPU's.

[Bruce B]

Everitt,

I'd like to share some principles of my thought with you.

I don't think we are likely to find anything we aren't looking for. If we do it's a 'stumble upon event'.

NSA contributing code to the kernel should set of alarms, and it did and does. Not with just developers, also with countries. When multiples of people who are fully literate in C intentionally scrutinize code, the chances of getting away with pulling a fast one is greatly reduced.

The consequences are still the same, if caught. The offending code gets pulled. Linus and others get mud on their faces bad enough that it sticks.

At this point we have evidence of suspicion. Suspicion by association no doubt.

We don't however, have any evidence that a crime occurred. Implying that a crime could have occurred doesn't have meaning, especially in the absence of any evidence of such a thing.

Unless you can explain better, I seems to me you are in effecting saying that you're suspicious a crime (tainting of the kernel) has occurred. In a summary sense that is how I interpret your position.

Am I mistaken? If so how?


Bruce

[Bruce B]

http://zapatopi.net/afdb/

What has me concerned is this might be AJ's home page.

[Aitch]

[StartRant]What has me concerned is that so many of you find this surprising

Really, given the really sick mentality which we, ourselves allow as our democracy, and pretend it's not there!

Do you not nearly all live in urban areas with security measures - cameras; ostensibly to 'protect' your neighbourhoods, your families/children communities?

And yet are you not also part of the 'technoworld' where PCs and iPods are the norm?

Well, shock horror, where do you think this 'development' is going, that 'spying' is a part of?

Governments all have 'security advisors' who present an agenda for the militarisation of every aspect of our lives, from 'security cameras' to ID systems
Combine these together with a research budget, fuelled by [self-generated] fear, and you have 'the matrix', cyborgs, 6 million dollar man, computer aided-DNA-restructured implants, transhuman robots made from genetically grown 'bodies' which look and feel to the touch, human

BUT; this is no fantasy - it's the reality borne out of turning a blind eye!!
M$ is OK, cameras are OK, anti-terrorism legislation is OK, PCs are OK, iPods are OK, DNA experiments is OK, war is OK

In the near future your kids will be telling you their new toy can operate by thought control, you will be fully monitored 24/7 including a DNA profile, you will be watched by an army of security equipment through walls, be recorded, tagged and rendered harmless to object

I have put several threads here on the boards, and in the main, been met with apathy or disdain, just a few awake individuals have commented

http://www.murga-linux.com/puppy/viewtopic.php?t=28985

http://murga-linux.com/puppy/viewtopic.php?t=27430

http://www.mindcontrolforums.com/pro-fr ... ct146.html

to name a few; & Flash's link

http://thirdworldtraveler.com/Chalmers_ ... mpire.html

enjoy your future - it's coming anyway

Fernandez believes that NSA's built-in loophole can be turned round against the snoopers. The NSA key inside CAPI can be replaced by your own key, and used to sign cryptographic security modules from overseas or unauthorised third parties, unapproved by Microsoft or the NSA. This is exactly what the US government has been trying to prevent. A demonstration "how to do it" program that replaces the NSA key can be found on Cryptonym's [websitelink]

btw: Andrew Fernandez website & link have been shut down! - surprise!!

more 'news' on this and other ideas

http://www.thought-criminal.org/article/node/842

http://www.thought-criminal.org/article/node/1642

http://www.thought-criminal.org/2007/09 ... ntrol-grid

http://www.thought-criminal.org/article/node/1109

http://www.thought-criminal.org/topics/ ... ry-of-love

just a single well known source

and I don't think tinfoil is going to stop it

you know that phrase, 'wake up & smell the coffee'

you have been alerted to possibility of a future coming your way

the way you react to it helps generate it's coming into being

enjoy

Aitch

edit: your starter for 10

http://it.youtube.com/watch?v=UMUvM_Dby ... re=related
[/EndRant]

[urban soul]

Either we have to conclude that this is no democracy no more or our society wanted it this way. Neither is pleasent.

The beginning was the statement that it is war-time. (NATO decision 12.Sept.2001)

I never agreed. But now it turns out that war-time will never end and we loose all of our rights.

This is how every good dictatorship began.

That's it.
Edit: Antrax also helped in convincing poeple. I dont believe it is an incident.

[Everitt]

Unless you can explain better, I seems to me you are in effecting saying that you're suspicious a crime (tainting of the kernel) has occurred. In a summary sense that is how I interpret your position.

Am I mistaken? If so how?

I'm not saying it has happened, personally I highly doubt that it has. I'm just saying that it's not impossible. I'm saying that we shouldn't have blind faith in the security of our OS.
Really, what I'm saying is if you want to do something that would make looking through your computer worthwhile for the NSA, you're better off with a pen and paper.

[Bruce B]

I'm not saying it has happened, personally I highly doubt that it has. I'm just saying that it's not impossible. I'm saying that we shouldn't have blind faith in the security of our OS.

Everitt,

I don't remember either of us refuting the Windows backdoor or
doubting it.

Is it safe to say we both tend to believe it?

If we both tend to believe it, I think that's a reflection on what we
think both parties are up to and capable of.

Thus a foundation for suspicion.

Before moving, on I'd like to say this connection was figured with
binary in absence of source code. It should be easier to dupe people
with non human readable format than with readable format as we have
in Linux.

---------------------

If you think it's possible, well sure.

How about motive? If we agree there was motive with Windows, it
would be naive to think there is no motive with Linux. Are you with me?

With Linux however, I don't think motive would be mutually shared on
both ends, which if true, brings us to one difference.

This kind of behavior cannot hurt Microsoft. After all, If they have a
front door to your computer, and that's acceptable, and it seems to
be, what difference could it make if there are backdoors?

I'd say you'd have to be a master salesperson and more to persuade
Windows users away from Windows. They don't care in sufficient
quantity to affect the bottom line.

On the other hand I think the Open Source Community cares enough to
publish it and remove the offending code. IF it were discovered.

The only thing we need to know if it exists is, WHERE is it?

How do you hide something under scrutiny in open sight?

I have some ideas, I'll share later, but I'm interested in your thoughts,
how would you hide it?


Bruce

[markofkane]

It would not matter if it was built into the OS or not, if they can read your files, your email, and your postings through your internet connection., The only way to be safe is not to be connected to the internet or network.

But it would be sooooo boring. (And a lot of programs, and Windows, require an internet connection to to activate, and to validate.)