Forgot your password?
typodupeerror

No Backdoor in Vista 269

Posted by Zonk
from the inappropriate-comments-aplenty dept.
mytrip wrote to mention a C|Net article stating that Vista will not have a security backdoor after all. From the article: "'The suggestion is that we are working with governments to create a back door so that they can always access BitLocker-encrypted data,' Niels Ferguson, a developer and cryptographer at Microsoft, wrote Thursday on a corporate blog. 'Over my dead body,' he wrote in his post titled Back-door nonsense."
This discussion has been archived. No new comments can be posted.

No Backdoor in Vista

Comments Filter:
  • by Pavel Stratil (950257) on Saturday March 04, 2006 @08:43AM (#14849399) Homepage Journal
    going to die soon? (nothing personal)
  • by aragod (149532) on Saturday March 04, 2006 @08:46AM (#14849407) Homepage
    I believe that can be arranged...
  • Right. (Score:5, Insightful)

    by Fantastic Lad (198284) on Saturday March 04, 2006 @08:48AM (#14849413)
    Over my dead body,' he wrote in his post titled Back-door nonsense."

    I suspect the NSA, (who I seem to recall left a few stray tags lying around in a previous version of Windows' code), would look at you dead-pan and agree.


    -FL

    • Re:Right. (Score:5, Insightful)

      by hey! (33014) on Saturday March 04, 2006 @09:32AM (#14849532) Homepage Journal
      I'd be disappointed if NSA ever resorted to anything so crude. NSA is an agency of savants not a mob of freebooting bucaneers. Assasination is so CIA.

      NSA surely is well aware of the way that trust can, unintentionally, propagate. Everybody trusts something; if somebody doesn't want to cooperate, you obtain his unwitting cooperating by coopting something he trusts. Does he personally supervise the building of every release and patch? Certainly not. He trusts the release process to carry out his intentions. Even if the individuals involved are not cooptable, they trust their compilers to generate object code that is perfectly isomorphic to their source code. Those who do not trust compilers trust their debuggers, disassemblers and operating system utilities.

      Those who do not trust their operating system utilities, and live-boot from randomly chosen operating systems or remove their hard disks and examine them using a hand coded manchine language program on a custom built computer lacking a bios or operating system to be subverted, still trust the network to transfer their object code to the mastering facility, or their optical disk burning software to burn the image accurately. Or they trust the facility to read that data correctly, and to press it as they intended to the distribution media.

      Those who trusted none of this and checked the hard disks by hand coded machine code on a hand wired computer without BIOS or operating system probably deserve assasination, but even so this is hardly necessary, since everyone gets patches over the Internet. A simple black bag job to retrieve the signing keys, and nobody can trust anything anymore.
      • So much of what you said is true, however you don't need to go to such lengths, as to code your own BIOS by hand, or worry about hard drives. You just need a separate computer for the stuff that really needs to be secure and not connect that machine to the net. If you need data on it, manage with disks.
        • Re:Right. (Score:3, Insightful)

          by hey! (33014)
          You just need a separate computer

          What you left out is you need a separate computer that you trust. But how do you know you can trust it?

          Until we evolve to be able to read magnetic domains directly off the platter, everything boils down to believing what your software tells you to be so.
          • Re:Right. (Score:3, Funny)

            by Reziac (43301) *
            Somehow this reminds me of the old joke,

            "REAL programmers use COPY CON PROGRAM.ZIP"

          • My point is that this notion 'trust' cannot be relied upon, thus you must eliminate the need for trust.

            Disconnecting a computer from the net, makes it possible to elliminate this need.
            • As long as you trust that your computer has no remote wireless access of any knid within it.

              • ha ha ha :) Ok, you can always use a large roll of tinfoil for that :) hahahahaha :)

                You can also just take it apart and look for the wireless transmitter. You can also detect wireless transmission with this [tscmtech.com].
    • Re:Right. (Score:5, Interesting)

      by Haeleth (414428) on Saturday March 04, 2006 @09:48AM (#14849574) Journal
      I suspect the NSA, (who I seem to recall left a few stray tags lying around in a previous version of Windows' code)

      Yes and no.

      True, there was a tag in one version of Windows NT 4 that had the name "_NSAKEY". However, it has never been linked to the NSA in any way whatsoever, except by conspiracy theorists.

      You might as well claim that USER32.DLL is proof of a conspiracy to turn American back into a British colony (U.S. obviously stands for United States, and E.R. = Elizabeth Regina = the queen of England! OMG BILL GATES HATES AMERICA!)

      Here [schneier.com] is Bruce Schneier's take on the matter.
      • Details (Score:5, Informative)

        by truthsearch (249536) on Saturday March 04, 2006 @10:46AM (#14849759) Homepage Journal
        Here are more details on the NSA keys in Windows [msversus.org]:

        For at least Windows 95 OSR2, 98, NT, and 2000 Microsoft has included a secret cryptographic key owned by the U.S. National Security Agency (NSA). It's most likely that the NSA's key exists within Windows so U.S. government users of Windows can run classified cryptosystems on their computers. But it has been kept secret and it does provide the potential for abuse. "According to Fernandez of Cryptonym, the result of having the secret key inside your Windows operating system 'is that it is tremendously easier for the NSA to load unauthorized security services on all copies of Microsoft Windows, and once these security services are loaded, they can effectively compromise your entire operating system.'" Users of Windows outside the U.S. should be especially concerned that the U.S. government can possibly gain security control over their computers. Users within the U.S. should also be concerned that Microsoft has provided the government with a secret back door that they can exploit. (Campbell, Duncan. "How NSA access was built into Windows [heise.de]." Heise Online 4 Sept 1999)
      • Re:Right. (Score:2, Interesting)

        by rohan972 (880586)
        So that's how he got the honorary knighthood from the Queen.
    • When I've seen situations like this in the past, the corporation will simply go to another employee and tell them to do what they want.

      If the original employee is valuable to the company (other than their obstanancy on this particular issue), they get to keep their job. Otherwise it's "Joe, you're not being a team player" time.

      Chip H.
  • by mangus_angus (873781) on Saturday March 04, 2006 @08:49AM (#14849416)
    "The suggestion is that we are working with governments to create a back door so that they can always access BitLocker-encrypted data,' Niels Ferguson, a developer and cryptographer at Microsoft, wrote Thursday on a corporate blog. 'Over my dead body,' he wrote in his post titled Back-door nonsense."


    I think we would be reading about his dead body if he came out and admitted that there were backdoors being put into Vista.
    • I would be really funny:
      "Yes, we are placing some backdoors, so all your private life will be avaible to your government to do what they want".

      Next frame: a firous horde invading Redmond.
      No one is insane enought to admit it, everbody knows about Echelon, but USA still lies it dosen't exists ;)

  • by replicant108 (690832) on Saturday March 04, 2006 @08:54AM (#14849428) Journal
    'Over my dead body,' he wrote

    The problem with closed software is that we have to take his word for it.

    • by ezzzD55J (697465)
      Also, how are we (not that I'd use this stuff) to know he would know if it were (going to be) the case?
    • One man does not represent the whole company. I think that saying "over my dead body" is just a hyperbole. I dought that one Microsoft's employee can influence the whole company. I don't understand what makes that man to put his own words in the risk if he must know that he is not the only one that decides... He should not do that if he honours his words, it makes me be in doubt about his words and his credibility.

      Right words should be: "I will resign if...", "I'll put all my influence behind...", ...
      • Re:Credibility (Score:4, Informative)

        by Paradise Pete (33184) on Saturday March 04, 2006 @09:19AM (#14849497) Journal
        I don't understand what makes that man to put his own words in the risk if he must know that he is not the only one that decides...

        Here's what he actually wrote:

        "Over my dead body.
        Well, maybe not literally---I'm not ready to be a martyr quite yet---but certainly not in any product I work on."
        • Thanks for clarifying. This looks better to me. CNet took only the first part and I'm sure that it is in the best Microsoft's interest to have it published on other blogs and blogs about blogs and news about news without the other sentence."

          It is clear message and I cannot imagine better marketing message for customers... But if I know that this is not question of life :-) then the impact is lesser on me ;-) But it is good to know that there are people employed by Microsoft who are not insane to (literally
      • It's probably just an attempt to put the public at ease, making them not think about it. "Hey, someone from MS said there'll be no backdoors. And he bet his life on it!"

        Of course, some hacker will discover th[is|ese] backdoor[s] sooner or later if they exist. Which they will do. I'm certain.
    • However (Score:3, Interesting)

      by mcbridematt (544099)
      there are heaps of people with access to the source code (ok, maybe not full), such as academic institutions, and infamous examples such as MainSoft, who could prove 'em wrong.

      But then we'd have to take the word of some un1337 student haxer at some institution, who just locked down access to their precious copied jewels because some un1337 student haxer at some instituion proved some M$ guy wrong.

      Anyway, aren't there multiple reports of backdoors in PGP from various stages of its life? Of course, since its
      • Re:However (Score:4, Insightful)

        by cortana (588495) <sam AT robots DOT org DOT uk> on Saturday March 04, 2006 @10:48AM (#14849766) Homepage
        there are heaps of people with access to the source code (ok, maybe not full), such as academic institutions, and infamous examples such as MainSoft, who could prove 'em wrong.
        How do they know that the code they are provided with matches the code that we all run?
        But then we'd have to take the word of some un1337 student haxer at some institution, who just locked down access to their precious copied jewels because some un1337 student haxer at some instituion proved some M$ guy wrong.
        I can't parse this. But if someone did discover a back door in the code that MS provided them with then surely others would be able to reproduce the flaw?
        Anyway, aren't there multiple reports of backdoors in PGP from various stages of its life?
        Cite please.
      • Anybody who has access to the MS code is not allowed to reveal anything about it. Even if Mainsoft or a university discovered something in windows they would not tell anybody about it because they could be destroyed financially.
    • Skunk team? (Score:3, Interesting)

      "Besides, they wouldn't find anybody on this team willing to implement and test the back door."

      (emphasis mine)

  • by Anonymous Coward on Saturday March 04, 2006 @08:57AM (#14849433)
    - Get me Ferguson... tell him we're going hunting. Yes, hunting. With Cheney.
  • Dead Body? (Score:5, Funny)

    by OverflowingBitBucket (464177) on Saturday March 04, 2006 @09:00AM (#14849442) Homepage Journal
    'Over my dead body,' he wrote

    "Your terms are acceptable" reply the NSA.
  • AHA! (Score:5, Insightful)

    by der_joachim (590045) on Saturday March 04, 2006 @09:01AM (#14849445) Homepage
    So it's a secret backdoor. :-)
  • Bill Gates did invent the Internet after all, says Microsoft. No, really.
  • by badzilla (50355) <ultrak3wl AT gmail DOT com> on Saturday March 04, 2006 @09:08AM (#14849465)
    ... you won't be in the loop if/when it gets compromised.

    A quick look at the "Crypto AG" fiasco makes it plain how very much governments want backdoors. "For decades, the US has routinely intercepted and deciphered top secret encrypted messages of 120 countries." Imagine the power some entity would have if it could peek into any Windows system at will - the temptation must be making their toes curl.

    Whether or not there is a top-level agreement with top-level spooks it is still unlikely that local lawmen will be allowed to know about it. So what exactly IS Microsoft planning to do when they inevitably get a request to "help" with an encrypted drive?
  • There Is also No Cabal.

    (Minor detail: shouldn't the article title read "No Deliberate Backdoor in Vista"?)

  • by Linegod (9952) <pasnak@warpe[ ]s ... a ['dsy' in gap]> on Saturday March 04, 2006 @09:31AM (#14849528) Homepage Journal
    Let the government wait a week for someone to find a backdoor, just like the rest of us....
  • by vandelais (164490) on Saturday March 04, 2006 @09:32AM (#14849529)
    strangely silent on the topic of Internet Hearts.

  • Gay. Tell me I'm not the only one who thought that ....

    The whole story should be posted as flamebait. (pun intended)
  • by nxsty (942984) on Saturday March 04, 2006 @09:41AM (#14849559)
    If there actually where a backdoor in vista, would MS admit it? Probably not.
  • by dprovine (140134) on Saturday March 04, 2006 @09:49AM (#14849581)

    Aside from the obvious "what about buffer overruns?" questions, aimed at the usually poor competence Microsoft shows in writing code, there's also "what about cryptographic strength?" question -- maybe the NSA already has a simple and fast way to break whatever encryption BitLocker will end up using.

    And, of course, there may well be several people working at Microsoft who actually work for the NSA or MI-6 or the FSB. (I'd be astonished if there weren't at least a few such people on the Microsoft payroll.) Those people may well do things as described in Reflections on Trusting Trust [acm.org], without letting their superiors know.

    • And, of course, there may well be several people working at Microsoft who actually work for the NSA

      That's a really interesting line of thought. What are the ethical ramifications of that? Is it ok to pretend that you're for Microsoft when in reality you may be a cryptographer for the NSA? What about modifying Microsoft's products for the good of some other entity? Could the person who does this be sued by Microsoft if they were discovered or would the NSA tell them that they can't because of national secu

      • by dprovine (140134) on Saturday March 04, 2006 @10:27AM (#14849694)

        There's no reason you couldn't be for Microsoft and also be for some other entity too. The deception would pretending to be for Microsoft alone. But if you work for the NSA, and you get a job at Microsoft, you may well write good code, and fix security holes, and otherwise help them succeed even while ensuring NSA access to things secured using Microsoft products. Very few things in life are completely either/or.

        If Microsoft caught you and you got sued, the last thing that would happen is the NSA saying a word. I suspect the following, in decreasing order of probability:

        • You make it look like a huge mistake.
        • You tell them you wrote your password down and put it in your wallet, and your wallet was lost and later returned, and you didn't think to update the password.
        • Some heretofore unknown rich uncle dies and leaves you enough money to cover the lawsuit.
        • You die in an auto accident.

        In any case, before placing an asset in such a position, the NSA would probably train such a person with the right lies to tell if something goes wrong. If I were going to do something like that, I'd make up a fake history for the person before Microsoft hired him, and if he got caught then the FBI could investigate and tell Microsoft he was actually a spy for the Mossad. It wasn't even his real name or anything! But for sure the NSA would keep their name out of it. There's a reason they're known as the "No Such Agency".

  • by dirkx (540136) <dirkx@vangulik.org> on Saturday March 04, 2006 @10:05AM (#14849629) Homepage
    MacOS X, with filefault*, creates a backdoor by means of a certificate. If you then safe the RSA key pair from your Keychain on a separate machine - you yourself or corperate IT can then be easily ensured access in case of some-one beeing hit by a bus; or in case of a total OS crash.
    Dw.

    Ad *) Or manually

    # on a safe machine
    openssl req -new -x509 -out backup.cer -outform DER -nodes
    cp privkey.pem backup.cer /safeplace
    srm privkey.pem
    # copy public cert to laptop or wherever..
    hdiutil create -encryption -type SPARSE -fs HFS+ -volname secure -size 5G -certificate backup.cer sec
  • by Anonymous Coward on Saturday March 04, 2006 @10:26AM (#14849687)
    microsoft operating systems begining with windows 95 have never really needed a backdoor, especially since the front door is left wide open.
  • I sent Neils an invitation to respond to this thread. Don't know if he'll get it, but I found his website on Google (put down that chair Steve....take deep breaths) [macfergus.com]

    Anyhow - he seems quite smart enough to do what the BBC article mentions, but after reading his site a bit, I think the guy would have a real problem if asked to code a backdoor. He seems to be ethical.

    Tin hat conspiracy weavers would say that unbeknownst to Neils, who is a front, that there is yet another team coding the backdoor.

    And yet

  • by TPS Report (632684) on Saturday March 04, 2006 @10:29AM (#14849702) Homepage
    The suggestion is that we are working with governments to create a back door so that they can always access BitLocker-encrypted data,' Niels Ferguson, a developer and cryptographer at Microsoft, wrote Thursday on a corporate blog. 'Over my dead body,' he wrote in his post titled Back-door nonsense.

    But they left out the rest of his quote.

    Niels then put his feet up on the desk and went on to say, "Off the record, you should note my careful use of the word 'always' in the above sentence", he said, with a slight grin on his face. "Context is everything. If I allow them occasional or intermittent access, I'm still being honest, right?" Niels then laughed and pointed to his "Honorary member of the DoD" plaque on his office wall.
  • Been in his shoes (Score:2, Interesting)

    by Anonymous Coward
    I have been in Mr. Ferguson shoes, left with the choice of putting in a back door demanded by the NSA or quit. To my knowledge, NSA always gets there way. If he won't do it, the next guy will.
  • So you are trusting these reporters to convey what Mr. Ferguson actually said? More likely he just flat out admitted that they are installing a set of keys for the NSA and are being more careful about choosing registry names for the keys this time.

  • by smartin (942) on Saturday March 04, 2006 @11:14AM (#14849862)
    After all they don't call it windows for nothing.
  • by Fantastic Lad (198284) on Saturday March 04, 2006 @11:29AM (#14849899)
    This article makes for interesting reading. . .

    NSA and secret keys added to windows. [heise.de]

    Thanks for the link, truthsearch.


    -FL

  • by ScrewMaster (602015) on Saturday March 04, 2006 @11:51AM (#14849961)
    "Your proposal is acceptable."
  • Correction (Score:3, Funny)

    by Opportunist (166417) on Saturday March 04, 2006 @12:10PM (#14850022)
    There won't be a backdoor in Vista that they KNOW about. I bet they'll manage to build some in unintentionally.

    I mean, why should it be different in Vista than it was 'til now?
  • Anyone paranoid about security would not believe a word the man says. If they were making a back door, would they tell you? Of course not, that would greatly lower the value of the back door. Anyone with sensitive information on their computer would be insane to trust bitlocker if he says there's a back door.

    So we will have to rely on independent auditors - those people like DVD John that will ignore all the silly "no reverse engineering allowed" rules and tear it apart anyway. Then we will know for sur
  • Before we start celebrating Microsoft, read carefully exactly what was said:
    The suggestion is that we are working with governments to create a back door so that they can always access BitLocker-encrypted data,
    He didn't say he wasn't making a back door, he said he wasn't making a back door in cooperation with governments. That still leaves plenty of options like "on our own" or "working with advertisers."
  • by Animats (122034) on Saturday March 04, 2006 @04:27PM (#14850858) Homepage
    Intel, HP, Dell, and Toshiba are including the Intelligent Platform Management Interface (IPMI) [intel.com] in many of their machines. IPMI is a "remote administration" tool embedded in the LAN hardware. It looks at UDP packets (on ports 663 and 664) and performs various commands on the target machine, completely independently of the operating system. Here's the IPMI 2.0 rev 1 specification [intel.com], a rather long PDF.

    IPMI is very powerful. An IPMI session starts with a Presence ping Any machine with IPMI hardware should answer a "presence ping" on UDP port 663. This identifies an IPMI-capable machine, and returns some vendor info. Anyone can send this. This should work even if the machine is "turned off", as long as it has standby power and is on a LAN.

    Then, there's a challenge-response authentication sequence. More on this later.

    Once you're in, here are some of the things you can do:

    • Power up the system. Power it down. Force a hard reset. Force a power cycle. Force a phony overtemperature condition (in hopes of getting a clean OS shutdown.).
    • Disable front panel controls (power off, reset, and standby buttons.) Yes, that's really in the protocol. See section 28.6 of the specification. Remote control can also lock out the keyboard and blank the screen.
    • Set system boot options Or, what OS do we want to run today? These include useful tools like "bypass user password".

    There's more. Much more. Basically, you can remotely take over the machine, turn it on, inventory the hardware, load an operating system, boot it up, and talk to it.

    IPMI's back channel can do more than this. With some help from the operating system (and yes, it's supported in Windows) you can do more remote administration functions. This is great for administering your data center remotely. But it has darker implications.

    Supposedly, most machines are shipped with IPMI mostly turned off, unavailable until a program is run on the machine to load in the keys that enable it. Supposedly.

    Thus, all it takes for IPMI to be a "backdoor" is for a set of secret challenge/response keys to be preloaded into the IPMI chip. There's no way to read those keys. Short of taking the chip apart, gate by gate, there's no way to tell if there's a backdoor in there. Or a set of keys might be loaded by the system integrator before shipping the system. You can't tell. So that's where to put a backdoor, where no one can find it.

    There's an open source, OpenIPMI [sourceforge.net], for sending IPMI commands on Sourceforge. Send "Presence pings" to the machines you have and see if they answer.

  • by Simonetta (207550) on Saturday March 04, 2006 @06:05PM (#14851153)
    Vista will ALWAYS have a backdoor. This the showcase product of the richest man in the world. His and his companie's continued prosperity depends on the good graces of governments. And the governments will always demand a back door to spy on their people.

        This is the way that the world works. MS will always deny that there is a backdoor. But it will always be there. If you don't believe it, go to China or any other crypto-fascist dictatorship with advanced technology. Start sending e-mails to foreign websites about subjects like democracy and freedom in general. Request information about local massacres of protesters in freedom demonstrations. Be sure to use encoded with Microsoft's bundled encryption. See how long it takes for the local secret police to arrest you. A week, a month?

        Don't gamble your life and freedom on a sucker's bet. Microsoft will always cooperate with local authorities to ensure that Vista will not shield political dissidents. The only people who can be assured that their correspondence actually is private will be Microsoft employees. This is a trade-off that giant monopolistic global corporations always make with the totaltarian governments in the countries that they operate. Regardless of how much they deny it, Microsoft will act no differently.

      Count on it.
    • Mod down, reactionary sputum, long on accusations and completely empty of facts. I'm not saying it isn't possible; I'm saying there has never been presented any evidence to support the claim that MS has bundled a backdoor in any product or for sure that there is anything more breakable about MS-Crypto in regards to email, SSL, etc. than anything else. Substitute money for mouth and maybe I'll recant.

The confusion of a staff member is measured by the length of his memos. -- New York Times, Jan. 20, 1981

Working...