No Backdoor in Vista 269
mytrip wrote to mention a C|Net article stating that Vista will not have a security backdoor after all. From the article: "'The suggestion is that we are working with governments to create a back door so that they can always access BitLocker-encrypted data,' Niels Ferguson, a developer and cryptographer at Microsoft, wrote Thursday on a corporate blog. 'Over my dead body,' he wrote in his post titled Back-door nonsense."
Why would they wait? (Score:1, Interesting)
Just read the pw as it as entered.
If you are of interest a keylogger will be running.
That will be as easy to install as it was over the last 20 years with m$.
So Vista can make a safe file - just like any other OS - its the OS this is the problem.
The last 20 years of computer history should show any end user that.
M$ is the way in.
Dear Niels I hate to break it to you but... (Score:5, Interesting)
A quick look at the "Crypto AG" fiasco makes it plain how very much governments want backdoors. "For decades, the US has routinely intercepted and deciphered top secret encrypted messages of 120 countries." Imagine the power some entity would have if it could peek into any Windows system at will - the temptation must be making their toes curl.
Whether or not there is a top-level agreement with top-level spooks it is still unlikely that local lawmen will be allowed to know about it. So what exactly IS Microsoft planning to do when they inevitably get a request to "help" with an encrypted drive?
However (Score:3, Interesting)
But then we'd have to take the word of some un1337 student haxer at some institution, who just locked down access to their precious copied jewels because some un1337 student haxer at some instituion proved some M$ guy wrong.
Anyway, aren't there multiple reports of backdoors in PGP from various stages of its life? Of course, since its not Stallman-Endorsed(TM) software everyone on Slashdot, fearing executing bash will get them locked up just points and laughs anyway, right?
Skunk team? (Score:3, Interesting)
(emphasis mine)
Re:Right. (Score:5, Interesting)
Yes and no.
True, there was a tag in one version of Windows NT 4 that had the name "_NSAKEY". However, it has never been linked to the NSA in any way whatsoever, except by conspiracy theorists.
You might as well claim that USER32.DLL is proof of a conspiracy to turn American back into a British colony (U.S. obviously stands for United States, and E.R. = Elizabeth Regina = the queen of England! OMG BILL GATES HATES AMERICA!)
Here [schneier.com] is Bruce Schneier's take on the matter.
Re:Prove it. (Score:2, Interesting)
So, who would you trust more.
Someone in an electoral system that you cannot even bring yourself to take part in.
A company whos product you purchased and used/use.
Re:... that he knows of. (Score:4, Interesting)
There's no reason you couldn't be for Microsoft and also be for some other entity too. The deception would pretending to be for Microsoft alone. But if you work for the NSA, and you get a job at Microsoft, you may well write good code, and fix security holes, and otherwise help them succeed even while ensuring NSA access to things secured using Microsoft products. Very few things in life are completely either/or.
If Microsoft caught you and you got sued, the last thing that would happen is the NSA saying a word. I suspect the following, in decreasing order of probability:
In any case, before placing an asset in such a position, the NSA would probably train such a person with the right lies to tell if something goes wrong. If I were going to do something like that, I'd make up a fake history for the person before Microsoft hired him, and if he got caught then the FBI could investigate and tell Microsoft he was actually a spy for the Mossad. It wasn't even his real name or anything! But for sure the NSA would keep their name out of it. There's a reason they're known as the "No Such Agency".
Neils Ferguson - seems to know his stuff (Score:2, Interesting)
I sent Neils an invitation to respond to this thread. Don't know if he'll get it, but I found his website on Google (put down that chair Steve....take deep breaths) [macfergus.com]
Anyhow - he seems quite smart enough to do what the BBC article mentions, but after reading his site a bit, I think the guy would have a real problem if asked to code a backdoor. He seems to be ethical.
Tin hat conspiracy weavers would say that unbeknownst to Neils, who is a front, that there is yet another team coding the backdoor.
And yet, as long as you use a OS that will not release its' source code, suspicions will always lurk about something.
Been in his shoes (Score:2, Interesting)
Re:Right. (Score:2, Interesting)
How NSA access was built into Windows (Score:3, Interesting)
NSA and secret keys added to windows. [heise.de]
Thanks for the link, truthsearch.
-FL
Re:Been in his shoes (Score:3, Interesting)