Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×

No Backdoor in Vista 269

Posted by Zonk from the inappropriate-comments-aplenty dept.
mytrip wrote to mention a C|Net article stating that Vista will not have a security backdoor after all. From the article: "'The suggestion is that we are working with governments to create a back door so that they can always access BitLocker-encrypted data,' Niels Ferguson, a developer and cryptographer at Microsoft, wrote Thursday on a corporate blog. 'Over my dead body,' he wrote in his post titled Back-door nonsense."
This discussion has been archived. No new comments can be posted.

No Backdoor in Vista More

No Backdoor in Vista

Comments Filter:

  • Why would they wait? (Score:1, Interesting)

    by AHuxley ( 892839 ) on Saturday March 04, 2006 @09:04AM (#14849454) Journal
    Why wait until you need to crack the files?
    Just read the pw as it as entered.

    If you are of interest a keylogger will be running.
    That will be as easy to install as it was over the last 20 years with m$.

    So Vista can make a safe file - just like any other OS - its the OS this is the problem.

    The last 20 years of computer history should show any end user that.
    M$ is the way in.

  • Dear Niels I hate to break it to you but... (Score:5, Interesting)

    by badzilla ( 50355 ) <ultrak3wlNO@SPAMgmail.com> on Saturday March 04, 2006 @09:08AM (#14849465)
    ... you won't be in the loop if/when it gets compromised.

    A quick look at the "Crypto AG" fiasco makes it plain how very much governments want backdoors. "For decades, the US has routinely intercepted and deciphered top secret encrypted messages of 120 countries." Imagine the power some entity would have if it could peek into any Windows system at will - the temptation must be making their toes curl.

    Whether or not there is a top-level agreement with top-level spooks it is still unlikely that local lawmen will be allowed to know about it. So what exactly IS Microsoft planning to do when they inevitably get a request to "help" with an encrypted drive?

  • However (Score:3, Interesting)

    by mcbridematt ( 544099 ) on Saturday March 04, 2006 @09:18AM (#14849495) Homepage Journal
    there are heaps of people with access to the source code (ok, maybe not full), such as academic institutions, and infamous examples such as MainSoft, who could prove 'em wrong.

    But then we'd have to take the word of some un1337 student haxer at some institution, who just locked down access to their precious copied jewels because some un1337 student haxer at some instituion proved some M$ guy wrong.

    Anyway, aren't there multiple reports of backdoors in PGP from various stages of its life? Of course, since its not Stallman-Endorsed(TM) software everyone on Slashdot, fearing executing bash will get them locked up just points and laughs anyway, right?

  • Skunk team? (Score:3, Interesting)

    by Stephen Samuel ( 106962 ) <samuel@bcgre e n . com> on Saturday March 04, 2006 @09:42AM (#14849560) Homepage Journal
    "Besides, they wouldn't find anybody on this team willing to implement and test the back door."

    (emphasis mine)

  • Re:Right. (Score:5, Interesting)

    by Haeleth ( 414428 ) on Saturday March 04, 2006 @09:48AM (#14849574) Journal
    I suspect the NSA, (who I seem to recall left a few stray tags lying around in a previous version of Windows' code)

    Yes and no.

    True, there was a tag in one version of Windows NT 4 that had the name "_NSAKEY". However, it has never been linked to the NSA in any way whatsoever, except by conspiracy theorists.

    You might as well claim that USER32.DLL is proof of a conspiracy to turn American back into a British colony (U.S. obviously stands for United States, and E.R. = Elizabeth Regina = the queen of England! OMG BILL GATES HATES AMERICA!)

    Here [schneier.com] is Bruce Schneier's take on the matter.

  • Re:Prove it. (Score:2, Interesting)

    by oliverthered ( 187439 ) <oliverthered@nOSPAm.hotmail.com> on Saturday March 04, 2006 @10:02AM (#14849626) Journal
    Your assuming he voted for the Government in power, or even voted at all. He may have purchased a copy of Windows and that's as good as a vote in my books.

    So, who would you trust more.
    Someone in an electoral system that you cannot even bring yourself to take part in.
    A company whos product you purchased and used/use.

  • Re:... that he knows of. (Score:4, Interesting)

    by dprovine ( 140134 ) on Saturday March 04, 2006 @10:27AM (#14849694)

    There's no reason you couldn't be for Microsoft and also be for some other entity too. The deception would pretending to be for Microsoft alone. But if you work for the NSA, and you get a job at Microsoft, you may well write good code, and fix security holes, and otherwise help them succeed even while ensuring NSA access to things secured using Microsoft products. Very few things in life are completely either/or.

    If Microsoft caught you and you got sued, the last thing that would happen is the NSA saying a word. I suspect the following, in decreasing order of probability:

    • You make it look like a huge mistake.
    • You tell them you wrote your password down and put it in your wallet, and your wallet was lost and later returned, and you didn't think to update the password.
    • Some heretofore unknown rich uncle dies and leaves you enough money to cover the lawsuit.
    • You die in an auto accident.

    In any case, before placing an asset in such a position, the NSA would probably train such a person with the right lies to tell if something goes wrong. If I were going to do something like that, I'd make up a fake history for the person before Microsoft hired him, and if he got caught then the FBI could investigate and tell Microsoft he was actually a spy for the Mossad. It wasn't even his real name or anything! But for sure the NSA would keep their name out of it. There's a reason they're known as the "No Such Agency".

  • I sent Neils an invitation to respond to this thread. Don't know if he'll get it, but I found his website on Google (put down that chair Steve....take deep breaths) [macfergus.com]

    Anyhow - he seems quite smart enough to do what the BBC article mentions, but after reading his site a bit, I think the guy would have a real problem if asked to code a backdoor. He seems to be ethical.

    Tin hat conspiracy weavers would say that unbeknownst to Neils, who is a front, that there is yet another team coding the backdoor.

    And yet, as long as you use a OS that will not release its' source code, suspicions will always lurk about something.

  • Been in his shoes (Score:2, Interesting)

    by Anonymous Coward on Saturday March 04, 2006 @10:29AM (#14849703)
    I have been in Mr. Ferguson shoes, left with the choice of putting in a back door demanded by the NSA or quit. To my knowledge, NSA always gets there way. If he won't do it, the next guy will.

  • Re:Right. (Score:2, Interesting)

    by rohan972 ( 880586 ) on Saturday March 04, 2006 @11:03AM (#14849829)
    So that's how he got the honorary knighthood from the Queen.

  • How NSA access was built into Windows (Score:3, Interesting)

    by Fantastic Lad ( 198284 ) on Saturday March 04, 2006 @11:29AM (#14849899)
    This article makes for interesting reading. . .

    NSA and secret keys added to windows. [heise.de]

    Thanks for the link, truthsearch.


    -FL

  • Re:Been in his shoes (Score:3, Interesting)

    by slavemowgli ( 585321 ) on Saturday March 04, 2006 @01:38PM (#14850377) Homepage
    Ah, the Nuremberg defense [wikipedia.org]... always a great way of rationalising one's spinelessness and getting rid of those pesky moral qualms.

Slashdot Top Deals

"God is a comedian playing to an audience too afraid to laugh." - Voltaire

Close