Slashdot Log In
NSA backdoor creates security hole in Windows
Posted by
Hemos
on Fri Sep 03, 1999 08:43 AM
from the i-think-i-get-it dept.
from the i-think-i-get-it dept.
A number of people have written in with the news that Cryptonym has found an apparent backdoor for the NSA (called NSAKEY) in all current versions of Windows. However, you can open this backdoor yourself and install your own strong cryto module in place of the built-in one. More
details are also online, but to be quite frank, we aren't quite sure on this one-so, if you're more qualified comment, please do so below.Update: 09/03 11:19 by H :Thanks to Jens Hillman for more information from the German Chaos Computer Club. Der Webpage ist auf Deutsch-Babelfish it.
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
the begining (Score:2)
This could be very good for all open OS's. (Score:2)
I know if I owned a company, I sure wouldn't want NSA taking my company data to help out some American company. Yeah, sure, they are not supposed to, but what is to stop them.
So admins in countries other than US: start looking at open *nix systems. You can actually have some security with *BSD and Linux.
(Heh. Just like America seems to be the last country still holding off on the metric system, it will be the last country still using Windows.)
You know, many of us like to bash M$ (Score:2)
BUT, that does not give anyone the right to be pricks.
Someone I work with was just flamed by another person to whom my co worker had sent a document in an M$ format. The recipient was a Linux user, and the only geeks my co worker has encountered were me and the geeks here (i.e. some laid back MFs)
For many of us there is no alternative, we have to be compatible with other businesses. Yes, there are products that will open Word/Excel documents, but going back again is not always easy. Any of you ever try to open a Claris document in Word 98 on a Mac? It gets all buggered up.
Spreading the Linux/Unix gospel would be _much_ easier without people being smeg heads about it when someone uses a different platform. You want a Mac? Be my guest. You think Win98/NT is the bees knees? Knock yourself out. You want a powerful, stable
All we do when we flame people for standing up for M$ or using their products is make the Linux/Unix community look bad, like childish, bad tempered simpletons. It is counter productive to flame, mail bomb, or crack someone for using or liking another product.
Here is a neat idea. Before you write that flame, pretend that person is right in front of you. Or better yet, remember that it makes YOU look bad.
*rant mode cancel*
Sorry, I just don't understand why people who would otherwise be perfectly polite and cool suddenly become total a**holes over really stupid smeg.
blah blah blah, I'll shut up and drink my beer
CryptoAPI pretty pervasive (Score:2)
How many people actually USE the cryptoAPI? It seems to me that unless you're using this stuff, all of this has no effect.
Pretty much everyone and everything under Windows, directly or indirectly ... ActiveX code signing, Outlook, Internet Explorer ... authentication, I think ... you name it.
Berlin-- http://www.berlin-consortium.org [berlin-consortium.org]
Some NSA backdoors are explicit (Score:5)
Second, every copy of Lotus Notes carries an explicit NSA backdoor, called the "Cryptographic Differential Work Factor". Essentially the point is that part of every secret key is encrypted with the NSA's public key, so where we would have to brute-force 128 bits to get in, they have to brute force only 40. So there's precedent; it's not as implausible as some people here seem to think. It may not be a back door in the simplistic way some people are thinking of, though.
The algorithm the guy used to find the key is documented in Adi Shamir and Nicko van Somoeren's paper "Playing Hide and Seek with Stored Keys" - you can find a link to the paper here [demon.co.uk] alongside my implementation of the technique described.
--
mama if that's moving up then I'm moving out (Score:2)
a) The leasing company owns it, I just pay to use it.
b) The leasing company has a key which they use to enter my apartment with or without my consent.
c) They take their sweet time about fixing stuff.
If someone were giving away free land with housing on it I'd move in a nanosecond because:
a) I would not have to continually pay the leasing company rent despite shoddy maintenance.
b) No one else gets a key unless I give it to them. I still can't stop a determined government agency from barging in, but at least they can't just waltz in because the leasing agency doesn't mind handing over my key.
c) I'll deal with mowing the lawn myself especially if the house is well built and helpful neighbors take care of fixes/improvements in a timely manner--free of charge no less!
I'm not exactly hopeful that I'll find such a situation, at least not in RL.
numb
Re:My God, It's a global conspiracy! (Score:2)
This is horrible! (Score:2)
This a horribly wicked infringement on our Privacy and on the Privacy of others.. this had better reach the ears of the populace. For once a wide-spread scare such as as the one that this might incur could actually produce "helpful" legislation, instead of the backwards kind that always seems to arrise from terrible events but actually ends up doing no good... from this we may actually be able to get some good done.
Sure, I am now secure in my Privacy, I am behind a firewall, I'm starting to use SSH, I really only use Linux as my main OS (though I do use Solaris and plan on trying out FreeBSD). However, we mustn't forget our "friends" that use WinX or those we work with.
Re:One more nail in the coffin... (Score:2)
Re:Is it possible this is a decoy? (Score:2)
Basically being open source doesn't prevent something from being back doored, but it does make it harder. Not to mention the ComBot example isn't the greatest, it could have been hidden better.
Re:Encryption is needed now! (Score:2)
I remember that anonymous site getting raided because Scientologists were unhappy about a very vocal critic used that site to post very unflattering things about them. It was an army of lawyers from hell that ended what many thought was a great service. The computer was taken and the logs were no longer secret...
*What* DES back door? (Score:2)
I don't believe any of your three possibilities. I think it's exactly what it seems, and that the NSA like to have their lives made easier.
--
Re:Computer "BUG" (NSA listens in) (Score:2)
And they could remotely install a plug-in to get your keyboard to capture your fingerprints in case you download any kiddie porn, and turn your monitor into an x-ray machine so they can take pictures of your brain while you play quake to tell if you are a potential school-shooter.
Geez, too bad the NSA doesn't have anything better to do than spy on average computer hackers. Guess they got tired of interecpting everyone's email and following foriegn nationals around watching for them to rent u-hauls and buy fertilizer.
Re:NSA Security (Score:2)
Re:Computer "BUG" (NSA listens in) (Score:2)
Microsoft admitted working with NSA! (Score:3)
This CNN Story [cnn.com] last year talked about the pressure tactics the NSA uses.
In the article, Ira Rubenstein, Microsoft attorney and top lieutenant to Bill Gates, says:
"Any time that you're developing a new product, you will be working closely with the NSA," he noted.
You Linux guys ought to remember the K&R backdoor. (Score:2)
A couple of years ago, Ritchie revealed that he had put a back door into the original UNIX login program that no one ever caught: He added code to the C compiler so that if the compiler was compiling login.c, it would inject the back door function. He then added code to the compiler so that if it was compiling *itself* it would inject the code to create the login back door.
He then deleted the code from the C compiler source. You could examine the source all you wanted - but when you recompiled the compiler, it inserted the backdoor creation code into the new compiler - and when you compiled login.c, it would add the back door to the login executable.
He claimed the trap door existed for years on many ports of UNIX. Any port of UNIX that was built using a cross-compiled version of the original C compiler had it.
It would be straight forward to replicate this process in GCC. It would spread much more slowly (unless you managed to get your binaries picked up by a major mirror) but it would be nearly undetectable.
--
How about IE5 (Score:2)
Re:Encryption is needed now! (Score:2)
We need to insure that total anonymity on the net is available forever. Cryptography will make that possible.
and it will help people shut out spam
Getting rid of spam won't be that easy. We don't have anonymity in the world of telephones, and we still get telemarketing calls. We don't have anonymity in the postal system and we still get bombarded with junk mail.
and get rid of the creepy nature of the 'net as it now stands
Creepy? Err... what 'net are you on?
It will also make people accountable for what they say in public online, just as we're accountable for what we say in public in the real world.
I read that as 'it will have the same chilling effect on free speech that we see in the real world'. Just as it is possible to circumvent public accountability in the real world, it will continue to happen online.
These are good things.
These are at best pipe dreams. At worst, they will lead to big-brotherism.
Maybe what we need to do is allow people like you that are afraid of somehow, possibly, being offended by something to just filter out anything that is anonymous. But why prevent the rest of us who think that a few Anonymous Cowards out there might occasionally have something worthwhile to say from listening if we want?
Re:Computer "BUG" (NSA listens in) (Score:2)
Erm... *about* No Such Agency (was Re:Duh!) (Score:2)
Do you really think the NSA has the type of budget problems...
As Ricky Ricardo used to say, "Loooosseeee, lemme 'splain you something." The NSA ain't got no budget. Not in the traditional sense of the term, anyway. They're not required to submit one to Congress for approval. They just get what they ask for, and the dollar figure is classified. As are basically all of their activities. And what's more, unlike the CIA, they have *no* legal restrictions against *domestic* intelligence activities -- seems that during those pesky Church Committee hearings on the CIA's antics, everybody conveniently forgot to ask where the ELINT came from.
Having typed all this, I look forward to that funny click on the line when I pick up my phone tonight. Or maybe my head will just disappear in a pink cloud as I'm driving to work on Monday morning...
Re:Security hole? Really?? (Score:2)
To sign a document:
1. Calculate a hash of the document (MD5 is the common method).
2. Encrypt the hash with your private key.
When the user want to verify that it came from you, they:
1. Calculate the hash of the document.
2. Decrypt the provided hash with the public key and check if they match.
So, at this point you know:
1. That the document was not modified since it was signed.
2. That the document came from the source that it was intended to come from.
The reason Microsoft is signing the security modules is to prevent someone from subsituting the DLL and then comprimising your security. (Since you can't sign without the private key).
Now, if this second key (and the third one for that matter), belong to another party, it means that your computers will accept security modules signed by them to run. However, only entities with the matching private key can release the modules.
This validation mechanism only affects the loading of the security module, not the actual secured data. The author of the security modules does not implicitely have access to the encrypted data without the private keys used to encode them. It would have to get your private keys, and then store them somewhere or send them somewhere in order to be able to read your data.
$NAZI =~ fascist (Score:2)
the Nazi party was "National Socialist" how could they be "right wingers"?
Technically, they were [are] fascist, regardless of what they called themselves.
Honestly, totalitarianism or statism is totalitarianism or statism, regardless of which side of the aisle you choose to stick it on.
Whether it's conservatism or liberalism that you take too far, you invariably end up at the same place. The political spectrum is circular.
Berlin-- http://www.berlin-consortium.org [berlin-consortium.org]
Re:Encryption is needed now! (Score:2)
However, as I was saying, what all this really means is that the original poster is off base in thinking that anonymity on the Net is so much worse than what happens in real life.
Re:Is it possible this is a decoy? (Score:2)
Now granted, the person who is doing the hiding has to be MUCH trickier about doing it
"What the @#$% do those 3 lines of code do? Hrmmm, oh well, doesn't look like the section I was trying to find anyway . .
Because they are very obscure lines of code, that don't seem to be what you are looking for, so you don't take the time to 'play computer' and try to figure out what they are
Well, this is another argument for getting source. (Score:4)
Verification? was Re:the begining (Score:3)
At least, it DOES appear that there is more than one key available in the crypto packages. Whose keys? This should be the rallying call, and since we don't have the code, we can't tell.
This is a VERY good reason to be suspicious of Microsoft products.
How many people actually USE the cryptoAPI? It seems to me that unless you're using this stuff, all of this has no effect.
Andrew
----
Re:You know, many of us like to bash M$ (Score:2)
I'm personally certain it's legit. (Score:3)
(2) the _NSAKEY certainly refers to *a* public key. It's a stretch of unusually high entropy data, which nearly always means cryptographic data: even compressed stuff doesn't look like that. Furthermore, it's being fed to BSafe's public key routines: look at the CCC's debugger output.
(3) Micros~1 wouldn't fuck around with that sort of thing. I don't think anyone's going to label a public key "NSAKEY" as a joke.
(3) But the NSA are very likely indeed to put pressure on them to introduce this sort of "feature" - it's quite a common occurence for a guy with a sharp suit to turn up at the offices of commercial crypto implementors and discuss, let's say, how best to speed the export process. In the case of Lotus Notes, they did it entirely above ground, although the Swedish Government didn't read the small print when they banked their information system on Notes and they were quite annoyed to discover that the NSA had a way in.
Put aside your speculation: this is the real thing. The NSA hold the private key that allows their software to do pretty much whatever they want to the CryptoAPI system, if you'll consent to run any code they've had their hands near. And we all know how tricky that is.
Personally, I'm ecstatic: the unearthing of this information is a huge boon both to the Open Source and crypto-security communities.
--
A "sodroller"? (Score:2)
Berlin-- http://www.berlin-consortium.org [berlin-consortium.org]
Enlightening NTBUGTRAQ Listserv posting [Long] (Score:2)
-----Original Message-----
From: Russ [mailto:Russ.Cooper@RC.ON.CA]
Sent: Friday, September 03, 1999 2:58 PM
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Subject: Alert: CryptoAPI and _NSAKey issue
-----BEGIN PGP SIGNED MESSAGE-----
This is also available at http://ntbugtraq.ntadvice.com/_nsakey.asp
Whoa horsie...
I had a long chat with Andrew Fernandes this morning, as well as
another chat with others, and of course I've had a ton of messages
sent my way with various links to various stories about the issue.
I wanted to get a few things straight before I sent this message, but
given how quickly things are spreading it makes sent to send something
interim.
Ok, so here's what I can tell you.
1. Andrew's speculation about the _NSAKEY being a backdoor for the NSA
is based on;
a) The variable is called "NSA".
b) Its a second key, not known to exist in Windows previously.
c) What possible purpose would a second key serve?
d) Its presence, arguably, weakens CryptoAPI (Andrew explains this on
his website at ,
I'll elaborate more later.
2. Sources close to Microsoft say that the key is a "Backup" key. It
is owned by Microsoft, and only Microsoft have the private key to it.
The key was named "_NSAKEY" because the NSA insisted that Microsoft
include a backup key in their CryptoAPI before the Commerce Department
would approve its inclusion in NT 4.0.
Editorial
- ---------
There's a bunch of somewhat understandable furor going on over the
idea that the NSA might have a backdoor to Windows. Unfortunately,
however, all of this is based on a variable name. Anyone who programs
knows that variables might get named anything for a variety of
reasons. One would expect that they would be named descriptively, but
alas, not everyone follows such stringent conventions (can you spell
"Easter Egg"?).
The Conspiracy Theorist's theory goes;
- -------------------------------------
- - The NSA has a signing key on your box.
- - The NSA can implant a Trojan to replace the module which performs
encryption on your box with one that doesn't perform encryption, and
because the failure of signature verification against Microsoft's key
is silent, they can get their trojan'd app up and running without you
being any the wiser.
- - The NSA can then sniff your traffic, now being conducted in
plain-text.
There's obviously a ton of variations possible on this theory, they
take your private key, they replace your key with another, etc...
They only have to get a Trojan to you and get you to run it, and as
those same Conspiracy Theorists always say, there's
likely bugs in the OS designed to allow them to do
this...
Yeah, could be true.
My take from Microsoft's Perspective;
- ------------------------------------
- - We want to have one build of our products that simultaneously
supports weak or strong encryption functionality.
- - We want to be able to ship this one product world-wide, changing as
few bits as possible for those that are being shipped outside the U.S.
and Canada.
- - We'll build an API (good, bad, or otherwise) that allows the
controlled bits to be inserted into an infrastructure, then get the
infrastructure approved, and all will be good.
- - Commerce (with advice from lots of people including the NSA),
agrees, and tells Microsoft they have to sign everything that can use
the infrastructure. That way, Microsoft can ship its product anywhere,
and Commerce will know that only those products that have been signed
by Microsoft will be able to run on the OS.
- - You want to build a Cryptographic Service Provider (CSP), the module
that performs the encryption, you gotta get Microsoft to sign it for
it to run. Microsoft doesn't sign anything that doesn't have the
appropriate Commerce Department Export approvals first.
Wonderful, life's good, Microsoft doesn't have to manage multiple
versions based on Crypto-strength, folks can implement whatever crypto
they want (assuming its Commerce approved).
Oh, the second key, I almost forgot;
- -----------------------------------
I'm told the NSA insisted there had to be a backup. No explanation as
to why yet, that's what I've been told. One theory that made a lot of
sense to me was the simple idea of;
What happens if Microsoft's key is ever compromised? Well, they'd
simply revoke it, right? Yeah, but the problem is that you'd have no
way of telling a Microsoft system that there's a new key. You'd have
to rely on the old one to tell it about the new one. But if there's a
backup key, and they're kept separate, you could use the Backup to
verify the new key to replace the primary.
That's only meaningful to Microsoft since there's no revocation lookup
being done on the primary anyway. Microsoft would have a way to
salvage its name by using a new key. In practice, this would be near
impossible to deploy, but hey, at least there's a way to do it
securely.
BUT!!!
- ------
Andrew's discovery goes beyond this NSA stuff. There's a real issue
here. Andrew has found that by replacing the _NSAKEY with one of your
own, you are able to add a CSP to the system signed only by you. This
by-passes Microsoft's signing controls (the ones Commerce needed to be
in place to allow Microsoft to ship its products world-wide).
As Andrew says, "Export controll is effectively dead for Windows."
More importantly, it means you can add a CSP that does whatever you
want it to do, and then modify existing Windows
CryptoAPI such that they are signed by you instead of Microsoft. This
will cause them to fail the Microsoft signature verification, but
they'll pass verification against your own signature. Windows will
silently let them run and do whatever it is you want them to with the
CryptoAPI environment.
In theory, you create your own CSP to replace Microsoft's supplied CSP
(implementing whatever you wanted in it, say boosting 40-bit to
128-bit), modify the second key to one of your own, install your CSP
over Microsoft's, and fire up any application that uses CryptoAPI. The
signature will fail Microsoft's verification, pass yours, and
everything should work as if you had a U.S./Canadian version.
Fortify for Windows NT (I'd sure love to see
that implemented, anyone up for the challenge?)
It also means the encryption you use on your system could be
compromised in the same fashion, assuming it relies on CryptoAPI
(hasn't this been called for by the U.S. President's commission?)
Andrew's demonstration program effectively proves most of this;
http://www.cryptonym.com/hottopics/msft-nsa/Rep
On the other hand;
- -----------------
If there were only one key present in the system, Andrew acknowledges,
then this wouldn't be possible. However, it would still be possible to
subvert the export controls by trojanning all of the necessary
used with CryptoAPI with ones signed by your key, and then replacing
the Microsoft key with your own. Its a lot more work, but it would
still achieve the same results.
Nobody is suggesting that any of this is a Remote Exploit, or
something you have to worry about receiving in Email. Sure, Andrew's
program demonstrates that a running application can subvert the second
key and implement its own CSP...in memory...which is possible but
unreliable.
Bottom-line:
- ------------
I think the NSA thing is being over-hyped. Sure, its possible, and we
need Microsoft to make their official statement about it to have it on
the record. Once they do, if anyone can prove its not their key I will
happily help them. I doubt anyone will...although I also doubt that
people will readily accept that it is a second Microsoft key (who
killed JFK?)...maybe Microsoft can sign something with the second key
so we could verify it somehow??
Meanwhile, the risk of your system's cryptographic methods being
exploited is limited while folks figure out how it could be done
effectively. I'm looking at how you could audit access or
manipulation, but what's really needed is a TripWire-like
functionality (http://www.tripwiresecurity.com/). Alternatively,
Microsoft should build-in some additional mechanism to verify that
something that should be Microsoft signed, really is Microsoft signed,
and not a blind failover to the second key.
As to the issues of a third key in W2K, I have no information
regarding this beyond what Andrew has said.
More as information becomes available.
Cheers,
Russ - NTBugtraq Editor
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2
iQCVAwUBN9AoOBBh2Kw/l7p5AQEArgQApuinKKbm2VgQ3et
lhhzz3yYNqCJW0kgubSiPcZoOyHvD3VU2IXLk4CKRqeIhQE
pJQpo08ejP3aozx7AB4+37O7gWkLGcH+wAC8siMpOMMUjgH
ntSOJU8kXus=
=Ihd3
-----END PGP SIGNATURE-----
---------
Titanic Wrecking Crew
Wrong question... (Score:2)
The question is, "Does the NSA care that it's illegal?" The answer is, undoubtedly, no.
It's hard-coded, not simply pre-installed... (Score:2)
Why is NSA public key pre-installed on the Operating System?
I was wondering that too, except the key is not pre-installed, it is hard-coded .
Berlin-- http://www.berlin-consortium.org [berlin-consortium.org]
Re:Wait just a second... (Score:2)
I suspect we'll have massive lawsuits filed within days, and a resulting court order to open the relevant parts of the code.
If the Administration opposes the suit, or if Microsoft loses some more source code, that will tell us all we needed to know anyway, won't it?
Meanwhile, it's fun hitting the news sites every few minutes to see the pecking order of how the story propagates.
Re:Well, this is another argument for getting sour (Score:2)
Thats funny, I found it quite conforting.
Oh, wait, maybe you are on the wrong side of the corrupt, effectively totalitarian, world repressing regime...
-
enh... I think not (Score:2)
Has anyone considered the possibility that Microsoft deliberately left the symbol in, to reveal NSA's presence without risking liability? Or is it just easier for you to blindly attack Microsoft given the slightest excuse?
Replace Microsoft in that sentence with any other major corporation -- Occham's Razor still applies. I could possibly buy that this was deliberate on the part of an individual employee, but I find it highly improbable that the management of ANY large company would make that sort of decision.
Berlin-- http://www.berlin-consortium.org [berlin-consortium.org]
Re:Stop being so paranoid!!!!!!!!!!!!!!!!!!!!!!! (Score:2)
What about personal privacy? What about buissness secrets?
If this is allowed, why don't we just install video-cameras in all houses to make damn sure noone is breaking any laws there, heck why don't we put people in jail to make SURE they don't commit any crimes.
*I know I shouldn't bite on troll posts, I just can't help myself.*
//Somewhat anonymous coward.
Come on kiddies....the NSA is MUCH smarter than... (Score:2)
Another interpretation (Score:2)
Since Windows is a U.S. product, it is subject to U.S. export regulations on strong encryption. This gaff in security may be an oversight, or it may be a way of enabling strong security usage, without torquing-off the D.O.J. any further than it already is.
Though, I don't see why M.S. would not just provide 'replacable' security.
Then again, given M.S. 'reputation' with security, it is unlikely that they would actually do something benevolent in the area. Still, something to think about... M.S. ServPack5 now allows foreign companies (in fact all users) to keep the NSA from peeking in their drawers.
But it's NOT a backdoor! (Score:3)
Even if this is the NSA's key, so what? All it means is that they're hypocrites with regard to US security laws. The key only lets you install new security services inside Microsoft's crypto framework. That's it. It doesn't give you access to any information encrypted by other providers. The only reaon there's a lock on this install capability is to allow Microsoft to meet US export standards on encryption (they can't make it too easy to add strong crypto). If this really is an NSA key, then the NSA just wanted it to be easy for them to install strong crypto.
In other words, so what? This doesn't let the NSA, Microsoft, or anyone else snoop on my encrypted data. And I already knew the government had a rediculous security policy. BFD.
Comedy of errors (Score:4)
No one figured out that backdoor until Microsoft forgot to remove the explicit name NSA_Key in NT 4 SP 5? What kind of joke is this? Or is it a programmer at Microsoft that's covertly working for the Open Source movement? :)
I also find it pretty pathetic that the NSA would need to contact Microsoft and implement a backdoor to access NT. I sure know most crackers I know don't need a friggin' insider at MS to crack NT until it weeps.
So I see three possibilities about this:
It's a hoax of some sort, or a private joke by the NT programmers. It sure is working.
It's a decoy. The NSA has a backdoor somewhere else, much less obvious, and this is meant to make us believe the NSA backdoor has been found. I mean, the alleged backdoor in DES is much more complex and subtle than multiplying my a fixed key when encrypting.
It's true, and the NSA are truly pathetic, and their cryptanalysis talents are severely, severely overrated.
I find the third option to be the most amusing. :)
"There is no surer way to ruin a good discussion than to contaminate it with the facts."
And who is suprised? (Score:2)
Wait just a second... (Score:5)
Encryption is needed now! (Score:2)
If we don't protect ourselves from crackers and rougue governments, hell is going to walk on this planet soon. I predict it happening soon with the current lax security (or complete lack of!)
Damn the NSA. Send it to hell.
I don't think it's for spying on people (Score:5)
Security hole? Really?? (Score:4)
As far as I can tell, a competitor to Microsoft discovered the following:
* There is not one, but two keys that are used for the verification of CSP modules;
* This key is called 'NSAKEY' in the debug info for some NT4/SP5 executables.
The best you can say is that "this raises questions". It could be a "back door", but certainly no "security hole": the ability to install CSPs on a system doesn't give you a whole lot except the ability to PROVIDE AN ALTERNATIVE METHOD to encrypt/decrypt data. In other words: no existing encrypted data is compromised, and an application has to specify it WANTS to use the new CSP.
Of course it's more fun to start paranoid rants agains "M$" right away, but even for the most fanatic Microsoft-sceptic, it should be clear that:
1. The information is provided by a Microsoft competitor, and very sketchy at that;
2. It doesn't conclusively PROVE anything: just hint at certain vulnerabilities;
3. If the 'back door' indeed exists, its exploit potential is minimal.
Whatever.
CryptoAPI doc's (Score:3)
Re:Well, this is another argument for getting sour (Score:5)
I returned to the private workforce last year aften ten years with a government entity that I cannot list on my resume. I have a cover (State) and some canned recommendations. I learned AIX while I was working for the government, and then discovered Solaris, which I like a lot. This got me a job last year without too many questions.
You have no idea how bad it has gotten. Let me fill you in:
1. Quotas: they are set in (a place in Virginia) and not in the country itself. So, a posting in some countries (Denmark or Finland) where a)no one really likes or dislikes the US - they could care less and have no real interest in providing information and b)there is just not a lot happening (we are not, for instance, likely to be invaded by Belgium any time soon) is the kiss of death to your carreer because there is no real way to make quota. Unless (and this is key), you fake it. If you have ethics, essentially, fully half of all of the postings by quantity require you to commit treason (by compromising national security by falsifying any and all contacts and records) or treat it as dead time for your future. This is the neat part -- everyone knows the system is horribly broken and every senior person there winks at the violations. Why? Whey did it themselves. Shades of grinding back at West Point (cheating, for those who didn't attend a service academy, is called grinding, and almost everyone does it).
2. Reviews: this has nothing to do with your actual performance in most cases. The station chief doesn't do them -- your immediate boss does. And, just like high school, there is a pecking order and no real control outside of that. Date a secretary that your boss is interested in, your ass is grass. I didn't, but watched someone get transferred into a carreer-ending position for that, with the suggestion in his records that he was compromising security by dating nationals. There is no meritocracy there anymore.
3. Disregard for security: this happened all the time. People would take home AND MISPLACE TS and worse. We had a person leave his briefcase in a bar. We are lucky that the bartender found it. It had detailed response plans for repelling any c/b/r attacks from a country that I can't name, but if you saw it on a map, would look an awful lot like Iraq. This was serious. It was ignored. And then there are the drinking and drug problems, mostly drinking.
4. Security: They do not get you a house at the far end of a one way street anymore. You are lucky if they try to keep your cover secret. They won't help you move in, so everyone knows that you are coming in from DC or VA someplace. They won't pay for a damned thing (not salary, which is very low, but things like furnishing a house or flat as if you really were an American marketing exec). And your family is at tremendouw risk if you take them, as a result. This was one of the main reasons I left. I spoke Spanish, I was not going to get another European posting, had studied Latin America, and had done briefings on narcoterrorism for a number of people, for a number or years. I looked at the house that they had picked out for me in Bogota -- on a busy street, with a wide alley, with overlooking apartment buildings in line-of-sight, in a neighborhood with access from FIVE directions. They couldn't have done worse if they tried. There was no way in hell that I was taking my pregnant wife there, and she felt the same way. So we both quit.
Bitter? Yes, very. But not at the concept, just the execution. At this point, we need to start over.
My God, It's a global conspiracy! (Score:3)
#----------------------------
$mrp=~s/mrp/elite god/g;
Doubtful (Score:5)
"What the @#$% do those 3 lines of code do? Hrmmm, oh well, doesn't look like the section I was trying to find anyway . . ."
One thing you're forgetting -- generally when package maintainers (Linus, for instance) are reviewing a patch for inclusion in the distribution, they won't accept it unless they understand all the code involved.
If you tried something clever like spreading the changes across several patches, that wouldn't really work either.
[Judas] Here's my patch to fix the support for the[Maintainer] Hrm. I'll have a look.
[Maintainer] What's this little bit of code here do? I think you could probably shave a couple hundred instructions off here if you left it out, and it looks completely unnecessary.
[Judas] There's something screwy with the timing; that was the only way I could get it to work
[Maintainer] Hrm. That seems like a kind of awkward hack to me -- I'd like a solution I could understand better. I just replaced this with a delay loop -- I don't have the blah hardware myself though
[Mailing List] Okay... it seems fine. In fact, one of us tried it without the delay loop, and there weren't any problems.
[Maintainer] (to Judas) I applied your patch; it seems to work fine without the bit of code though, so I just left that part out.
[Judas] Curses, foiled again!
As a modest package maintainer myself, I personally read every patch I get. Even if the patch author isn't malicious, the patch could still potentially fail in a catastrophic way due to a stupid logic error or invalid assumptions.
One thing that some people don't seem to understand about Open Source is that just because some Joe Schmoe produces some code doesn't mean that it'll end up in the official distribution.
It might be easy to read the code in the official distribution, and it might be easy to modify the code in your own copy, but it's nontrivial to quietly modify the official distribution. To submit a patch is to submit that patch to a lot of direct public scrutiny.
Berlin-- http://www.berlin-consortium.org [berlin-consortium.org]