Godlike Productions - Conspiracy Forum
Users Online Now: 1,885 (Who's On?)Visitors Today: 607,220
Pageviews Today: 854,474Threads Today: 205Posts Today: 4,558
08:08 AM


Rate this Thread

Absolute BS Crap Reasonable Nice Amazing
 

Microsoft Vista and the NSA

 
Anonymous Coward
User ID: 189014
United States
01/30/2007 04:16 PM
Report Abusive Post
Report Copyright Violation
Microsoft Vista and the NSA
A code is written into Vista that sends all your data directly to NSA, so they don’t have to bother with the FISA Court or take the time and trouble to tap into you..

It has something to do with Bush's illegal wiretaps.

The NSA worked with microsoft to write Vista's code..

[link to www.techweb.com]

A careless mistake by Microsoft programmers has shown that special access codes for use by the U.S. National Security Agency (NSA) have been secretly built into all versions of the Windows operating system.

Computer-security specialists have been aware for two years that unusual features are contained inside a standard Windows driver used for security and encryption functions. The driver, called ADVAPI.DLL, enables and controls a range of security functions including the Microsoft Cryptographic API (MS-CAPI). In particular, it authenticates modules signed by Microsoft, letting them run without user intervention.

At last year's Crypto 98 conference, British cryptography specialist Nicko van Someren said he had disassembled the driver and found it contained two different keys. One was used by Microsoft to control the cryptographic functions enabled in Windows, in compliance with U.S. export regulations. But the reason for building in a second key, or who owned it, remained a mystery.

Now, a North Carolina security company has come up with conclusive evidence the second key belongs to the NSA. Like van Someren, Andrew Fernandes, chief scientist with Cryptonym of Morrisville, North Carolina, had been probing the presence and significance of the two keys. Then he checked the latest Service Pack release for Windows NT4, Service Pack 5. He found Microsoft's developers had failed to remove or "strip" the debugging symbols used to test this software before they released it. Inside the code were the labels for the two keys. One was called "KEY." The other was called "NSAKEY."

Fernandes reported his re-discovery of the two CAPI keys, and their secret meaning, to the "Advances in Cryptology, Crypto'99" conference held in Santa Barbara. According to those present at the conference, Windows developers attending the conference did not deny the "NSA" key was built into their software. But they refused to talk about what the key did, or why it had been put there without users' knowledge.

But according to two witnesses attending the conference, even Microsoft's top crypto programmers were stunned to learn that the version of ADVAPI.DLL shipping with Windows 2000 contains not two, but three keys. Brian LaMachia, head of CAPI development at Microsoft was "stunned" to learn of these discoveries, by outsiders. This discovery, by van Someren, was based on advance search methods which test and report on the "entropy" of programming code.

Within Microsoft, access to Windows source code is said to be highly compartmentalized, making it easy for modifications to be inserted without the knowledge of even the respective product managers.

No researchers have yet discovered a programming module which signs itself with the NSA key. Researchers are divided about whether it might be intended to let U.S. government users of Windows run classified cryptosystems on their machines or whether it is intended to open up anyone's and everyone's Windows computer to intelligence gathering techniques deployed by the NSA's burgeoning corps of "information warriors."

According to Fernandes of Cryptonym, the result of having the secret key inside your Windows operating system "is that it is tremendously easier for the NSA to load unauthorized security services on all copies of Microsoft Windows, and once these security services are loaded, they can effectively compromise your entire operating system". The NSA key is contained inside all versions of Windows from Windows 95 OSR2 onward.

"For non-American IT managers relying on WinNT to operate highly secure data centers, this find is worrying," he added. "The U.S government is currently making it as difficult as possible for 'strong' crypto to be used outside of the U.S. That they have also installed a cryptographic back-door in the world's most abundant operating system should send a strong message to foreign IT managers.

"How is an IT manager to feel when they learn that in every copy of Windows sold, Microsoft has installed a 'back door' for the NSA -- making it orders of magnitude easier for the U.S. government to access your computer?" he said.

Van Someren said he felt the primary purpose of the NSA key might be for legitimate U.S. government use. But he said there cannot be a legitimate explanation for the third key in Windows 2000 CAPI. "It looks more fishy," he said on Friday.

Fernandes said he believed the NSA's built-in loophole could be turned round against the snoopers. The NSA key inside CAPI could be replaced by your own key, and used to sign cryptographic security modules from overseas or unauthorized third parties, unapproved by Microsoft or the NSA. This is exactly what the U.S. government has been trying to prevent.

A demonstration "how to do it" program that replaces the NSA key can be found on Cryptonym's website.

According to one leading U.S. cryptographer, the IT world should be thankful the subversion of Windows by NSA has come to light before the arrival of CPUs that handle encrypted instruction sets. These would make the type of discoveries made this month impossible. "Had the next-generation CPUs with encrypted instruction sets already been deployed, we would have never found out about NSAKEY," he said.

[link to www.schneier.com]

January 09, 2007
NSA Helps Microsoft with Windows Vista

Is this a good idea or not?

For the first time, the giant software maker is acknowledging the help of the secretive agency, better known for eavesdropping on foreign officials and, more recently, U.S. citizens as part of the Bush administration's effort to combat terrorism. The agency said it has helped in the development of the security of Microsoft's new operating system -- the brains of a computer -- to protect it from worms, Trojan horses and other insidious computer attackers.

[...]

The NSA declined to comment on its security work with other software firms, but Sager said Microsoft is the only one "with this kind of relationship at this point where there's an acknowledgment publicly."

The NSA, which provided its service free, said it was Microsoft's idea to acknowledge the spy agency's role.

It's called the "equities issue." Basically, the NSA has two roles: eavesdrop on their stuff, and protect our stuff. When both sides use the same stuff -- Windows Vista, for example -- the agency has to decide whether to exploit vulnerabilities to eavesdrop on their stuff or close the same vulnerabilities to protect our stuff. In its partnership with Microsoft, it could have decided to go either way: to deliberately introduce vulnerabilities that it could exploit, or deliberately harden the OS to protect its own interests.

A few years ago I was ready to believe the NSA recognized we're all safer with more secure general-purpose computers and networks, but in the post-9/11 take-the-gloves-off eavesdrop-on-everybody environment, I simply don't trust the NSA to do the right thing.

"I kind of call it a Good Housekeeping seal" of approval, said Michael Cherry, a former Windows program manager who now analyzes the product for Directions on Microsoft, a firm that tracks the software maker.

Cherry says the NSA's involvement can help counter the perception that Windows is not entirely secure and help create a perception that Microsoft has solved the security problems that have plagued it in the past. "Microsoft also wants to make the case that [the new Windows] more secure than its earlier versions," he said.

For some of us, the result is the exact opposite.


have fun...

5a wtf Idol1
Anonymous Coward
User ID: 2950
United States
01/30/2007 07:23 PM
Report Abusive Post
Report Copyright Violation
Re: Microsoft Vista and the NSA
I'm pretty sure all microsoft operating programs have a back door.
DoubleWarrior

User ID: 175164
United States
01/30/2007 07:29 PM
Report Abusive Post
Report Copyright Violation
Re: Microsoft Vista and the NSA
SO what say the computer geeks? Is this something that people should stay away from?
I have a hard time trusting Bill Gates, after all he did dine with the president.
But what to do? I'm sure all of our monitors have a camera in them that watches you watch. So who cares what they do> Are they just a bunch of fucking perverts, or do they think they can control through our computers and if so, How?
"My brain won't shut up"
Anonymous Coward
User ID: 188969
United States
01/30/2007 07:31 PM
Report Abusive Post
Report Copyright Violation
Re: Microsoft Vista and the NSA
SO what say the computer geeks? Is this something that people should stay away from?
I have a hard time trusting Bill Gates, after all he did dine with the president.
But what to do? I'm sure all of our monitors have a camera in them that watches you watch. So who cares what they do> Are they just a bunch of fucking perverts, or do they think they can control through our computers and if so, How?
 Quoting: DoubleWarrior


Buy a MAC.
Anonymous Coward (OP)
User ID: 189014
United States
01/30/2007 09:43 PM
Report Abusive Post
Report Copyright Violation
Re: Microsoft Vista and the NSA
bump