Slashdot Mirror
UK Government Wants a Backdoor Into Windows
REBloomfield writes "The BBC is reporting that the British Government is working with Microsoft in order to gain backdoor access to hard drives encrypted by the forthcoming Windows Vista file system. Professor Anderson, professor of security engineering at Cambridge University, urged the Government to contact Microsoft over fears that evidence could be lost by suspects claiming to have forgotten their encryption key."
Oh, and there are a few people who also consider encryption a matter of freedom of speech.
Funny the U.S. government targets Phil Zimmermann for three years but hardly raises so much as an eye when an encryption enabled OS is distributed. From Mr. Zimmermann's homepage: I think that his "criminal activity" was creating an encryption tool that allowed messages to be encrypted beyond what the United States government was capable of deciphering in a timely manner. Does anyone know if this is still enforced? Does anyone know what the max key length is now if it is? I think it was something like 128 bits (that the government could crack) around the time of PGP.
My work here is dung.
Let them try.
We have alternatives.
http://www.truecrypt.org/
This simply doesn't make sense. What prevents an user, using a different tool without said backdoor?
I'm sure they'll help out!
They do a google search for "backdoor" and "windows", then just take their pick. Microsoft if nothing else, offers a variety of backdoors for your every need.
Internet Explorer will offer all the back door access they need
What good is encryption if your government can read it - before long half the criminals in the country know how to decrypt your files - especially they way the British Secret Service has been losing laptops lately....
Let bad guys use deniable encryption schemes and this won't even be a concern... Please, someone in the U.K. gov get a clue about encryption!
\u262D = \u5350
If someone gets a hold of your whole computer, they can read files. If someone hacks your system, they can read your files.
About the only thing windows encryption seems to be able to do is prevent you from recovering your files if your PC ever dies.
Whats the point?
autopr0n is like, down and stuff.
... until the crack is published :)
(sadly this is more insightful than funny)
\u262D = \u5350
\ They just want to play with the big boys. We all know the NSA, the CIA, and the FBI each have their own key! \
Never ask for directions from a two-headed tourist! -Big Bird
What, the Gestapo isn't happy that they might not be able to read the contents of your hard-drive? What a surprise.
"The more prohibitions there are, The poorer the people will be" -- Lao Tse
The UK government asks Uzbekistan to ready their cauldrons...
ascii art
Why don't they just use one of the hundreds of backdoors that everyone else uses? Seems to me M$ are already complying with this request several times over.
I used to have a better sig but it broke.
Pretty sure that's the point of encryption. Making sure that nobody but you and people you trust can read your data, and anyone else up to and including the government can't. Even if they really really want to.
When did a healthy mis-trust of government suddenly get you tin-foil hat status, and a visit from the FBI?
Seeing as they are talking to the UK about it I am sure they wll have no problem building a backdoor key into the sytem for each govenment without trouble... Right?
-- Sorry, I can't think of anything funny to say here.
This is that definition of "lost" that appeared in the late 20th century. It's akin to the money that the music industry is "losing" due to file sharing. The evidence is not lost, it is as yet, undiscovered, and in any civilized country, we would not assert that there WAS any evidence unless we could actually see it. In the U.K., however, they actually have a law that says that you have to reveal your secret keys to the authorities with no provision for simply not knowing them. You can be convicted of the crime of having white-noise on your disk that authorities assert is encrypted data to which you are refusing to reveal the key. Heck, you could be convicted of a crime for not divulging the key to /dev/random, which is clearly some secret message channel from an unknown party, since messages arrive from it in small bursts!
US export restrictions for cryptographic software were violated when PGP spread worldwide.
This bring up an interesting point on ITAR and the US. Some encryption technologies could violate ITAR if they are done in the US and then exported to other countries. If I remember right, that was part of the reason encryption on OpenBSD was done in Canada.
Oh, and there are a few people who also consider encryption a matter of freedom of speech.
Some would, but how many governements and what is protected under the law. That is different everywhere. Others, also, consider it a privilege.
Some of these laws, in paticualr with the US, are actually there to protect it from other countries. Many people in the country may not want to protect the countires competitive edge but others do and that is part of what our government has been taked with for a long time.
Evolution or ID?
A suspect will not be able to get away with such a lie, because of advances in functional MRI.
I often see arguments like this one. What's the point for some people to encrypt their files (other than temporary privacy) if you're going to get in trouble later in court anyway for not revealing your keys? Now this might actually be unlikely, but what if average windows user genuinely forgets their password? Seems kind of unfair.
If governments force a backdoor to be installed, it'll be for sale to crackers before the gold masters are pressed, and common knowledge a few weeks later. So "trusted computing" can be subverted using the govt master key. And anyone who actually wants to keep secrets will install somethng that works while not requiring a magic dongle on the mobo. The govt will be able to read data from clueless suspects as they do now. So a win all round. And who doesn't suspect MS would leave backdoors anyway?
It was inevitable something like this would happen after the whole 90 day detention debacle. Labour kept using the excuse of "needing time to break encryption" for requiring 90 days of detention without trial. Anyone with half a brain told them that any decent encryption is going to take many years to break, so I guess this is their response.
I don't really see why the need this anyway.
The government has the RIP Act (Regulation of Investigatory Powers Act 2000) which allows them to detain you, with a press gagging order if you refuse to hand over the encryption key they need to decrypt your data. If you refuse or claim you have forgotton and they don't believe you, then it's two years in gaol for you sonny jim.
They only really got this into law because most people don't understand it. Oh and don't forget that since this government came to power the amount of time they can hold you, uncharged, under the terrorism act has gone from 7 to 28 days... and the police want 90! Yes ninety days, 3 months, 2160 hours!
How about making governments install a keylogger before they seize the computer? Hardware or software, it would go in the old tradition of installing a telephone tap. It's not that hard either. Did the government demand that paper notebook makers supply a backdoor so they could decipher drug accounts written in code?
What's British for "Magic Lantern?"
Slashdot Burying Stories About Slashdot Media Owned
You should not be able to read the files without logging into the computer with your password and/or other identification token.
After logging in, the files are accessable. But not before. Someone who just swipes your PC would boot into Windows but would be unable to read any data files, even with a seperate boot CD. That's the whole idea.
But if the government adds a backdoor, you can bet that a hacker (white or black hat) would find it as well, probably within a few weeks of the OS being out. Thus making the encryption useless.
The whole government complaint is useless anyway because for all they know people can be using deniable encryptionn schemes *today* and they'd never even know about it.
Anyone with something to really hide will use a third-party encryption system, and "lose" the keys to that instead.
Everyone else* will have a computer with a guaranteed back door, which I am willing to bet will be open to hackers on about Day 3 after Vista's launch.
* - Well, everyone else who's not running Linux, of course.
Sean Ellis
Follow OfQuack's antics on Twitter.
to idiocy what can be explained by malice. There are a lot of backdoors around, and Windows had functional ones for years (wmf anyone?) but the intentionality of them could have been in doubt. Now if is known, proved, and by design adding another backdoor, one that will not be removed by any hotfix because is a "feature", well, 2 things will probably happen: the bad guys will find how to exploit it making all backdoored windows a target, and the bad guys find know how to disable it, so the most harmed people will be the good ones that should not have anything to hide (and because of that, removing/disabling the backdoor would make them suspectful)
Well, if it has been set up competently, it surely won't use the built-in encryption, especially if it is well-known that it has a backdoor.
The Tao of math: The numbers you can count are not the real numbers.
when you consider the fact that the UK is very close to having a national ID card
n tity_card, 00.html
http://en.wikipedia.org/wiki/British_national_ide
and
http://news.zdnet.com/2100-1009_22-6039076.html
and
http://www.timesonline.co.uk/article/0,,2-2039223
this kind of thing, while dissapointing, should come as no surprise. The UK has been big on "security" for some time. Cameras are everywhere, especially in the larger cities. The plan to have a back door into windows boxes is dissapoining because of the hole it can leave for exploits and the fact that those who are very interested in keeping information on their computers hidden from prying eyes (e.g. actual terrorists - or at least the smarter ones) will be able to do so until the information is no longer useful (i.e. people are dead).
Welcome to another part of our brave new world.
uR iGn0ranc3, Their Power
Why would anyone consider 'trusted computing' some binary program which you haven't compiled yourself is beyond my understanding.
Since when does the government have a right to all evidence in any case? One aspect of English law that I thought existed, is that the people should be protected from the government (particularly from self-incrimination). One could reasonably argue that the average citizen needs the availability of government-inaccessible encryption, due to the decreased cost (in terms of time and manpower) required to search through computer records vs. paper records. Current computers, and the massive amounts of data that they store (internet cookies, browsing history, cache data, registry entries, etc.) make fishing expeditions much, much, easier on law enforcement than sifting through physical documents and interviewing co-workers and family.
"What could possibly go wrong?"
"I'm a humble person really,
I'm actually much greater than I think I am"
Not turning over the key (for any reason) is an offense punishable by a couple of years in prison anyway.
Deleted
OS X FileVault...AES128 encryption of your home directory with no backdoors! (At least not that I know of). Ain't nobody reading your files without your key.
Facts do not cease to exist because they are ignored. - Aldous Huxley
Who was/will be the first person tortured by US or Britain to reveal their keys? - Since this is now apparently expected behaviour by these governments.
you had me at #!
For the same reasons that I use Firefox as a web browser and OpenOffice.org as an office suite, if I felt it necessary to encrypt my filesystem I'd use somebody else's tools to do it. (Even if I weren't aware of such a backdoor into my filesystem).
While your at it, build a backdoor for me too.
:-) has held me back! ...and when you build that backdoor, be sure you distribute a system tool complete with MS Office assistants to help me crack peoples computers. I want Clippy to tell me "have you tried putting 'password' for the password?"
I've always wanted to build an army of bots and extort money from gambling sites, but the difficulty of cracking MS Windows (or perhaps my conscience
That'd be awesome.
Use the Firehose to mod down Second Life stories!
I guess now when I go save the data from a Dell laptop with a linux live-CD I won't be able to because the data will be encrypted. I'm sure my friends and family will love to hear that I managed to save their picture collection, but the files are totally useless.
lets be honest about this with both microsofts and british central governments past record. teh back door will be ready iin 2005 sometime will have cost 20 billion pounds. and will only work on sundays for anyone who isnt a governemtn department. now if gchq were involved i'd be a little more concerned.
I recall some years ago, someone found supposedly secret NSA backdoor keys buried in Windows98. I don't recall if it was actually proven, but I would not be surprised if the NSA already has backdoor keys in 98/ME/XP and now Vista. Now the British Government wants their turn. Where will it end? Once MS bows to the British, surely other governments will also demand backdoor keys. Who decides which of those governments get it?
Sooner or later, other organisations (like the RIAA and the MPAA) will also want their keys too (if they don't already have them thanks to their DRM chips). Where will MS draw the line? I highly doubt MS would be very open about how many different governments or other organisations really have backdoor keys.
It is easy for us to say that we'll never use it, or that there are other options out there, but I'm more worried for less computer savvy members of the public who think they are buying a secure system. I know most of those users will never use encryption, but this will set another precident that will further erode all of our rights.
Sorry, cheap jibe.
This is amazing - especially when the idea is being promoted by a 'Professor of Security Engineering' at a reputable university. How can adding a backdoor to security systems be anything other than a massive weakness just waiting to be exploited?
Imagine if this went ahead - the British government would want access to versions of Windows sold in this country, the American government to US copies of Windows, the German government ... and so on and so on... Would Microsoft allow the Chinese government access to their citizens' disks? The Chinese government are signed-up members of The War Against Terror - so they could claim they need access, and besides recent experience says that big businesses will always accommodate governments no matter how repressive.
And it gets worse. Microsoft would either have to make a single key that would open every machine in the World; or they would have to issue copies of all the keys to every government - the British government won't accept not being allowed into a suspected terrorist's (and we have a splendidly wide definition of 'terrorist' in this country) computer purely because the suspect happens to be foreign.
But it will all supposedly remain secure and not fall into the hands of wrong-doers.
The Home Office, IT and Microsoft - what an unholy trinity we have there. With this level of stupidity the legislation can't be far off.
I don't know the law in the UK (or the US for that matter), but wouldn't it make logical sense to just have the police install a hardware keylogger on the computer in question? Why break open an operating and file system and make it vulnerable when they could JUST as easily record the key's passphrase when it is used?
GnuPG comes to mind as open-source encryption software. Are there any Windows or Linux solutions that offer the same relatively transparent, on-the-fly disk encryption that's built-in to XP Pro?
Penny - plain text accounting
I can tell you that in OS X if you have encrypted file store on and you've forgotten your password and have not set a master system password...well...you are deep trouble because as far as I know nobody has hacked it yet. Unless the U.S. gov has backdoor access to OS X.
Yes.
Marutukku, pronounced rubberhose.. (or is it rubberhose, pronounced maru tukku? I forget...)
Any politically active programmers out there want to take a crack at maintaining it?
"Reality is that which, when you stop believing in it, it doesn't go away." - Philip K. Dick
Everyone seems pretty confident that if something like this is implemented, it will be discovered and exploited by black hats within weeks of Vista's release . . . As soon as it becomes 'common knowledge', in that sense, wouldn't it be feasible to create a patch to disable the backdoor? I mean, sure, disabling the backdoor will probable flag you as a terrorist and give enough probable cause to get your system seized, but I'm just being cynical.
cndrr
If a backdoor exists, how can you guarantee that the government is the only party that can use it? (let's for a minute ignore the discussion whether the government has the right to have a backdoor installed.)
Encryption with a backdoor is as secure as using no encryption at all.
An ICMP packet with a particular payload that would be read by the firewall before it was passed/dropped?
Or would it rely on the computer itself initiating a connection to a server on the net to check if it should bind cmd.exe to a connection?
Or are we talking about purely physical access backdoors? I.e. a second public key that all files are encrypted to as well as the owners key?
If there are any governments/embassies/corporations that don't want Mr UK/US Gov to be able to read their data, they should well start looking at other systems. Preferably ones that are "Open".
Get your own free personal location tracker
...the TrueCrypt binaries alone in your possession then every piece of digital media you own that appears to contain random bytes will be accused of holding an encrypted volume and they will torture out of you whatever they want to hear you say.
Oh wait, I forgot... civilized Western nations never commit torture upon their subjects.
FTA:
The system uses BitLocker Drive Encryption through a chip called TPM (Trusted Platform Module) in the computer's motherboard.
It is partly aimed at preventing people from downloading unlicensed films or media.
"This means that by default your hard disk is encrypted by using a key that you cannot physically get at...
The government shouldn't be the only folks horrified at this one. MS wants to turn your entire computer against you, encrypting all of its contents and allowing you to read it only if MS wants to allow it. Even if you're okay with that, imagine if something in the scheme goes wrong? I've used the Windows Encrypting File System in XP, and if you lose your encryption key (not that hard--say, if you reformat your hard drive) you are permanently locked out of all the data you've encrypted.
If this is true, MS really wants a death grip on your computer. I'd never use Vista under those circumstances.
Penny - plain text accounting
The pleasant result of all this is that it dispells the whiff of paranoid conspiracy-theory. The government has been advised to ask for the backdoor access. By a british Cambridge expert. There is every reason to think Microsoft will agree.
There is now simple historical evidence to point the public to. Previously there were more technical , less convincing ones.
The average person is not going to care if Microsoft accidentally included some debugging code in a patch. Even if that made it look like it had a backdoor key. "Whatever that means?", they'll say.
A BBC news article about an expert asking for such a backdoor is a lot more convincing.
[% slash_sig_val.text %]
Now I have to change all my 'password's!
I only look human.
My mother is a halfling and my dad is an ogre, so that makes me an Ogreling
...Why don't they just use one of the dozens of existing, unpatched, holes--you know, like everybody else?
{rimshot}
Who did what now?
If this goes wrong it will be horrifying. All your data locked up. MS' ultimate tool to control exactly what you do with your computer. MS Technet on the new scheme
Penny - plain text accounting
You have two choices:
-Suck it up and somehow manage to survive all the other crap MS is lobbing your way
-Switch to a more reliable, secure, free and open OS
A difficult choice, init?
Well if you are a corporation or government entity you wouldnt want a laptop stolen and data lost.
Actually, ideally a corporation would set it up so that the filesystem decryption requires you to be on the company network or VPN prior to being able to access/decrypt files (that is, a part of an individual's encryption/decryption key is always downloaded from the network and stays in memory for the duration of the session). That way a lost company laptop is a lot less of a danger. The windows encryption based on a user password alone is pretty weak and crackable (users often choose dictionary or easily guessable passwords). That's the types of encryption and security a corporation would want.
an open source OS, that you can trust.
mr potatohead!, mr potatohead!! backdoors are NOT secrets
Why not just use the front door like everyone else?
Because it is locked tight and they don't have the key.
The truth shall set you free!
From what I've been reading in the news what's the use of another stupid law when they can just get a couple of ex-Iraq army guys to torture the hell out of them. Most geeks I know would spill the beans as soon as these bad boys showed up. Especially if they show the "illegal key-holder" the film of the British soldiers battering, clubbing, kicking prisoners in Iraq. Isn't this what Tony Blair meant when he said "What's good for the goose is good for the gander"?
{I hate to have to include a disclaimer but this IS sarcasm}
Billions and billions have and are being spent on a fake and false attack on innocent people but the big problem is that YOU may be hiding a few quid on your computer. Fascism has taken over.
So next time the printer jams, I get to jam his fax as well? What is the number?
Freedom or George Bush
If a government is asking for backdoor access to one operating system, why not ask for backdoor access to others? How would the open source community handle such a request when a government comes insisting on a backdoor to your favorite flavor of Linux, or OSX, or BSD, or something that hasn't yet been developed?
Has this request already been made, and if so, has it been complied with or not?
Web 2.0 == Giant Blogspam Circle Jerk
That article surprised me rather - because I know Ross Anderson to be one of the Good Guys. He is opposed to DRM, Trusted Computing, (see here) and ID cards. Furthermore, even if he has had a change of heart, he's far too smart to advocate a backdoor into encryption.
Linux anyone? What is the point of encryption of a backdoor is widely available? that's like having a 300 key password and when you "forget it" anyone including you can see 299 characters of it... it's only a matter of time before it's "brute forced", if you can even call it that. I don't think you have to make a door that's already there. I understand their motives but it's just a stupid idea unless it's handled extremely cautiously...but even then I think cryptography and encryption methods lose their use when every file has a public key that opens it like a "master" key. Don't know if I like that idea.
The jokes really write themselves.
Seriously, though, I'd store inciminating stuff on something I could get rid of more easily than my hard disk.
Please enter your ultra-confidential password:
< > [ Let me in! ]
Alternatively, you may check the following checkboxes.
[ ] I've lost my password
[ ] I declare that I am legally entitled to access these data
[ Let me in! ]
The problem with Slashdot memes is that YOU INSENSITIVE CLOD!
No one expects the Spanish Inquisition.
We just lend them over to the Uzbeks instead.
I assume they'll be able to hire any 15 year old to try this if history is any lesson at all.
"...the British Government is working with Microsoft in order to gain backdoor access to hard drives encrypted by the forthcoming Windows Vista file system..."
Hell, just go ask a bored 14 year old in front of their computer; Offer up a new XBox for each of the first 100 different ways to do it. Of course at that point, the winners have to have parental permission.
Add their backdoors to your backdoors
And so, ad inifinitum.
( after Jonathan Swift IIRC )
Seriously though, why would anyone who had concerns about the security of their data trust the latest shrink wrapped stool sample from M$ any farther than it could be flung. The only practical use for such technology is yet another M$ attempt to lock the user to their platform and that should be of concern to the courts wherever you are.
... it's a way of spiking DRM. If the UK government can be scared into requiring that Windows Vista not be fully DRM-enabled (by whatever means necessary), then that's a good thing. Waving the four horsemen (porn, pedophiles, drug dealers, terrorists) at them is a good way of achieving this - the horsemen have been used for years to justify restrictive computer laws, now (for once) they're being used to try and combat restrictions.
Public figures who spear-head movements are often targeted or planted to create focal points of public trust or civil action which can then later be used to mislead or otherwise sabotage a movement.
Pick your people carefully, according to deeds, not words.
-FL
Having needed to break into someone's system to recover encrypted files, I can say it's not that simple.
Windows NTFS encryption is certificate based. For installs done by anyone not a professional paranoid, the user has access to the file recovery certificate, and the domain administrator may have access to a file recovery certificate valid domain-wide. To use a certificate stored on the hard drive, you MUST have the password to that certificate... which is NOT changed when you force-change an account password.
So, yes, you can hack a machine, install a trojan, and read the users files when they login next. But, until the user logs in (which, yeah, is usually a short wait) and starts the trojan running under their user ID and password before your trojan can decrypt the files to examine/copy them. Alternately, you can get a dump of the encrypted password files, and try a brute force crack. But if the password used on the account (and, ergo, certificate) is, say, 12 random printable characters... dude, you are so SCREWED.
Fortunately, the time I needed to break in for someone, the password was "only" nine random characters. I used a boot disk to dump the password file. Then, we wandered over to the operator for the school 128-processor Linux cluster with a case of good beer at 3:30 on Friday, explained the problem, and he agreed it would be OK this once to "not notice" the copy of the cracker program that would be blatantly running over the weekend in violation of several rules. We left, "not noticing" the case we were leaving behind. At 9AM Monday morning, I checked my email, and my batch job had left the user password sitting in my inbox.
If it had been a 12 random printable character password, we'd still be waiting for the rest of our lives. And, for the professionally paranoid, I understand it's possible to use a non-default certificate (with potentially a different password) for encrypting files... where the decryption certificate need not be on the machine.
Afterwards, I gently explained to the user that EFS should generally be reserved for situations where you consider the data's loss preferable to its disclosure. "EFS is not quite blow-up-the-building-first security, but it's close." He now reserves EFS for his financial information and consulting work covered under legal privelege.
//Information does not want to be free; it wants to breed.
As usual, this is the sort of measure that can only result in catching small timers, novices, and people who are probably innocent of any crimes. The smart crooks will just use something that does not have backdoors in it, if they are not already. I cannot believe that there aren't people in the U.K. government who don't realize this already, therefore I can only surmise that being able to catch small fish _is_ their primary interest. I suppose if enough small fish are caught, then it can distract the public from larger, more difficult problems that remain unsolved. Not only that, it will inspire fear that will help keep the masses in line as more of their freedoms are taken away.
It saddens me to see the U.K. in particular continue down a path of increased surveilance of its citizens with the U.S. not too far behind. Given this, it is rather hypocritical to criticize the Chinese government. At least the people in China know they have an authoritarian government and don't suffer under the illusions of people in the U.S. and U.K. as we slide down the slope towards fascism.
To the making of books there is no end, so let's get started
Right, that's it. I have an idea:
We need a campaign to undermine the legitimacy of the "lost key" argument.
And we need it to be average Joes who don't give a shit about our principle...
First to make a Windows worm that puts white noise on every drive connected wins a medal for liberty! Come on, it would be no more obscene than the government's "argument" now. At least a good firewall will give you some protection from the worm. Good lawyers and friends in the Labour party are required to give you some protection from the government!!
It's worth noting that harm can come not only from data being revealed under coercion, but also from data becoming unavailable.
If terrorists or an oppressive government take your computer and hard drives away, anyone who depends on that data is very much out of luck.
For this reason, local encrypted filestores and plausible deniability are only part of the puzzle. Quite a lot more is required, in particular cryptographic online distribution.
A comprehensive solution will need to use a large population of fixed size raw dataspaces spread across the net, instead of local disks. Quite likely, it would be stored steganographically 1:<large-N>:1 so that (for example) changing webcam images could be used as repositories. And it will need cryptographically-random access for site selection and dataspace selection and to individual bits in the dataspaces. And it'll need huge redundancy since the online storage will be inherently unreliable, yet without laying the scheme open to pretty simple differential cryptoanalysis.
That's a very tall order.
Since when does the law treat averybody as guilty untill prooven inocent? Also if MS would to put a backdoor in their OS ( current or future one ) they would be obligated to put some information in the EULA. Many people might not care but then there are enough that would and this decission would eventually hurt MS pretty bad. I highly doubt that there is any way for any government to persuade MS to put a backdoor in the OS. The only thing is that if you are a government you can get access to the source code of the FS and provided that you have some bright people for you, the encription could be broken. So this supposed professor should stick to his books and maybe read some more ... Decripting is a tougth job but when you have the source and a couple of super computers at your disposal it's really not that bad.
Ross Anderson is actually very, very good, and very well-respected by People Who Know. He has a blog (not that that means he's good -- any idiot can have a blog -- but you can see how he thinks). I'm guessing that the newspaper was not entirely clear about what he was saying.
I may be wrong. But I'm not going to judge the guy on the basis of what a reporter quotes out of context.
What I say does not represent the views of my employers, my friends, my cats, or myself.
Only that in this case you can't.
One possible solution is to use encrypted filesystems under Linux or OpenBSD.
If you really need Windows and want secure data, it might be best to use an external encrypted SAN, or a file server running OpenBSD and Samba.
Windows XP (and 2003) already has this capability (paranoid theories aside) for corporate administrators.
First, it helps to know how EFS (windows encryption) works. It's easy to use, just use Explorer, browse to the files you want to encrypt, right click and click the encrypt button. The filenames turn green in explorer to let you know they're encrypted, but you can continue to use them. However, if you use a boot disk to attempt to access the files, attempt to access them with a user (even an administrator) or attempt to access them using a low level NTFS reading utility, etc, you will find that the file is competently encrypted.
In an encrypted system, there is always a key, which is used to decrypt the "plaintext" -- the stuff you want secret. Windows transparently generates a key for each user, which consists of a large random number. The key, in turn, is encrypted with the user's password. When the user logs in, Windows decrypts the key to transparently decrypt files. On a side note, Windows XP (and 2003) will give you a nasty warning if you reset a user's password using administrative tools to let you know that the user will lose access to any encrypted files.
In a domain (Windows networked) environment, Windows lets you specify a designated user (or users), a "recovery agent", that can decrypt a particular group of users' files. This is extremely important, because if someone parts the company and they encrypted their files (due to corporate policy or maliciousness), by default, it's impossible to access those files without their password. As explained above, even if you reset the user's password, you can access their account, but the encrypted files are irretrievably lost! However, when you designate user that can decrypt other users' files, Windows makes two encrypted copies of the per-user decryption key - one encrypted with the user's key, the other encrypted with the corporate-backdoor key, which allows them to recover the files.
If a backdoor were to be created for a government, it would work very similarly to the corporate environment: when you encrypt files, the user-key used to encrypted them will be in turn encrypted with your password -- which is probably ("bunny", "password" or "god") and will be encrypted with the government password (which will likely consist of hundreds (or thousands) of random bits). Note that the government password will not need to be present to create the government key -- they can distribute a public hash thats sufficient to encrypt but not decrypt. See PKI and EFS.
This is why we shouldn't have a monopoly on operating systems, yet why it is "almost" state sponsored (local UK government is in bed with MS). All I want is Vista's External Memory Device (EMD) technology or similar in Linux and better game support (don't we all?) Incidentally the UK gov has declared its biometric ID card project will go ahead, albeit optional, unless you need a passport or renew. When take up is large enough it'll made compulsory, then I can see 20 years from now ID cards are implanted for convenience, when takeup is large enough it'll be compulsory. I won't be chipped like a pet dog. That on top of our country having a huge number of CCTV cameras recently installed and plans to track every car in the country.... Democracies and dictatorships are becoming very similar.
You know what the secret code for the backdoor to encrypted data on a harddrive running Vista is gonna be, don't you?
Up-Up-Dn-Dn-Lt-Rt-Lt-Rt-A-B-A-B-Ctrl-Enter
Support the FairTax
Why use this windows crap when PGP is free and available? (though whole disk encyption is pay per view)
"If any question why we died, Tell them because our fathers lied."
Christ! With software like that on your PC... hell, even with its web pages found in your browser cache you are just ensuring that Our Glorious Leaders will continue to torture you until they get the evidence they want. Or you die.
Worth pointing out that keyloggers are exactly the route that the FBI here in the US has taken:
http://www.epic.org/crypto/scarfo.html
That's US v. Scarfo; basically a mobster was using PGP to encrypt his communications and rather than breaking the encryption the hard way, the investigators got a warrant to install a keylogger. I'm not sure exactly how they did it, but I'm pretty certain that it was a hardware device implanted in the keyboard, rather than software. (The warrant they got was pretty much a blanket thing, approval for 'hardware, software, and firmware as necessary...') However they didn't divulge the exact methodology in the trial, because they successfully claimed an exemption under the Classified Information Procedures Act.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
When will the courts realize the bloody obvious fact that bits on a hard drive are evidence of nothing! Until computers are not able to be remotely hijacked with all tracks erased, there's no way to prove who put the bits there!!!
As more and more traditional forms of evidence (audio tapes, photos, DNA records, VOTES for god sakes) become digitized, the more we need to be skeptical of them.
And don't bring up digital signatures so long as keyloggers exist.
"This means that by default your hard disk is encrypted by using a key that you cannot physically get at...
The purpose is to keep the data on my computer from ME. That way, I can't share my data with Linux, or recover an MS-trashed hard drive without Microsoft's permission.
They want to own my computer from day one.
Your CPU dies, and you have to move the drive to another box ... Data? what data?
Find a way to recover your own data without an MS-owned OS? Don't tell anybody or they'll send the cops to your door a'la DVD Jon.
I'm just waiting for the first virus that flips the right switch and trashes people's data or holds it hostage.
Free Software: Like love, it grows best when given away.
If it were possible to have a backdoor in an encryption system, then the whole system would make very little sense as fas as security is concerned!
The backdoor should have an AAA (Authentication, Authorisation and Auditing) sub-system to be sure that is get used for the right purposes by the right people. And this makes really no sense.
Moreover, if I were that funny guy, I would have not published this (ridiculous?) request: if everyone knows that there is a backdoor, none would then use the encryption system!
Good move, guys. Good move!
Maybe Computers will never be as intelligent as Humans.
For sure they won't ever become so stupid. [VR-1988]
I used to use BestCrypt as a means of keeping encrypted volumes, but I found TrueCrypt a while back and have been very satisfied. It's open source, cross-platform, and generally works very, very well. For something as important as encrypted data I want to be able to look at the code myself (and more importantly, I want a lot of other people looking at it so they can blow the whistle on any inappropriate backdoors and such).
"People who think they know everything are very annoying to those of us who do."-Mark Twain
The point of government-crackable encryption is to prevent competitors from snooping on your data. But if the government wants it, you should cooperate.
:(
The problem of course, is when the government is BOUGHT by the industry *cough* RIAA lobbyists *cough*
So it all ends up in Les-Miserables style of breaking the law. Breaking the law is bad, but so is publishing unfair laws. So we either break the law and become fugitives, or throw ourselves into the river
But the Mac has had FileVault for some time now .. does the UK have a back door? Is there a FileVault backdoor?
I guess crimis are kinda dumb by the nature they are crimi but smart folks wouldn't use Vista to store incriminating evidence it would seem to me...
-if at first you don't succeed, stay the heck away from paragliding.
You can do pretty much squat to gain peace of mind if you use a commercial, closed source application.
You can inspect the code, and modify it if you need to, if you use an open source application.
IANAL but write like a drunk one.
The irony is that TPM *is* the backdoor into the system. fudwatcher
davecb5620@gmail.com
Whatever happened to moot, or m-o-o-o-t or whatever it was called?
Boobytraps, both software and hardware are the reason investigators now take the drive out and in extreme cases even take the drive apart before doing anything else. So far nobody has found a way to boobytrap the platters themselves while for someone like the police it is trivial to duplicate a drive/platter and then they can examine the copy at their leasure leaving the original safe for evidence.
The idea that you must use the suspects own computer hardware and software to get the data off would be a nightmare to investigators.
So a brute force attack would not work against a smart suspect. Current brute force attacks only work because systems allow an unlimited amount of logins. Limit this and brute force is death. Think of it like this. Brute force works on doors ONLY if somebody doesn't beat your face in the moment you touch it.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Are we really still this naieve?
Windows Vista--so secure that the government requested we install a back door!
The windows encryption back door wouldn't work against the smart suspects either, because they would be using something open source, which they know doesn't have any back doors. For all the dumb people using default windows encryption, it will work perfectly. They'll be able to brute force the password, and access all the data on the drive, after making a backup copy for evidence in case the machine was booby trapped to delete all the data.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
So your fabulous security is as weak as your alarm system pin.
Is that "truested alarm system" pin?
The sort of folk who want your data that badly are likely to be able to handle your alarm.
What sort of data do you have?
Sam
blog.sam.liddicott.com
There is a dutch saying "zoals de waard is vertrouwt hij zijn gasten". It is a bit hard to translate but goes roughly like this "by his own nature the innkeeper trust his guests".
Meaning that if the innkeeper is a crook he will trust his guests to be crooks. What does trusted computing therefore tell us about Intel MS and the content companies?
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
I must confess I find this concept of a backdoor of this nature to be nonsense. Just like cryptographic export restrictions in the late 90's, there will always be a way to get the software you need to protect yourself. The export restrictions were lifted not because the US government suddenly had a change of heart and discovered protecting personal data was a good thing, but because they figured out the hard way that the rest of the world was going to create and use whatever encryption they needed with or without the US' involvement: either the US government could maintain some limited influence, or they could have none. Plenty of companies already make software to encrypt the data on hard drives (utimaco and others come to mind). Some of these companies are European, few are based in the US or the UK. With regard to intel gathering, any surveillance or early discovery will be as invisible as possible. The best way to do this is to find flaws and notify Microsoft about some of them but not all. Rather conveniently, both the UK and US government already have access to the source code for Windows. The retained exploits would be retained for intelligence use until such time as they become a liability (ie when the exploit is publicly discovered and exploited, putting their own systems at risk). The advantage of this approach is that even with a warrant for the search/discovery, they don't even need to damage the lock on your door and you'll never know they were there.
You shouldn't take this as an authoritative answer, but I believe the answer is no.
On a FileVault-enabled system, the only things which are encrypted are the user's home folder. The default location for swap space is not in the user's folder, ergo it's not encrypted. At least via FileVault, and I can't imagine it would just be encrypted by default using some other means, because that would necessitate a big performance penalty which a lot of users wouldn't be interested in.
The way filevault works is, when you enable it, a variable-sized, encrypted disk image is created at "/Users/.(username)/(username).sparseimage". Then, on login, this image is mounted to "/Users/(username)/". On logout, it's unmounted and compacted. This is all accomplished using the hdiutil program.
The rest of the filesystem is not encrypted, so I don't imagine that swap would be.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
To be "lucky" enough to find yourself on a jury, you must first be lucky enough to live in a country where due process includes trial-by-jury. And even that's no guarantee that nullification will be an option; the regime, with its effective monopoly on force and power, has to recognize (i.e. grant) the jury's right to judge the law as well as the facts.
Jury nullification has a long history in US law, and English law before that, but in the US the courts are making it harder and harder for jurors to nullify unjust laws, for example by replacing jurors who are deemed "uncooperative" by one or two of their fellow jurors with more "cooperative" ones.
Institutions such as NIST test the implementations of the algorithms, then the program either gets certified or not.
The problem is that without certification, we do not know whether what they've implemented is what they think they've implemented*.
The point is that they might use some obscure algorithm nobody knows - which has no guaranteed strength; thus one cannot rely on it. They can also implement standard algorithms such as AES or DES - but were they correctly implemented?
Sure - "why don't you take the sources and look at them yourself?" some might say, but is everybody competent enough to do that?
On the other hand, implementing something and then certifying it, means that:
[a] it was done right
[b] it is as strong as the standard says
In the case of encryption, the strength is in the key itself and in the mathematical basis of the algorithm, NOT in the obscurity of the mechanisms applied within the software.
One minor thing - NIST certification is expensive, I doubt TrueCrypt will pass it, unless some company pays for this. Commercial encryption software is a different thing, if they want to be treated seriously, they must go for it. An example is Private Disk.
* an old saying:
The saddest poem
Although I don't know the man, I just looked up what I think is his blog, and provided he's not lying through his teeth, the Politics and Public Policy section of his blog seems quite agreeable in spirit to me.
He also has some really interesting papers on there. (Check out the "Cocaine Auction Protocol" and "Programming Satan's Computer" -- the first is a methodology for creating an un-mediated auction house, the latter is about programming on untrusted networks.)
Of course, to each his own.
Here's the link:
http://www.cl.cam.ac.uk/~rja14/#Lib
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
I thought governments just tortured people who acted like this, nowadays.
Oh, maybe that's just the US.
MjM
XKCD:Xeric Knowledge Comically Dispen
I actually posted this idea a bit back about how to deal with the RIP law. Build a file system that uses encryption and several passwords. Each password unlocks a different set of data. For example, password 1 on a the drive gives you images of your last Disney trip. Password 2 gives you your porn pics. Password 3 give you your tax records. There is no possible way for someone looking at the apparent random data to know how much actual information is there. So unless they can prove you did not give them all the keys they will be up the creek.
I imagine the system would ask you how much space you want to use then randomly marks out that much space on the drive. The File Allocation Pointer Table points to where the current data is. In order to expand or alter any allocation you would need to ask you if there are any more passwords but it would not know if there are or not. It is also safe if say one user losses their password, as that user data is lost but all other known password protected data is safe.
Another added trick is static data blending. That is where it takes the data on the tracks and mangles it so that depending on which password you use the same area gives you another set of data. This might be useful for the allocation pointer as you could use the same area for many allocations pointer at once. This method could also be applied after the fact to hide read-only data area. You would run a merge on any given directory which would help hide that there is any extra space on the drive at all. This is also really useful for read-only media.
If you combined this with a user based permission system and a file system that only grows as much as each new user is allowed when created you even get a good reason not to have the whole drive used, as we all know they would try to show that that mere fact you had free space is suspect. The other cool thing is that since the password determines access you could have a system with an unknown number of users with an unknown amount of data stored and no way of finding out how much is really there without all the current passwords.
Some of the bad side, well they could make it illegal, the amount of drive space needed would be very large for some sections like File Allocation Pointer Table because it has to be as large as the maximum number of allocations you ever wish to be able have, and if someone tried to expand file system or create a new allocation without knowing all the passwords they would destroy all data for the unknown passwords. The later is both a good and a bad thing.
If I had something possibly incriminating on my PC, I know enough to encrypt it using PGP or something that the government doesn't have a finger in. It doesn't take a great deal of intelligence to RTFM.
They could build backdoors into Solitaire for all I care, it'll just be a backdoor leading to a brick wall as long as there's a firewall in front of it.
This is, once again, an example of "those who don't know, don't care". If you're using the built-in Windows Firewall, then it will silently let these sneak attacks through, and most people using the defaults just don't care about these things, nor are they likely to be the target of a government investigation. Anyone who DOES have something to hide or protect, will load an aftermarket firewall or even set up a linux box in the middle to block intruders and keep the secrets from leaking outside.
Those who are targetted by big brother AND don't cover their tracks are incompetents that should be ensnared and exposed to discourage others. There's good honest people who stay in line, good crooks who stay out of my backyard, and lousy schmucks who screw it all up for everyone.
-Billco, Fnarg.com
Well really it wouldnt take much for a cyber criminal to just use a series of removable hard drives, possibly each encrypted with something else on top of Vista's encryption (if they were really serious 128 bit encryption would be the absolute minimum they would use), and in the event of law enforcement coming to take them down either store the hard drives somewhere or just keep a few microwaves handy to toast them before anyone can get their hands on them.
I mean especially since this news is not exactly a secret Im sure that cyber criminals will think twice before using Vista. Plus really...how many serious cyber criminals would use Windows as their main operating system knowing full well that the Microsoft can so easily be coerced by almost any major government on earth into lending a helping hand in this particular area.
In addition Im sure these criminals are smart enough to see the EASY solution to this problem....USE ANOTHER OS!!!!
If you supplied only the first code the system would see a 100MB partition, not 50MB. It would see the 50MB hidden partition as free space, and would begin overwriting it if data were modified.
The algorithm does in fact provide plausible deniability.
I'm not sure about the UK, but in the USA, wouldn't this be a 5th amendment rights issue?
The summary states that this black hole is desirable for "fears that evidence could be lost by suspects claiming to have forgotten their encryption key", but why would a suspect have to say they lost their encryption key? Why not just plead the 5th?
The 5th amendment states: "No person shall [...] nor shall be compelled in any criminal case to be a witness against himself [...]"
I honestly do not believe that the contents of a person's hard drive falls into the same category of evidence as eye witnesses or DNA. A personal computer's hard drive, particularly one with an encrypted file system, is effectively an extension of that person's memory and hence any data extracted from it seems very much like testifying against oneself.
http://brandonbloom.name
I find these restrictions on encryption really retarded. The strength of an encryption algorithm doesn't necessairly depend on if its 128 or 256 bit encryption, but rather the implementation. Its kind of like Titanic, nobody thought it could be sunk, but a weak implementation sunk it.
Can you imagine this headline: "Government Wants a Backdoor Into Linux"
There would be world-wide laughter, and Linux would continue as before.
Only proprietary software is weak to government control.
Britain has sadly already become a police state. Only criminals and cops have guns, cameras everywhere, illegal to state non-liberal opinions, and now this. Once the control structure is fully in place, most Brits will find themselves being openly persecuted. Anyone want to bet how long it will be before they start implanting RFID chips in everyone? They'll start with the kids and say it's for safety.
Unfortunately, some in the U.S. want that here. I hope the red states can save us.
(Police knock on the door...)
"Sir, according to the National Data Terrorism Act of 2025, you must now submit to a brainscan to reveal the encrypted data stored in your Microsoft On-Board(tm) Neuro-Chip. Never fear, though, you are still protected from self-incrimination in court--you won't hve to reveal your private thoughts. Well, voluntarily, anyway. And don't worry, this will only hurt a bit."
The music industry trusts it. The movie industry trusts it. The government trusts it. The only people who can't trust it are the owners of the equipment on which it runs...
The race isn't always to the swift... but that's the way to bet!
See this: Sociology of government access.
The U.S. government openly stated it wanted access to all Windows computers. It got that by exploiting Microsoft sloppiness.
And once it exists, how long before the **AA is demanding that legislators give them access to it as well? After all, they clearly feel that protection of their IP rights is more important than anything else -- and they have money to make themselves heard in this regard.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Maybe his long term goal is Muslim rule (though I'm not conviced he's anything more than a power hungry madman who's merely using Islam) but his short term goals generally revolve around hurting/killing people and the general undermining of societies he doesn't like.
He doesn't like our way of life, with our quasi-democracy and capitalism and relative tolerance of different faiths. And every time we change our way of life, every time we give up one of our rights in the name of "fighting terrorism" we are delivering a victory to him and people like him.
see subject.
Microsoft can't get the damn front door to work properly as it is, which is why you have to use the Windows in the first place. You think they can properly implement a back door? Shit, there's no walls to begin with!
"UK Government Wants a Backdoor Into Windows"
Makes a change, Tony Blair's been making his back door available to Bill Gates since he came to power.
Hmmmmmm..... Deep fried and look like Squirrel.
Don't they all come with thousands of preconfigured remote access vulnerabilities already? I think the UK Government just wants to have one for their very own so they can be l33t too.
if I claimed I was emperor just because some watery tart lobbed a scimitar at me they'd put me away!
OK, well, if the government pushes this, can we get parity to make all paper shredders scan documents as they pass through so we can recover the "lost" documents that certain officials always seem to have a problem finding during corruption and power abuse investigations?
It's only fair...
I don't read ACs: If a post isn't worth so much as a nom de plume to its author then I wont bother either.
This post is not a troll. He is making a valid and reasonable point. If you disagree with his point, be a man and respond accordinglyto it. Don't mod it down so other people cannot read it.
Sheesh.
It's not a lie. It's the truth with lossy compression.
Forgive me, but I would have expected more from one of the UK's top two universities.
That's probably because it is a smart move by smart people that you (and a lot of others) just don't get, rather than a dumb move by smart people.
See eg. the responses to http://yro.slashdot.org/comments.pl?sid=177490&ci
You know what the secret code for the backdoor to encrypted data on a harddrive running Vista is gonna be, don't you?
If president Jr. get to pick it, I'll bet it is 1-2-3-4-5.
HA! I just wasted some of your bandwidth with a frivolous sig!
oh please, yes please. switch on encryption that uses TPM. then all it takes is a virus to overwrite the TPM keys in the BIOS memory and that's it - game over: your entire hard drive rendered useless. mwhahahahah
I made this comment a long time ago when TCPA was first floated - that by encrypting your hard disk to keep out hackers and the like the government would not have access to your data and would request a backdoor, thus negating any protection you have in the first place. The "T" in Trusted Computing Platform Alliance stands for "Trusted" and if there's a backdoor then there can't be very much trust for the user can there?
The TCPA has to realize that a secure system is impossible in today's political climate as the government will want in and if the government can get in you or I will eventually find a way in as well.
ensuring that Our Glorious Leaders will continue to torture you until they get the evidence they want. Or you die.
The really scary thing is that the president of China was the second "Our Glorious Leader" I thought of when I read that.
P.S.
I and the other happy happy citizens over on this side of the pond send our deepest empathy with you and the happy happy citizens on your side of the pond. The joy I feel at seeing your government and your Glorious Leader emulate and work hand-in-hand with my government and my Glorious Leader... well lets just say that the english language contains no adjective I could possibly attach to "joy" which would adaquately and correctly express the emotion it brings to my heart.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
Actually, that's not a good argument because I haven't seen any MS executables recently...and routinely mark as junk anything that claims to come from or relate to MS.
There may well be loads of falsely signed MS files...and I'd never know. How would you know? (Remember, they are claiming, with appearant, though forged, validity, to come from MS.)
I think we've pushed this "anyone can grow up to be president" thing too far.
And so, inevitably, the Powers That Be(TM) competing to dominate the lives of the Minions(TM) come into conflict.
If the governments get their way, there will be no true encryption permitted, because otherwise they can't spy on people.
If there is no true encryption, there is no point whatsoever to having the TPM, the entire DRM concept just got screwed, etc. It doesn't matter whether it's "only governments" who can break the codes, because someone will crack/leak/otherwise work around that restriction within days, and the Internet will do the rest within hours.
So, the media industry's current prime directive and major investment just came into direct opposition with the government's current prime directive and major political hot potato. The blue touch paper has been lit; please retire to a safe distance, and wait to see which of the rights you thought you were losing will be staying after all...
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
In the US, 12 September 2001.
In the UK, 8 July 2005.
You get the idea.
After a major terrorist act, the population is angry, not rational. Many are personally affected by the attacks. Thoughts of proportionate responses and civil liberties are overwhelmed by fear and grief.
This is, of course, the ideal time for a government to try to increase its own power at the expense of the people it should represent. This goes double for governments with only a tenuous hold on power, as is usually the case in the US because of its two-party politics, or for governments whose very mandate is dubious, as is the case of Blair's UK government (which didn't actually win the popular vote in England, and has often relied on the votes of Scottish MPs to push through controversial legislation to which their own constituents will be immune because the Scottish Parliament will decide for them separately).
Hence it is precisely in the wake of a terrorist atrocity that we should be keenest to protect our civil liberties, for it is at these times that they will naturally come under the gravest threat.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Windows wants a backdoor into the UK gov't, so let's just call it even.
I get even with that kind of person when I meta-moderate, which is every day.
-ccm
Too much Law; not enough Order.
Chill man. This whole article is about what may be in the final release of Vista. My statements were obviously based on the (lack of) security in the current version of windows, which would be XP. No, I don't know that the same weakness will exist in Vista, however, considering that the same basic problem has been present since NT 4 (and possibly earlier), my guess is that it will be in Vista as well. They've made minor improvements between versions, such as implementing a "system key" to encrypt the SAM database, however, the same basic flaw has been present for something like 10 years now.
Is this a Mr. Smith? Mr. Anderson should be someone to prevent Backdoors, not create them. Or is the Neo in him trying to trick the Matrix with its own weapons?! ;-)
about which part?
Like we need any more reasons not to buy Vista. This is just lovely.
Remind me again why someone who wants to keep anything personal/may-get-you-arrested would use Windows? Oh wait, I just answered my own question! (They don't, didn't you get it?)
Really... why would anyone need a backboor to be written purposefully into windows?
So, if I have files of random noise on my machine for testing audio systems, or random data for testing data modems and the government contends that it is actually encrypted data and wants the key, how in hell am I going to get them off my back?
Oh well, what the hell...
Maybe not. As anyone who has read this classic essay by Ken Thompson knows, the only way you can really trust a peice of software is if you not only wrote it yourself, but also wrote (or created) the OS, the compiler all the libraries you app is linked against and even the hardware your software runs on. Any one of those items could easily be modified to detect that you are compiling or running a "significant" application and insert a back door into it.
Prove i didnt just forget.. Im rather forgetfull, and with all the stress of being questioned for a crime i didnt commit ive totally spaced the password.
---- Booth was a patriot ----
You've said how it would get installed, not how you would know. Would MS scream to the rooftops...if they weren't forced to?
Not every illicit software attempts to reformat your hard drive. Most of it is "sleeper" software, that hides its presence until it's asked to do something. And software can sleep for a long time on a large hard disk without being noticed.
I think we've pushed this "anyone can grow up to be president" thing too far.
Anybody know if StegFS described in http://www.cl.cam.ac.uk/~mgk25/ih99-stegfs.pdf/ is actually available? Plausibility deniability of the knowledge of keys to unlock deeper levels of encyryption is an explicit goal of the project.
I thought that's what torture was for? Don't tell me the Brits are too squemish to use the iron maiden these days. Come on GB, I know you still have it in you!
Since when do you need anything special to access a Windows drive??
My fav is the book "Don't click the Blue 'e'"
This article was published in 2000 and it concerned Windows 2000 machines. We're almost two operating systems ahead of that. Does anyone know whether or not China actually found any 'backdoor' code in the Windows 2000 OS or if they've changed the operating system which government officials use?
no text means no text
This space available.
Do a Google search. He keeps pushing his own commercial encryption software.
Clever signature text goes here.
Compare http://news.bbc.co.uk/1/hi/uk_politics/4713018.st
Prof Ross Anderson encourages government for crypto backdoor in windows vista
With this http://pgp.mit.edu:11371/pks/lookup?op=vindex&sear ch=0x4B2700B9
The Professors PGP key to keep his e-mail private.
Are we cynical yet?
Anyone quoted by a reporter knows how little they understand
Don't believe what you read is the truth.
Darwin source is available; I don't know if FV is included there or in the proprietary higher levels of the OS. I'm inclined to say it isn't though, logging in via >console or ssh doesn't decrypt and mount the drive.
Facts do not cease to exist because they are ignored. - Aldous Huxley
M$ has no business putting backdoors in windoze, or anything for that matter. People have a right to encrypt their data. I for one will NOT buy Vista. I've been using linux for over a year, and it is sooooooo much better than windoze anyway. If only we can convince the rest of the world.
There's no place like 127.0.0.1