Slashdot Mirror

← Back to Stories (view on slashdot.org)

No Backdoor in Vista

Posted by ryuzaki0 on from the inappropriate-comments-aplenty dept.

mytrip wrote to mention a C|Net article stating that Vista will not have a security backdoor after all. From the article: "'The suggestion is that we are working with governments to create a back door so that they can always access BitLocker-encrypted data,' Niels Ferguson, a developer and cryptographer at Microsoft, wrote Thursday on a corporate blog. 'Over my dead body,' he wrote in his post titled Back-door nonsense."

10 of 269 comments (clear)

  1. Right. by Fantastic+Lad · · Score: 5, Insightful
    Over my dead body,' he wrote in his post titled Back-door nonsense."

    I suspect the NSA, (who I seem to recall left a few stray tags lying around in a previous version of Windows' code), would look at you dead-pan and agree.


    -FL

    1. Re:Right. by hey! · · Score: 5, Insightful

      I'd be disappointed if NSA ever resorted to anything so crude. NSA is an agency of savants not a mob of freebooting bucaneers. Assasination is so CIA.

      NSA surely is well aware of the way that trust can, unintentionally, propagate. Everybody trusts something; if somebody doesn't want to cooperate, you obtain his unwitting cooperating by coopting something he trusts. Does he personally supervise the building of every release and patch? Certainly not. He trusts the release process to carry out his intentions. Even if the individuals involved are not cooptable, they trust their compilers to generate object code that is perfectly isomorphic to their source code. Those who do not trust compilers trust their debuggers, disassemblers and operating system utilities.

      Those who do not trust their operating system utilities, and live-boot from randomly chosen operating systems or remove their hard disks and examine them using a hand coded manchine language program on a custom built computer lacking a bios or operating system to be subverted, still trust the network to transfer their object code to the mastering facility, or their optical disk burning software to burn the image accurately. Or they trust the facility to read that data correctly, and to press it as they intended to the distribution media.

      Those who trusted none of this and checked the hard disks by hand coded machine code on a hand wired computer without BIOS or operating system probably deserve assasination, but even so this is hardly necessary, since everyone gets patches over the Internet. A simple black bag job to retrieve the signing keys, and nobody can trust anything anymore.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
    2. Re:Right. by Zeinfeld · · Score: 5, Insightful
      I think it's much easier for MS to sack him and then change the code.

      I know Niels, he certainly would not have any difficulty getting another job. He was pretty well known before he went to Microsoft. He was the cryptographer who worked on Two-Fish with Bruce Schneier. Microsoft has been hiring pretty much all the top security talent they can over the past five years.

      Cryptography and data security is pretty much a guild craft. If Niels made such a categoric statement and it turned out to be untrue his personal reputation would be severely damaged. Microsoft can't force him to lie for them and since he works in the Netherlands trying to would be most inadvisable.

      --
      Looking for an Information Security student project suggestion?
      Try http://dotcrimeManifesto.com/
  2. What else would he say? by mangus_angus · · Score: 5, Insightful

    "The suggestion is that we are working with governments to create a back door so that they can always access BitLocker-encrypted data,' Niels Ferguson, a developer and cryptographer at Microsoft, wrote Thursday on a corporate blog. 'Over my dead body,' he wrote in his post titled Back-door nonsense."


    I think we would be reading about his dead body if he came out and admitted that there were backdoors being put into Vista.

  3. "Trust me," he said by replicant108 · · Score: 5, Insightful

    'Over my dead body,' he wrote

    The problem with closed software is that we have to take his word for it.

  4. Re:Prove it. by ROOK*CA · · Score: 4, Insightful

    We have no reason to believe this claim -- doubly so given that Microsoft has lied repeatedly in the past.

    I'd be willing to bet that even Microsoft would not be willing to go so far as to create intentional "backdoors" in their encryption to facilitate government (Law Enforcement) access. First off I don't think the government (at least those in the UK and the US) have the power to legally force them into doing it, and secondly if they did it voluntarily one would think the public outcry would be deafening and severly damaging to Microsoft (and it seems that "keeping it quiet" would be nearly impossible).

    I generally don't trust the government as far as I can throw them, and I don't trust Microsoft much farther than that, but I think the suggestion that they are colluding in something as nefarious as this is a bit in the Tin Foil Hat realm.

    Besides how would they "prove" they aren't doing it? release the source? as if ..... :)

  5. AHA! by der_joachim · · Score: 5, Insightful

    So it's a secret backdoor. :-)

    --
    Geek runner, motorcyclist and professional know-it-all
  6. ... that he knows of. by dprovine · · Score: 5, Insightful

    Aside from the obvious "what about buffer overruns?" questions, aimed at the usually poor competence Microsoft shows in writing code, there's also "what about cryptographic strength?" question -- maybe the NSA already has a simple and fast way to break whatever encryption BitLocker will end up using.

    And, of course, there may well be several people working at Microsoft who actually work for the NSA or MI-6 or the FSB. (I'd be astonished if there weren't at least a few such people on the Microsoft payroll.) Those people may well do things as described in Reflections on Trusting Trust, without letting their superiors know.

  7. Re:You're right! by timeOday · · Score: 4, Insightful
    So, it comes down to a question of who do you trust: college kids who have nothing at stake, or companies that have everything at stake?
    1) the point isn't for every user to check the code, just for a few people or companies to do it and distribute the checksums. It's not that the open source world trusts anybody in particular, but it's impossible to keep a secret once several people with different interests know it.

    2) You're wrong to state that open source is just about college students and not companies. There are many many companies with an interest in Linux being secure.

    3) Why do you assume a company would be trustworthy? Having something to lose makes them vulnerable to government pressure. Look how fast all the search engines caved in to China.

  8. The backdoor may be in the hardware by Animats · · Score: 4, Insightful
    Intel, HP, Dell, and Toshiba are including the Intelligent Platform Management Interface (IPMI) in many of their machines. IPMI is a "remote administration" tool embedded in the LAN hardware. It looks at UDP packets (on ports 663 and 664) and performs various commands on the target machine, completely independently of the operating system. Here's the IPMI 2.0 rev 1 specification, a rather long PDF.

    IPMI is very powerful. An IPMI session starts with a Presence ping Any machine with IPMI hardware should answer a "presence ping" on UDP port 663. This identifies an IPMI-capable machine, and returns some vendor info. Anyone can send this. This should work even if the machine is "turned off", as long as it has standby power and is on a LAN.

    Then, there's a challenge-response authentication sequence. More on this later.

    Once you're in, here are some of the things you can do:

    • Power up the system. Power it down. Force a hard reset. Force a power cycle. Force a phony overtemperature condition (in hopes of getting a clean OS shutdown.).
    • Disable front panel controls (power off, reset, and standby buttons.) Yes, that's really in the protocol. See section 28.6 of the specification. Remote control can also lock out the keyboard and blank the screen.
    • Set system boot options Or, what OS do we want to run today? These include useful tools like "bypass user password".

    There's more. Much more. Basically, you can remotely take over the machine, turn it on, inventory the hardware, load an operating system, boot it up, and talk to it.

    IPMI's back channel can do more than this. With some help from the operating system (and yes, it's supported in Windows) you can do more remote administration functions. This is great for administering your data center remotely. But it has darker implications.

    Supposedly, most machines are shipped with IPMI mostly turned off, unavailable until a program is run on the machine to load in the keys that enable it. Supposedly.

    Thus, all it takes for IPMI to be a "backdoor" is for a set of secret challenge/response keys to be preloaded into the IPMI chip. There's no way to read those keys. Short of taking the chip apart, gate by gate, there's no way to tell if there's a backdoor in there. Or a set of keys might be loaded by the system integrator before shipping the system. You can't tell. So that's where to put a backdoor, where no one can find it.

    There's an open source, OpenIPMI, for sending IPMI commands on Sourceforge. Send "Presence pings" to the machines you have and see if they answer.