Slashdot Mirror

← Back to Stories (view on slashdot.org)

No Backdoor in Vista

Posted by ryuzaki0 on from the inappropriate-comments-aplenty dept.

mytrip wrote to mention a C|Net article stating that Vista will not have a security backdoor after all. From the article: "'The suggestion is that we are working with governments to create a back door so that they can always access BitLocker-encrypted data,' Niels Ferguson, a developer and cryptographer at Microsoft, wrote Thursday on a corporate blog. 'Over my dead body,' he wrote in his post titled Back-door nonsense."

14 of 269 comments (clear)

  1. is Niels Ferguson.. by Pavel+Stratil · · Score: 5, Funny

    going to die soon? (nothing personal)

    1. Re:is Niels Ferguson.. by gnarlin · · Score: 5, Funny

      Steve Balmer, in the converence room, with the chair!

      --
      A bad analogy is like a leaky screwdriver.
  2. Balmer Says... by aragod · · Score: 5, Funny

    I believe that can be arranged...

  3. Right. by Fantastic+Lad · · Score: 5, Insightful
    Over my dead body,' he wrote in his post titled Back-door nonsense."

    I suspect the NSA, (who I seem to recall left a few stray tags lying around in a previous version of Windows' code), would look at you dead-pan and agree.


    -FL

    1. Re:Right. by hey! · · Score: 5, Insightful

      I'd be disappointed if NSA ever resorted to anything so crude. NSA is an agency of savants not a mob of freebooting bucaneers. Assasination is so CIA.

      NSA surely is well aware of the way that trust can, unintentionally, propagate. Everybody trusts something; if somebody doesn't want to cooperate, you obtain his unwitting cooperating by coopting something he trusts. Does he personally supervise the building of every release and patch? Certainly not. He trusts the release process to carry out his intentions. Even if the individuals involved are not cooptable, they trust their compilers to generate object code that is perfectly isomorphic to their source code. Those who do not trust compilers trust their debuggers, disassemblers and operating system utilities.

      Those who do not trust their operating system utilities, and live-boot from randomly chosen operating systems or remove their hard disks and examine them using a hand coded manchine language program on a custom built computer lacking a bios or operating system to be subverted, still trust the network to transfer their object code to the mastering facility, or their optical disk burning software to burn the image accurately. Or they trust the facility to read that data correctly, and to press it as they intended to the distribution media.

      Those who trusted none of this and checked the hard disks by hand coded machine code on a hand wired computer without BIOS or operating system probably deserve assasination, but even so this is hardly necessary, since everyone gets patches over the Internet. A simple black bag job to retrieve the signing keys, and nobody can trust anything anymore.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
    2. Re:Right. by Zeinfeld · · Score: 5, Insightful
      I think it's much easier for MS to sack him and then change the code.

      I know Niels, he certainly would not have any difficulty getting another job. He was pretty well known before he went to Microsoft. He was the cryptographer who worked on Two-Fish with Bruce Schneier. Microsoft has been hiring pretty much all the top security talent they can over the past five years.

      Cryptography and data security is pretty much a guild craft. If Niels made such a categoric statement and it turned out to be untrue his personal reputation would be severely damaged. Microsoft can't force him to lie for them and since he works in the Netherlands trying to would be most inadvisable.

      --
      Looking for an Information Security student project suggestion?
      Try http://dotcrimeManifesto.com/
  4. What else would he say? by mangus_angus · · Score: 5, Insightful

    "The suggestion is that we are working with governments to create a back door so that they can always access BitLocker-encrypted data,' Niels Ferguson, a developer and cryptographer at Microsoft, wrote Thursday on a corporate blog. 'Over my dead body,' he wrote in his post titled Back-door nonsense."


    I think we would be reading about his dead body if he came out and admitted that there were backdoors being put into Vista.

  5. "Trust me," he said by replicant108 · · Score: 5, Insightful

    'Over my dead body,' he wrote

    The problem with closed software is that we have to take his word for it.

  6. Ballmer to his secretary: by Anonymous Coward · · Score: 5, Funny

    - Get me Ferguson... tell him we're going hunting. Yes, hunting. With Cheney.

  7. AHA! by der_joachim · · Score: 5, Insightful

    So it's a secret backdoor. :-)

    --
    Geek runner, motorcyclist and professional know-it-all
  8. Dear Niels I hate to break it to you but... by badzilla · · Score: 5, Interesting

    ... you won't be in the loop if/when it gets compromised.

    A quick look at the "Crypto AG" fiasco makes it plain how very much governments want backdoors. "For decades, the US has routinely intercepted and deciphered top secret encrypted messages of 120 countries." Imagine the power some entity would have if it could peek into any Windows system at will - the temptation must be making their toes curl.

    Whether or not there is a top-level agreement with top-level spooks it is still unlikely that local lawmen will be allowed to know about it. So what exactly IS Microsoft planning to do when they inevitably get a request to "help" with an encrypted drive?

    --
    "Don't belong. Never join. Think for yourself. Peace." V.Stone, Microsoft Corporation
  9. ... that he knows of. by dprovine · · Score: 5, Insightful

    Aside from the obvious "what about buffer overruns?" questions, aimed at the usually poor competence Microsoft shows in writing code, there's also "what about cryptographic strength?" question -- maybe the NSA already has a simple and fast way to break whatever encryption BitLocker will end up using.

    And, of course, there may well be several people working at Microsoft who actually work for the NSA or MI-6 or the FSB. (I'd be astonished if there weren't at least a few such people on the Microsoft payroll.) Those people may well do things as described in Reflections on Trusting Trust, without letting their superiors know.

  10. No Backdoor in Vista by Anonymous Coward · · Score: 5, Funny

    microsoft operating systems begining with windows 95 have never really needed a backdoor, especially since the front door is left wide open.

  11. Details by truthsearch · · Score: 5, Informative
    Here are more details on the NSA keys in Windows:

    For at least Windows 95 OSR2, 98, NT, and 2000 Microsoft has included a secret cryptographic key owned by the U.S. National Security Agency (NSA). It's most likely that the NSA's key exists within Windows so U.S. government users of Windows can run classified cryptosystems on their computers. But it has been kept secret and it does provide the potential for abuse. "According to Fernandez of Cryptonym, the result of having the secret key inside your Windows operating system 'is that it is tremendously easier for the NSA to load unauthorized security services on all copies of Microsoft Windows, and once these security services are loaded, they can effectively compromise your entire operating system.'" Users of Windows outside the U.S. should be especially concerned that the U.S. government can possibly gain security control over their computers. Users within the U.S. should also be concerned that Microsoft has provided the government with a secret back door that they can exploit. (Campbell, Duncan. "How NSA access was built into Windows." Heise Online 4 Sept 1999)
    --
    Developers: We can use your help.