Bugs/Vulnerabilities Authorised by NSA etc ?

This thread is meant to be ONLY about complicit Bugs/Vulnerabilities, & NOT the NSA revelations going on in the other thread

*

Questions have been often poised on here, & other forums, going back years, about whether or not @ least "some" of the B & V's are actually Intentional ? After the latest revelations, which thankfully are All over even the mainstream media, about the NSA & companies being, not just in bed together, but in & out of them, Literally, we "might" conclude that not all B's & V's are Unintentional, or only due to sloppy/poor coding !

Here's a recent one, which "might" be due to sloppy/poor coding, but ?

Over the years there have been Many such things happening. I expect that a lot more will surface too. And what about the "Known Unknowns" that might never be detected ?

 

One doesn't have to look that far to find some glaring examples that are hard to explain any other way.
Claims that SSL is broken by design. http://cryptome.org/0005/ssl-broken.htm

Applocker and SRP designed to be circumvented.
https://www.wilderssecurity.com/showthread.php?t=291467
https://www.wilderssecurity.com/showthread.php?t=291593
These are just the tip of the iceberg. It's when you look at the changes in Windows starting in the 9X years, couple that with other security-ware developments, then follow it to the present that a pattern of behavior appears. No, it's not actual "smoking gun" proof, but given who we're discussing here, I doubt we're going to see documented evidence.

 

This is strange. Where are the naysayers? No one calling us paranoid? No "tin foil hat" comments? How quiet they become when reality hits like a sledgehammer.

More food for thought. Quite a few years back, very similar claims were made regarding PGP. Look up some of the controversy regarding this and the CKT (Cyber Knights Templar) versions. Here's a starting point. http://www.wisegeek.com/what-is-the-best-version-of-pgp.htm You'll need archive.org to find the original pages, claims, etc as most of them have been removed long ago. Out of curiosity, I decided to check the sources where the CKT versions of PGP were still available. There were only a few left to start with. Several of those are gone now.

 

OK... since it seems no one is accusing anyone of being paranoid, what about asking also the following, considering that about AppLocker/SRP: How far can we trust Windows own firewall?

That said, that could lead us to another question: How far can we trust Windows itself?

Even if we could trust Windows at the moment, would you trust its own firewall? I recall that when I first set up Windows 7 I noted that it made connections to Microsoft/whoever else through Teredo, which I had forgotten to disable.

 

If MS were to implement a backdoor why would they use AppLocker for it? It's barely used, even in enterprise/ servers, and not even default installed except on specific versions.

Here's the threat you're proposing:

Microsoft is implementing backdoors into its software.

Ok. So there's really only one solution once you consider this a threat - don't use MS or any of their products. It's not "Don't use Applocker" it's not "Don't use X" it's "Don't use Windows or MS products". They package the entire system, including the kernel - you can't defend against them if they're backdooring the system because the kernel is considered a trusted resource by all programs on the system.

If you do believe that these are backdoors (I personally don't think the applocker one is a backdoor, haven't read the SRP) then why are you running Windows?

 

This is pretty much it. Either use it and quit worrying about it, or use something else.

 

A very interesting question with a lot of factors to consider. For me, there's several factors that will end my ability to trust a version of Windows.

1. If it won't function without giving internet access to OS components like svchost, I don't use it.
2. If I can't close all of the ports, not block them with a firewall, completely close them by disabling the service that opens them, I consider it insecure and possibly backdoored by design.
3. If I can't completely disable or remove services and components that I don't need, I don't use it.
4. If I can't control the inter-process activities of apps and especially services with a classic HIPS, I don't trust it. This includes any OS that won't allow the hooks made by classic HIPS.

Recent revelations about MS working with the NSA got me thinking about other potential issues with Windows.

Online activation. I wonder if the activation process creates a unique UUID that MS logs at the time. If so, I might need to reconsider using XP for anything of consequence and save those tasks for Win 2K and older systems that don't need activation.

DNS service. This would be an easy way to get a list of all recently accessed sites.

I've long thought that the NT versions of Windows were designed to be spyware. Recent revelations have only reinforced that belief.

 

Hungry man,
Applocker was just one example in a long pattern of behavior, one that just got reinforced with more revelations regarding their cloud services and encryption.

It's not that simple. Show me an OS that is completely free of NSA "help" or influence. They've had their influence on linux. MS has contributed a lot of code to linux. Show me a version that uses no MS code whatsoever. It's a safe bet that the NSA has done the same with MACs. There is no ideal alternative. No matter how you approach it, the decision of what to use is a compromise. There is another possible course one can take, one with compromises of its own. One can choose an OS that predates the worst of the spying, a pre 9/11 OS, and limit the official updates to those released before that date.

 

I've only heard good things about MS encryption but the point isn't really whether I personally believe they have it backdoored. I really don't know, and I can't know.

Yes, but the code is open and out there. And we know which code the NSA has had their hands in on Linux, because their development has been out in the open. So while the NSA may have backdoor'd SELinux, which they've contributed to, they can't backdoor code they haven't touched. So if you wanted to you could simply disable SELinux and compile a kernel completely free of it. You could probably remove all code that they've touched - same with MS, which has only committed stuff for virtualization drivers and whatnot.

In Windows the kernel is packaged by MS and you have no clue if the NSA has had their hands on any particular piece of code - they could have added a vuln in the TCP/IP stack, which would mean remote kernel exploitation, bypassing *any* security software on the system.

On Linux the TCP/IP stack is open, and I don't think the NSA has ever touched it publicly. Even if they had it's some of the most heavily vetted code in the project.

There are also projects in the future that will mitigate certain backdoors (where credentials are verified) but there's not much information on this right now.

So you can't be positive that the NSA hasn't backdoored Linux - they could have a backdoor in GCC, but it's much easier to trust an open project than a closed one for the reasons listed above.