Backdoors?

Discussion in 'privacy general' started by earth1, Apr 3, 2005.

Thread Status:
Not open for further replies.
  1. earth1

    earth1 Registered Member

    Joined:
    Oct 17, 2004
    Posts:
    177
    Location:
    Kansas, USA
    How strange! If you're using the computer when daylight savings phases in or out, MJRW alerts on every file it is watching. The only change, of course, is that each file's timestamp suddenly shifted by one hour. I got a good chuckle out of that one.

    EDIT: I don't know if they even have daylight savings time in England. Would it entail moving each monolith at Stonehenge 15 degrees around the circle? :)

    EDIT #2: If Bill Gates has his way with Trusted Computing, ordinary mortals like you and I (and anyone who isn't a programmer at Microsoft) would only be able to test the effects of DST two times a year because we wouldn't be able to set the system time to an unapproved value. Suddenly I'm no longer amused!
     
    Last edited: Apr 3, 2005
  2. Graphic Equaliser

    Graphic Equaliser Registered Member

    Joined:
    Nov 5, 2004
    Posts:
    411
    Location:
    London England UK
    Re: MJ Registry Watcher

    In the UK, we certainly do have DST, and MJRW alerted me on every file, saying that their date and timestamp had changed by an hour. However, I think this is some bug with WinXP Pro SP2, because the file's date and timestamps do not *actually* change at all - it just reports it as changed for about an hour and then they change back again! Bizarre.

    As for "Bill Gates' Trusted Computing", this can only be an oxymoron. The proof can be read about at http://www.theregister.co.uk/content/4/17679.html with more on my website at http://www.jacobsm.com/techgripe.htm

    Since I have nothing secret on my computer (my code is uncommented and multi-statement lines, so nobody will decipher it easily without high intelligence - something government agency employees do not have any of, or they wouldn't be doing what they're doing!), I do not fret about the permanent Microsoft DNS TCP/IP entry in my list when running TCPView from www.sysinternals.com, under the unresolvable process name "System:4", and it would not worry me if Bill could see what I'm typing now. However, this does not apply to everyone, and M$ should state that they can snoop on anyone using their OS's, on the boxes they sell them in, as the German MOD engineers discovered to their amazement. "Automatic Updates" is how they repackage this stuff nowadays - even if I turn it off, I still get the Microsoft connection listed.

    Perhaps this knowledge was not as common as I thought.
     
    Last edited: Apr 4, 2005
  3. spm

    spm Registered Member

    Joined:
    Dec 9, 2002
    Posts:
    437
    Location:
    U.K.
    Re: MJ Registry Watcher

    When you make such observations, you might like first both to get your facts right and also to understand what they mean. If you read properly at what TCPView reports you will almost certainly see the port in question is microsoft-ds (NOT "Microsoft DNS"). This is actually port 445 (not the DNS port 53), and you will find the system is listening on both UDP and TCP port 445.

    Port 445 is used by the Common Internet File System (CIFS), an enhanced version of the Microsoft Server Message Block (SMB) protocol. It is the native file-sharing protocol used by Windows 2000 and later.

    You, however, are implying that MS is listening to your sytem from outside using a fictitious 'Microsoft DNS' port. This is simply untrue. Then again, since you seem to go by much of what "The Register" says, I'm not surprised at yoiur erroneous conclusions.
     
  4. info

    info Guest

    Re: MJ Registry Watcher

    spm is right and it is entirely possible to close all ports in Windows 2000 if you're not running a network. How would they attack the operating system when it isn't listening? Your only concern then would be which applications you run that open ports.
     
  5. Graphic Equaliser

    Graphic Equaliser Registered Member

    Joined:
    Nov 5, 2004
    Posts:
    411
    Location:
    London England UK
    Re: MJ Registry Watcher

    My apologies - I wasn't trying to stir anything up - just to bring your attention to that Register article and the Spiegel's original article. TCPView probably wouldn't list secret M$ backdoors anyway. Such things, if they really exist (and they do, according to the German MOD), would not be accessible through any MFC API. As the OS's evolve, they become ever more complicated, and more difficult to reverse engineer.

    What I am saying is that the existence of a M$ backdoor is not speculation : it is fact. Sure, you can disconnect yourself completely from the outside world, but then you're no longer a terrorist threat.

    Personally, I do not mind being spied on 24 hours a day. I have nothing to hide - in fact, it gives me more people to share my startling spiritual revelations with!
     
  6. spm

    spm Registered Member

    Joined:
    Dec 9, 2002
    Posts:
    437
    Location:
    U.K.
    Re: MJ Registry Watcher

    This is complete and utter FUD. Since you are obviously into conspiracy theories in a big way, why don't you share attributed proof of your 'facts' so that we can all examine it intelligently and come to an informed conclusion?
     
  7. Graphic Equaliser

    Graphic Equaliser Registered Member

    Joined:
    Nov 5, 2004
    Posts:
    411
    Location:
    London England UK
    Re: MJ Registry Watcher

    If I had documentary evidence from the German MOD team who reverse-engineered Windows that proved back-door snooping abilities (easy access for the NSA et al), I would not be currently alive. That is the nature of this society - if anyone gets near proving anything, they suddenly die. A good recent example is Hunter S. Thompson ( http://sfgate.com/cgi-bin/article.cgi?f=/g/a/2005/02/23/notes022305.DTL&nl=fix ), because the last 2 articles he had evidence for, were the gay boy prostitute ring at the Whitehouse, and the WTC collapse being caused by demolition charges planted on every floor. One or both were too near the mark for him to carry on in a "demoncrazy". Thank God I can't prove it!

    But if anyone tells me it's wrong to speculate, I start wondering what they've got to hide. This is just my humble opinion.
     
    Last edited: Apr 5, 2005
  8. spm

    spm Registered Member

    Joined:
    Dec 9, 2002
    Posts:
    437
    Location:
    U.K.
    Re: MJ Registry Watcher

    Good grief. There's obviously no reasoning with someone whose mind 'works' the way yours does.
     
  9. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    Re: MJ Registry Watcher

    Good grief is right ! When did this thread JUMP off the track ?
     
  10. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Re: MJ Registry Watcher

    Reading between the lines, I perceive that GE is slightly serious, but mostly just giving a yank on our respective chains. Sorta like my cardiologist -- he's a great doc, but insists that X-files writers got their plot lines from true stories. :eek:

    "Ah well, each to her own tastes," as the lady said when she kissed the cow. :cool: :D :p :D *puppy*
     
  11. observer

    observer Guest

    Re: MJ Registry Watcher

    I was beginning to think that someone had trojan'ed graphic's computer and/or swiped his wilders login cookie (using a browser exploit)
     
  12. Graphic Equaliser

    Graphic Equaliser Registered Member

    Joined:
    Nov 5, 2004
    Posts:
    411
    Location:
    London England UK
    Re: MJ Registry Watcher

    Why do you refuse to believe the NSA story? Having seen a lot of Windows registry functioning, it is obvious to anyone that using a Windows PC leaves tracks of virtually everything all over the machine. The German MOD could not be expected to trash PCs with such info on them, buried so deeply in esoteric, difficult-to-access places, and gave up the ghost, writing their own system instead. What is so implausible about that? Does anyone really know the mechanics of Windows Update, or XP activation, or any of these on-line activites that happen as part of running XP? Only internal Microsoft employees who are sworn to secrecy, so we'll never know. The German MOD had intelligent enough software engineers (and a simpler OS) that they could reverse engineer at least part of what certain on-line activites were happening, and they discovered that info was being beamed to somewhere in the States! Now, even if you don't believe this piece of journalism, one still has to question the imbecilic nature of the programming structures and pointless journalling undertaken by the XP OS. Security should be as simple as sandbox-out-of-the-box with modern operating systems, but that is not what we are seeing. It is almost as if Windows was deliberately designed to be implicitly trusting to all users.

    Even Linux has security issues, but it does not seem to want to talk to the outside world as eagerly as Windows.
     
  13. Re: MJ Registry Watcher

    I'm suprised the mods haven't split this off to the discussion forum. It doesn't do your program thread justice :eek:

    :ninja:
     
  14. underdog

    underdog Guest

    Re: MJ Registry Watcher

    Microsoft's Homeland Security Efforts

    >Tom Richey: "We've had decades-long relationships with the agencies that currently now make up the Department of Homeland Security..."

    >Tom Richey: "We believe that government is making progress, although many barriers remain. The problem is not in the availability of technology solutions, rather it is in the cultural, legal and political barriers that slow the needed pace of change."

    http://www.washingtonpost.com/wp-dyn/articles/A38496-2004Aug27.html
     
  15. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    601
    Location:
    Australia
    Re: MJ Registry Watcher

    FWIW,
    I'll give this part of the thread a +1 to get migrated to ten forward, it certainly doesn't belong here
     
  16. HD rider UK

    HD rider UK Registered Member

    Joined:
    Feb 16, 2005
    Posts:
    121
    Location:
    Gloucestershire, UK
    I agree with Gottadoit, lets continue this in 10 fwd.(mind you, an otherwise dull day has been brightened up by this thread) :D .
    Personally, I believe every rumour I hear. My world view may be no more valid than anone elses', but I bet its a damn site more colourfull!

    ttfn

    Jock
     
  17. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
  18. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    601
    Location:
    Australia
    I used to think that a good day was one that I learned something new
    I might go for some variation and try believing a different conspiracy theory every day (until I get confused...)

    NB: No disrespect intended for those ppl that truly believe that their brainwaves are monitored by aliens <img>
     
  19. Graphic Equaliser

    Graphic Equaliser Registered Member

    Joined:
    Nov 5, 2004
    Posts:
    411
    Location:
    London England UK
    Absolutely! A very much more interesting life is to be had by all if you take restrictive blinkers off, even if you run more erratically!

    P.S. The thread was split at the place I would have chosen. Where is 10 forward? Am I likely to meet Worf there?
     
  20. Here's a little something to muse on.

    Never under estimate the power of Databases.
     
  21. Graphic Equaliser

    Graphic Equaliser Registered Member

    Joined:
    Nov 5, 2004
    Posts:
    411
    Location:
    London England UK
    I have managed to trace some strange connections made by my PC whenever I connect to my ISP (Pipex). I used a combination of TCPView and the traceroute facility in http://www.jacobsm.com/mjsoft.htm#pknife. The tricky bit was getting the snapshot from TCPView before the "ghost" connections disappear. Very strange. I have changed the name of my PC for security reasons. Here's the TCPView snapshot :-

    lsass.exe:468 UDP thepcthatiuse:4500 *:*
    lsass.exe:468 UDP thepcthatiuse:isakmp *:*
    svchost.exe:708 TCP thepcthatiuse:netbios-ssn thepcthatiuse:0 LISTENING
    svchost.exe:708 UDP thepcthatiuse:netbios-ns *:*
    svchost.exe:708 UDP thepcthatiuse:bootpc *:*
    svchost.exe:708 UDP thepcthatiuse:netbios-dgm *:*
    svchost.exe:708 TCP thepcthatiuse:1030 213.199.158.30:http ESTABLISHED
    svchost.exe:708 TCP thepcthatiuse:1031 207.46.250.184:http ESTABLISHED
    svchost.exe:752 UDP thepcthatiuse:1028 *:*
    svchost.exe:752 UDP thepcthatiuse:1027 *:*
    System:4 TCP thepcthatiuse:microsoft-ds thepcthatiuse:0 LISTENING
    System:4 UDP thepcthatiuse:microsoft-ds *:*

    What is surprising is that netbios entries exist despite my turning off the TCP/IP Netbios service and disabling it, and then rebooting! Also, what is the entry for "bootpc" all about? After all, I'm only connecting to my ISP at Pipex.net, not someone at msn.net or anywhere else for that matter, so I was surprised when I then traced the routes to the 2 ip addresses in that "bootpc" process and I got this :-

    Tracing Route to 213.199.158.30 :-
    1) Hop 1
    2) Hop 2
    3) ge-1-2-0.cr1.gs1.systems.pipex.net, 62.241.161.97 (Timings 29 30 30)
    4) lon-12e-1.msn.net, 217.79.160.88 (Timings 29 14 30)
    5) gig6-2.lon-12cb-2.ntwk.msn.net, 213.199.152.190 (Timings 29 30 30)
    6) gig1-2.lon-6nf-2a.ntwk.msn.net, 213.199.152.133 (Timings 29 30 30)
    7) 213.199.158.30 (Timings 29 30 30)
    Trace for Host 213.199.158.30 is Complete
    Tracing Route to 207.46.250.184 :-
    1) Hop 1
    2) eth3-2.cr1.uk5.systems.pipex.net, 62.241.161.5 (Timings 29 30 30)
    3) POS4-0.GW2.LND9.ALTER.NET, 146.188.56.97 (Timings 29 30 30)
    4) so-4-0-0.xr1.LND9.ALTER.net, 158.43.150.157 (Timings 29 30 30)
    5) so-0-1-0.TR1.LND9.ALTER.NET, 146.188.15.33 (Timings 29 30 30)
    6) so-6-0-0.IR2.NYC12.ALTER.NET, 146.188.15.54 (Timings 123 107 108 )
    7) 0.so-1-0-0.IL2.NYC9.ALTER.NET, 152.63.23.69 (Timings 107 108 108 )
    8 ) 0.so-0-0-0.TL2.SAC1.ALTER.NET, 152.63.10.62 (Timings 170 170 170)
    9) 0.so-7-0-0.XL2.PAO1.ALTER.NET, 152.63.113.21 (Timings 169 170 170)
    10) 0.so-7-0-0.GW12.PAO1.ALTER.NET, 152.63.144.98 (Timings 170 170 170)
    11) microsoftOC48-shadow-gw.customer.alter.net, 208.214.136.242 (Timings 169 170 201)
    12) ten7-1.pax-76cb-1a.ntwk.msn.net, 207.46.34.98 (Timings 169 170 170)
    13) pos6-2.tuk-76cb-1a.ntwk.msn.net, 207.46.34.173 (Timings 185 186 186)
    14) pos1-0.iuskixcpxc1202.ntwk.msn.net, 207.46.36.146 (Timings 185 186 186)
    15) pos1-0.tke-12ix-1b.ntwk.msn.net, 207.46.155.5 (Timings 185 186 186)
    16) 207.46.250.184 (Timings -1 -1 -1)
    Trace for Host 207.46.250.184 Aborted

    What the heck is hop 11) microsoftOC48-shadow-gw.customer.alter.net, 208.214.136.242 all about? Sounds ominous to me! Hang on, who's that at the door at this time of night... ;)

    It is probably M$ auto-update having looked at a Google search for microsoftOC48-shadow-gw.customer
     
    Last edited: Apr 7, 2005
  22. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
  23. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    yes, at least we know it.

    And things will get worse, Longhorn will be bigger, more advanced and again more complicated to build I guess...this all will show what happend with xp...it became bigger...more bugs and vulnerabilities and well, we need more security programs lol

    just my two cents.
     
  24. bluebird

    bluebird Guest

    perfect example of mind control is agents monitoring security forums telling everyone rule #1 is install all MS updates. Thats where the backdoors come from. These agents are the puppetmasters of wannabe gurus who parrot the same line "update! update!" while following the crowd off the cliff. This same group think advises to avoid warez programs, yet demands the install of Sir Bill Gates corporate patches without question. The only people who know what's in those patches work for microsoft--and microsoft sleeps with dept homeland security--so they're not going to tell you what you're installing. Bottom line is when anybody advises you to place unquestioning trust in an american corporation, you should KNOW something is very wrong--that is, unless you've been brainwashed!
     
  25. Yes because we all know how easy it is to backdoor, connect, and steal information from an operating system that isn't listening in the first place, and might otherwise be protected, eh bluebird?

    Every one of those updates is fully detailed and explains why it is--or is not needed, and you do not have to use the MS Update ActiveX website to download or install them. Many of them ARE necessary, if you do not install them you WILL get backdoored, and not by LEOs, but mainly by your 13yr old friends, neighbors, or relatives who have no regard for anything and use "click me" hacker tools that also backdoor them in the process (lol).

    Why don't you do the rest of us a favor and switch to Linux or open source alternative, since that seems to be your primary concern? Let me guess, you don't understand how it works either..

    As to the link about MS Update it contained no useful information, so why would I pay to see what other rubish they are spouting?
     
Loading...
Thread Status:
Not open for further replies.