Is it possible for VM to have NSA backdoor?

Discussion in 'privacy technology' started by mattdocs12345, Nov 20, 2013.

Thread Status:
Not open for further replies.
  1. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,785
    Location:
    US
    Just like the title says. Is it possible that NSA is simply bypassing Tor or VPN by having a backdoor in VMs?
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Yes, that's possible.
     
  3. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,425
    Yes, they probably have backdoor's because can you really trust the maker's of JAVA i.e Oracle with building VM software?
     
  4. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    I don't use VM's for this reason.
     
  5. Noctis

    Noctis Registered Member

    Joined:
    Nov 15, 2013
    Posts:
    15
    Yes it is possible but if the guest OS is installed in a TC container they need a backdoor also in TC before they are able to have access to the guest OS, and atm i dont think TC has backdoors, even if in these weeks some users are investigating about that
     
  6. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    534
    Why are you so paranoid of there being a backdoor in a VM?
     
  7. DarkH0rse

    DarkH0rse Registered Member

    Joined:
    Nov 21, 2013
    Posts:
    2
    When you say 'VMs' are you referring specifically to operating systems hosted using VMware or are you referring to virtualisation generally, even using opensource software to host the operating systems?
     
  8. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    534
    I don't want to ask this question again, but why does it matter if a VM has a backdoor?
     
  9. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Generally, yes, a backdoor is possible in any kind of software. But you have to ask yourself why would NSA backdoor VM software? What possible advantage would that give them? (and I don't think that just the fact that you and a few other people are using TOR inside VM is reason enough for NSA to backdoor the VM...).

    Also, I think that even if they have a backdoor in the VM software, depending on your setup, they will not be able to bypass TOR.
     
  10. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,785
    Location:
    US
    For the same reason why we use VM in the first place maybe?
     
  11. Reith

    Reith Registered Member

    Joined:
    Feb 2, 2013
    Posts:
    15
    You can download the source, review it, and compile it yourself.

    As long as you don't use the closed-source extension pack, I don't see what the problem is.
     
  12. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    That's how the theory goes... But consider for a bit how hard it would be for a single individual to "review" the source code for VirtualBox, even with a solid computer programmer background. The part about compiling it yourself is a bit easier, but it still requires a lot of skill.
     
  13. Reith

    Reith Registered Member

    Joined:
    Feb 2, 2013
    Posts:
    15
    It's unlikely for a single person to review the source, but it's entirely possible to organize an effort similar to istruecryptauditedyet.com.

    Oracle is a terrible company, but if they wanted to include backdoors in VirtualBox, they would've closed the source a long time ago. Why would they spend time implementing a backdoor in open-source software that, if ever detected, would pretty much lead to everyone abandoning the software en masse? Leaving it open allows potentially thousands of individuals to comb through different areas of the source as they look for bugs and compile it on their own. There are too many eyes on it for me to buy into the notion of backdoors being likely. Yes, it's still possible. Anything is possible if you want to speak in technicalities. But the NSA's time would be better served using any of the other countless attack vectors at their disposal.
     
  14. RollingThunder

    RollingThunder Registered Member

    Joined:
    Nov 21, 2013
    Posts:
    187
    Location:
    https://www.eff.org/issues/anonymity
    Reith:

    And despite how terrible Oracle is as a company, therein lies the secret behind Virtualbox. It is open source software. Some group of coders would have found backdoors if they existed you can feel confidant on that.

     
  15. cb474

    cb474 Registered Member

    Joined:
    May 15, 2012
    Posts:
    325
    I don't think people should be overly confident, depending on their security needs. It's not unheard of that security bugs go unnoticed in open source software for long periods of time. I think I even heard of one occasion of a bug being discovered that had been around for years unnoticed.

    So the ideal and principle of open source software is that the code is being reviewed by competent and trustworthy people. But I think the real world reality is messier. There are lots of lines of code out there. It takes time for humans to review the code. People make mistakes. People aren't looking at every line of code all the time.

    So yes, open source is a much better option and more trusthworthy than closed source. But it's not a magic bullet.
     
  16. RollingThunder

    RollingThunder Registered Member

    Joined:
    Nov 21, 2013
    Posts:
    187
    Location:
    https://www.eff.org/issues/anonymity
    Good point. Narrow thinking on my part.

     
Loading...
Thread Status:
Not open for further replies.