Security apps made to be hackable by the Govt?

Discussion in 'other anti-malware software' started by Horus37, Mar 8, 2007.

Thread Status:
Not open for further replies.
  1. Horus37

    Horus37 Registered Member

    Joined:
    Jan 4, 2007
    Posts:
    328
    I was reading about how the Govt required that PGP be made hackable to the govt. Is this also required of security software vendors that they give the govt a backdoor so they could easily sneak into computers?
     
  2. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    And just where was this that you read ?
     
  3. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
  4. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    omg not another back door for the Govt again.
    the last time i heard a back door for the Govt was vista bitlocker but Microsoft denied
    lodore
     
  5. TECHWG

    TECHWG Guest

    Malware website with "Undisclosed" browser attacks that execute code and download very nasty spyware that logs everything and uses rootkit techno to contact a server node that collects the data. Also they can ask the ISP to alter the DNS server of the user by identifying the MAC address, then substitute some common server like ebay.com for their hidden one that loads the malware and recirects to the real ebay.com

    That i would say is the best way. Other than that they would break into your house and install hardware in your PC. and there would be no trace because the locks are picked, and you may have either a bridge interface between a hard dive or memory etc, or you may find an extra PCI card thats not suppose to be there.
     
  6. herbalist

    herbalist Guest

    I wouldn't expect the security apps to be made hackable for a couple of reasons.
    1. Security-ware is international in scope. A government can't force a foreign vendor to do anything.
    2. Why backboor the security apps when the windows is already one big vulnerability?
    Regarding PGP, there is no positive proof either way. Read up on the CKT versions of PGP, especially the older info if you can find it, but most of the sites promoting the CKT versions are long gone.
    Rick
     
    Last edited by a moderator: Mar 9, 2007
  7. Justin Troutman

    Justin Troutman Cryptography Expert

    Joined:
    Dec 23, 2007
    Posts:
    226
    Location:
    North Carolina, USA / Minas Gerais, BR
    PGP and BitLocker.

    Where did you read that? If I were to trust anyone's cryptographic solutions today, it would be PGP Corporation's. I believe they're competent enough to do things right, which can't be said for the majority.

    Perhaps you recall reading the statement by Niels Ferguson (co-designer of Twofish, among other things), on the Microsoft System Integrity Team Blog. Although the presence of a good cryptographer doesn't mean something fishy can't be sneaked in afterwards, I trust Niels. He does cryptography how it should be done, and I'm confident that he wouldn't partake in a tainted design process.

    I wrote an article for Microsoft TechNet Magazine, regarding BitLocker, and why I think it deserves an honest chance; I've spoken with Niels on the design philosophies behind it, and it's pretty state of the art stuff. They, the design team, made reasonable design decisions, with solid rationale. In an arena where bad cryptography runs rampant, they deserved to be praised for good design. So, that's what I did.

    The original, unedited draft, entitled, "On Shifting 'Windows' and 'Security' from Less Antonymous to More Synonymous," can be found here, in HTML and PDF formats. The adaptation, for the Security Watch column of Microsoft TechNet Magazine's October 2007 issue, entitled, "BitLocker and the Complexities of Trust," can be found here. It features some great commentary by Phil Zimmermann.
     
    Last edited: Dec 27, 2007
  8. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Old but news worthy.

    here
     
  9. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Lol, maybe you also know the old avapi32.dll story as ultimate backdoor. Years ago published that microsoft could access each system via advapi32.dll.
     
  10. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    I agree (with tongue in cheek agreement on the windows part).

    People are lousy at keeping secrets. Imagine - all it would take is one disgruntled, drunk, seduced , or "seeking-15-minutes-of-fame" employee and the whole house of cards would come tumbling down.

    If a government wants access to your surfing habits, or your email it would be far easier for them to go to your ISP and toss a warrant on them for the info. Undetectable, easy, and no PC access or "grand conspiracy" needed.
     
Loading...
Thread Status:
Not open for further replies.