List of Software & Hardware Known To Have Backdoors
casperian
http://news.cnet.com/8301-31921_3-20025767-281.html
I guess not really confirmed or debunked at this time though.
Hushmail
PGP
Still under debate,but highly widespread info.
Windows = Apart from anything else, the infamous NSA key -
http://cryptome.org/nsakey-ms-dc.htm
Routers = Supplied by ISP's, maybe others too -
http://www.wilderssecurity.com/showthread.php?t=277194
TOR - "Supposedly" backdoored by german government according to
reports from a few years ago, but google shows no results for it now ?
__________________
--
A Billion for a Billion
DasFox
Please go back and re-edit the post to be more specific as to what you
are implying...?Keep to Tech...
From the way I am reading into this, you mean Rogue Developers posing
as legitimate software putting in backdoors...?
After all anyone can get a hold of software and put a possible back
door in...,...Any Tech can...I can...
Finding those answers, well, a lot more difficult...,
That's like asking who are all the hackers out there and who really
knows...YOU don't...
So sticking more to known Rogue problems, seems to be a more realistic
focus...On topic For Tech Talk...
--
Tech, computer repair specialist (on the side), part time Tech
Pro poster to Wilders Security...home base...On usenet to help noobs
Not me...
demonpeniseye
I know about Hushmail, but PGP!?
Can you provide a link, please?
--
Eaz Fix 9.1
Comodo Firewall 5.0 build 1135 NOOOOOOOOOOOOOOO
Sandboxie 3.5X (64-bit); First Defense Isr
Security rule no.1 ~> less pop ups mean less SOMETHINGS
Secuirty software no.1~> YOUR SKILLS
casperian
> On Thu, 13 Jan 2011 23:55:52 -0500, casperian wrote:
>
>> Well theres the possible backdoor in OpenBSD from the FBI.
>>
>> http://news.cnet.com/8301-31921_3-20025767-281.html
>>
>> I guess not really confirmed or debunked at this time though.
>>
>> Hushmail
>> PGP
>>
>> Still under debate,but highly widespread info.
>>
>> Windows = Apart from anything else, the infamous NSA key -
>> http://cryptome.org/nsakey-ms-dc.htm
>>
>> Routers = Supplied by ISP's, maybe others too -
>> http://www.wilderssecurity.com/showthread.php?t=277194
>>
>> TOR - "Supposedly" backdoored by german government according to
>> reports from a few years ago, but google shows no results for it now ?
>> __________________
>
> I know about Hushmail, but PGP!?
>
> Can you provide a link, please?
<http://securology.blogspot.com/2007/10/pgp-whole-disk-encryption-barely.html>
https://www.nytimes.com/library/cyber/week/100397pgp.html
Ari Silverstein
<Ari muses how generations of imbeciles can't fukken read>
--
ļæ½If you give me six lines written by the hand of the most honest of
men, I will find something in them which will hang him.ļæ½ ~Cardinal
Richelieu
Warlockz
Their is not a backdoor in PGP period!
You should actually read the links you shared, because neither has
info or proof their is a backdoor in PGP!
> allows a user who knows a boot passphrase to add a static password
> <http://securology.blogspot.com/2007/10/pgp-whole-disk-encryption-barely.html>
How is this a backdoor?
--
Hey Fuckers who think you are so smart. I will send you an encrypted
Winrar file. Then you can break it and show me how it's done. Deal? I
have encrypted a rar file. Where can I send it so you can crack it a
nd show everyone how easy it is to crack a Winrar encrypted file. I
bet my house. Enough of words....enough of reading articles...where
is the proof? Who is willing to crack my winrar file? Put your money
where your mouth is.. walk your talk...anyone?
casperian
I bet Skype has a back door now.
Skype was down the other day. I know that they and others have been
requested to add a back door. I would be surprised if they have not.
Skype is U.K., right?
But I wonder. If a person was using portable skype, not installed, ran
it only after firing up a VPN, opened it up and ran it sandboxed with
Sandboxie, then deleted the Sandbox, what could be done with that back
door? just curious.
katio
Skype records all calls and connection data, forwards that to LEA,
they go after your contacts who likely didn't use the same
precautions and "kindly" ask where you are living... You get a nice
visit from the SWAT team
But really if there is a backdoor it's not geolocation but in the
crypto. Even if all contacts connect over multiple VPNs or heavier
anonymity (because for LEA with one VPN your identity is just one
subpoena away) there's much to be learned from eavesdropping on the
connection, including identity and whereabouts.
In short, your sandbox you play in and your ideas are full of dog
shit.
Ari Silverstein
he is and penned:
> I bet Skype has a back door now.
I bet your entire family winces when you enter a room.
Just out of morbid curiosity, how do you even manage to get yourself
motivated to post? It can't be fun for you any more after making a
fool of yourself so many times, can it? In fact the last two days
have been so horrible for you, you just had to dig back to Tuesday to
find a post you could reply to without embarrassing yourself so much
even you can't stand it. Pretty sad considering your lack of self
respect.
Seriously. Why do you bother? You can't honestly believe anyone sees
you as anything but a clown any more, can you? Don't you have
anything you could be doing that would be a bit less of a nightmare
for you, like burning yourself with lit cigarettes or finger painting
with your own feces?
> Skype was down the other day. I know that they and others have been
> requested to add a back door. I would be surprised if they have not.
> Skype is U.K., right?
?????????????
> But I wonder. If a person was using portable skype, not installed, ran
> it only after firing up a VPN, opened it up and ran it sandboxed with
> Sandboxie, then deleted the Sandbox, what could be done with that back
> door? just curious.
Nothing, you have solved the riddle.
<slaps forehaed>
--
“If you give me six lines written by the hand of the most honest of
men, I will find something in them which will hang him.” ~Cardinal
Richelieu
Mr. B
> On Fri, 14 Jan 2011 00:21:28 -0500, Warlockz <Warl...@gmail.com>
>>and show everyone how easy it is to crack a Winrar encrypted file. I
>>bet my house. Enough of words....enough of reading articles...where
>>is the proof? Who is willing to crack my winrar file? Put your money
>>where your mouth is.. walk your talk...anyone?
>
> I would love to see someone add a backdoor to a compiled executable.
> How would they integrate it into the command structure of the app? Not
> possible. Just FUD.
Why would it be impossible to add a backdoor to machine code? It is
actually fairly simple to do on most architectures: append the back door
code to the end of the executable file, copy the first instruction of the
program to the end of the back door code, overwrite the first instruction
with a jump whose target is the back door, and then append a jump to the end
of the back door that has a target of the second instruction of the program.
It would look something like this:
[first instruction]
[second instruction]
...
[last instruction]
becomes:
[jump to backdoor instruction 1]
[second instruction]
...
[last instruction]
[backdoor instruction 1]
[backdoor instruction 2]
...
[last backdoor instruction]
[original first instruction]
[jump to second instruction]
This was a common trick for viruses in MS-DOS, which would append themselves
to programs on the system; the viruses were spread when people passed around
floppy discs with copies of the target program on it. Now, this becomes a
bit more difficult on systems that check signatures, and it is trivial to
detect (assuming you have something to compare against; RPM can perform a
check, for example, using the hash of the correct executable). The real
trick with this technique is actually writing a backdoor that does something
useful; however, that may not be terribly hard either (you might register a
special signal handler, or write the value of the stack canary, or create a
special exception handling routine, etc.).
You can do other, more complicated things, if you are trying to target a
specific executable that you have time to study (usually, you do). Say that
you know the address of a particular function that processes a secret key,
and you want to write a back door that will leak the key. You can do the
same thing I described above, only you would insert the jump to the back
door just before the function returns -- then you are guaranteed that the
back door will have access to any data that the function was processing.
You can get even fancier, e.g. the back door might check for a magic number
on the stack, so that only you can activate the back door.
There is nothing particularly magical about machine code that prevents you
from modifying it, you just need to be careful about how you change things,
and you need to know your machine's ISA. A lot of research has been done on
modifying machine code, including systems for modifying machine code when
you do not have access to the original source or intermediate code. You
might be interested in looking that over, before making statements about
things being "impossible."
-- B
DasFox
> On Fri, 14 Jan 2011 00:21:28 -0500, Warlockz <Warl...@gmail.com>
>>and show everyone how easy it is to crack a Winrar encrypted file. I
>>bet my house. Enough of words....enough of reading articles...where
>>is the proof? Who is willing to crack my winrar file? Put your money
>>where your mouth is.. walk your talk...anyone?
>
> I would love to see someone add a backdoor to a compiled executable.
> How would they integrate it into the command structure of the app? Not
> possible. Just FUD.
For the noobs...simple explanation...APPEND it...
THANKS
DasFox
Great job, B...Anyone who needs more explaining can come to me...
Nomen Nescio
> http://news.cnet.com/8301-31921_3-20025767-281.html
> Hushmail
> PGP
> <http://securology.blogspot.com/2007/10/pgp-whole-disk-encryption-barely.html>
> https://www.nytimes.com/library/cyber/week/100397pgp.html
As a 40 year computer programmer, I completely agree.
DasFox
TECH has passed you by then...APPEND...as I said...
chronomatic
I remember reading a while back that at some tech conference an NSA
representative told the attendees that NSA is offering "billions" to
any corporation or entity that can give them access to Skype
communications. This would make sense -- all they have to do is buy
their way into Skype. Since Skype is owned by E-bay, the NSA can just
strong arm Ebay into putting in a backdoor (and with an offer of a
lot of money).
Here:
<http://www.theregister.co.uk/2009/02/12/nsa_offers_billions_for_skype_pwnage/>
--
Screw the socialist blue-eyed Skindonavian arsewholes.