EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

11.04.14

Cryptome Reveals How Microsoft Gives the FBI and the NSA Back Doors to Crack Encryption

Posted in Microsoft, Security at 3:06 pm by Dr. Roy Schestowitz

Cryptome

Summary: Cryptome has an article, comprised/composed of hard evidence, revealing ways in which Microsoft enables aggressive spies to break encryption

The FBI does not even pretend not to be pursuing back doors; quite the contrary! It demands them and now insists on legislation that would make them mandatory. The same goes for the NSA, Microsoft’s very special partner. Anyone who still thinks that back doors in encryption are within the realm of “conspiracy theory” must not have paid attention. We wrote about such issues more than half a decade ago. At this stage, judging by thousands of articles on the topic, these factual observations are very commonplace in the press, even in the corporate media.

“Anyone who still thinks that back doors in encryption are within the realm of “conspiracy theory” must not have paid attention.”“Microsoft backdoor bitlocker key escrow for the FBI & NSA,” writes to us David Sugar ‏from GNU Telephony. “From the OS that loves to spy on you,” he added.

Some months ago we showed that a former Microsoft engineer working on Windows BitLocker confirmed that the US government asks Microsoft for back doors and now we have more details on how this is done, courtesy of cryptology enthusiasts in Cryptome:

Microsoft OneDrive in NSA PRISM

A sends:

1) Bitlocker keys are uploaded to OneDrive by ‘device encryption’.

“Unlike a standard BitLocker implementation, device encryption is enabled automatically so that the device is always protected.

If the device is not domain-joined a Microsoft Account that has been granted administrative privileges on the device is required. When the administrator uses a Microsoft account to sign in, the clear key is removed, a recovery key is uploaded to online Microsoft account and TPM protector is created.”

http://technet.microsoft.com/en-us/library/dn306081.aspx

2) Device encryption is supported by Bitlocker for all SKUs that support connected standby. This would include Windows phones.

“BitLocker provides support for device encryption on x86 and x64-based computers with a TPM that supports connected stand-by. Previously this form of encryption was only available on Windows RT devices.”

http://technet.microsoft.com/en-us/library/dn306081.aspx#BKM…

3) The tech media and feature articles recognise this.

“… because the recovery key is automatically stored in SkyDrive for you.”

http://www.zdnet.com/surface-bitlocker-and-the-future-of-encryption-7000024613/

4) Here’s how to recover your key from Sky/OneDrive.

“Your Microsoft account online. This option is only available on non-domain-joined PCs. To get your recovery key, go to …onedrive.com…”

http://windows.microsoft.com/en-us/windows-8/bitlocker-recovery-keys-faq

5) SkyDrive (now named OneDrive) is onboarded to PRISM. (pg 26/27)

http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-

Documents-Uncompressed.pdf

When Microsoft speaks about security it usually means “national security”, i.e. the ability of the state to break security of software. It’s about interception, not security. When Microsoft speaks about ‘secure boot’ it speaks about an antifeature in UEFI that enables the state to remotely brick computers, too.

The sad thing is that amid many BSD milestones as of recently (FreeBSD, OpenBSD, PC-BSD and others) there are those who fall for the false promise of UEFI, which does more harm than good to security. OpenBSD, which takes security very seriously, has already blasted UEFI 'secure boot' and blasted those who support it (including Red Hat), whereas FreeBSD got bamboozled into UEFI 'secure boot' and with it, the FreeBSD-derived PC-BSD gets bamboozled too:

Marking the twenty-first birthday of FreeBSD was the release of FreeBSD 10.1-RC4 and separately was the FreeBSD-derived PC-BSD 10.1 RC2 release.

FreeBSD 10.1-RC4 is expected to be the final RC build of FreeBSD 10.1 and brought fixes for ATA CF ERASE breakage and a race fix that could cause an EPT misconfiguration VM-exit.

More details on FreeBSD 10.1-RC4 can be found via its Sunday release announcement. The official release of FreeBSD 10.1 is now hopefully a few days out with its many new features and changes.

This is not a good idea at all. PC-BSD needs to follow the example set by OpenBSD, not FreeBSD (with its codebase). It sure starts looking like not only Microsoft but Red Hat too is bending over to its lucrative clients and contracts with the Deep State. Based on established observations from one decade ago, including more recent developments that Red Hat refuses to comment on, it seems possible that back doors in encryption (by default) is the de facto standard among large corporations. When they speak about “security” there must be fine prints and they’re omitted from the advertising. At risk of breaking the silence about systemd (because we don’t want to inflame ‘civil wars’), systemd replaces/obviates so much highly mature software that it certainly increases the likelihood of bug doors being introduced in RHEL/Red Hat (systemd‘s patron) and by extension/inheritance many other distributions of GNU/Linux.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Links 28/4/2017: Subsurface 4.6.4, GNOME Shell & Mutter 3.25.1

    Links for the day



  2. Kather Augenstein and Bristows Shift Attention to Germany in an Effort to Ram the Dying UPC Down Everyone's Throats

    Down the throat, hopes Team UPC, the Unitary Patent system will go, even though Britain cannot ratify, throwing the whole thing into grave uncertainty



  3. United for Patent Reform Defends USPTO Director Michelle Lee From Attacks by the Patent Microcosm

    Michelle Lee is finally (if not belatedly) shielded by a bunch of large technology companies; The deep-pocketed industry finally steps in line with our position, which is usually when things turn out the way we advocate for



  4. Team UPC and CIPA Are Lobbying, Publishing Puff Pieces, and Rewriting the Law for Unitary Patent (UPC) Behind Closed Doors

    A collection of the latest news and views on the UPC, which is being lied about by those who stand to benefit from it and is probably going nowhere because Brexit means that the UK stays out, in which case it must be reset and pertinent ratifications done all over again



  5. China's Suffering From Patent Maximalism Has Europe Forewarned

    The parasitic elements inside China -- those that just want lots of litigation (even if from patent trolls) -- are winning over, much to the detriment of the Chinese economy, and Team UPC threatens to do the same in Europe with help from Battistelli



  6. Links 27/4/2017: Mesa 17.0.5 RC1, Git 2.13.0 RC1, and Linkerd 1.0

    Links for the day



  7. The Latest Expensive PR Blitz of the EPO, Led by Jana Mittermaier and Rainer Osterwalder Under the 'European Inventor Award' Banner

    The PR agencies of the Corsican in Chief, who appears to be buying political support rather than earning any, are very busy this week, as yet another reputation laundering campaign kicks off



  8. Links 26/4/2017: SMPlayer 17.4.2, Libreboot Wants to Rejoin GNU

    Links for the day



  9. PatentShield is Not the Solution and It Won't Protect Google/Android From Patent Trolls Like Microsoft's

    A new initiative called "PatentShield" is launched, but it's yet another one of those many initiatives (Peer-to-Patent and the likes of it, LOT Network, OIN, PAX etc.) that serve to distract from the real and much simpler solutions



  10. Patent Quality Crisis and Unprecedented Trouble at the European Patent Office (EPO) Negatively Affect Legitimate Companies in the US As Well

    The granting en masse of questionable patents by the EPO (patent maximalism) is becoming a liability and growing risk to companies which operate not only in Europe but also elsewhere



  11. Blog 'Takeovers' by Bristows and Then Censorship: Now This Firm Lies About the Unitary Patent (UPC) and Then Deletes Comments That Point Out the Errors

    Not only are Bristows employees grabbing the mic in various high-profile IP blogs for the purpose of UPC promotion (by distortion of facts); they also actively suppress critics of the UPC



  12. Links 25/4/2017: Kali Linux 2017.1 Released, NSA Back Doors in Windows Cause Chaos

    Links for the day



  13. Astoundingly, IP Kat Has Become a Leading Source of UPC and Battistelli Propaganda

    The pro-UPC outlets, which enjoy EPO budget (i.e. stakeholders' money), are becoming mere amplifiers of Benoît Battistelli and his right-hand UPC woman Margot Fröhlinger, irrespective of actual facts



  14. EPO Fiasco to be Discussed in German Local Authority (Bavarian Parliament) Some Time Today as the Institution Continues Its Avoidable Collapse

    Conflict between management and staff -- a result of truly destructive strategies and violations of the law by Benoît Battistelli -- continues to escalate and threatens to altogether dismantle the European Patent Office (EPO)



  15. In the US and Elsewhere, Qualcomm's Software Patents Are a Significant Tax Everyone Must Pay

    The state of the mobile market when companies such as Qualcomm, which don't really produce anything, take a large piece of the revenue pie



  16. In South Asia, Old Myths to Promote Patent Maximalism, Courtesy of the Patent Microcosm

    The latest example of software patents advocacy and patent 'parades' in India, as well as something from IPOS in Singapore



  17. Links 24/4/2017: Linux 4.11 RC8, MPV 0.25

    Links for the day



  18. Why Authorities in the Netherlands Need to Strip the EPO of Immunity and Investigate Fire Safety Violations

    How intimidation and crackdown on the staff representatives at the EPO may have led to lack of awareness (and action) about lack of compliance with fire safety standards



  19. Insensitivity at the EPO’s Management – Part IX: Testament to the Fear of an Autocratic Regime

    A return to the crucial observation and a reminder of the fact that at the EPO it takes great courage to say the truth nowadays



  20. For the Fordham Echo Chamber (Patent Maximalism), Judges From the EPO Boards of Appeal Are Not Worth Entertaining

    In an event steered if not stuffed by patent radicals such as Bristows and Microsoft (abusive, serial litigators) there are no balanced panels or even reasonable discussions



  21. EPO Staff Representatives Fired Using “Disciplinary Committee That Was Improperly Composed” as Per ILO's Decision

    The Board of the Administrative Council at European Patent Organisation is being informed of the union-busting activities of Battistelli -- activities that are both illegal (as per national and international standards) and are detrimental to the Organisation



  22. Links 23/4/2017: End of arkOS, Collabora Office 5.3 Released

    Links for the day



  23. Intellectual Discovery and Microsoft Feed Patent Trolls Like Intellectual Ventures Which Then Strategically Attack Rivals

    Like a swarm of blood-sucking bats, patent trolls prey on affluent companies that derive their wealth from GNU/Linux and freedom-respecting software (Free/libre software)



  24. The European Patent Office Has Just Killed a Cat (or Skinned a 'Kat')

    The EPO’s attack on the media, including us, resulted in a stream of misinformation and puff pieces about the EPO and UPC, putting at risk not just European democracy but also corrupting the European press



  25. Yann Ménière Resorts to Buzzwords to Recklessly Promote Floods of Patents, Dooming the EPO Amid Decline in Patent Applications

    Battistelli's French Chief Economist is not much of an economist but a patent maximalist toeing the party line of Monsieur Battistelli (lots of easy grants and litigation galore, for UPC hopefuls)



  26. Even Patent Bullies Like Microsoft and Facebook Find the Patent Trial and Appeal Board (PTAB) Useful

    Not just companies accused of patent infringement need the PTAB but also frequent accusers with deep pockets need the PTAB, based on some new figures and new developments



  27. Links 21/4/2017: Qt Creator 4.2.2, ROSA Desktop Fresh R9

    Links for the day



  28. At the EPO, Seeding of Puff Piece in the Press/Academia Sometimes Transparent Enough to View

    The EPO‘s PR team likes to 'spam' journalists and others (for PR) and sometimes does this publicly, as the tweets below show — a desperate recruitment and reputation laundering drive



  29. Affordable and Sophisticated Mobile Devices Are Kept Away by Patent Trolls and Aggressors That Tax Everything

    The war against commoditisation of mobile computing has turned a potentially thriving market with fast innovation rates into a war zone full of patent trolls (sometimes suing at the behest of large companies that hand them patents for this purpose)



  30. In Spite of Lobbying and Endless Attempts by the Patent Microcosm, US Supreme Court Won't Consider Any Software Patent Cases Anymore (in the Foreseeable Future)

    Lobbyists of software patents, i.e. proponents of endless litigation and patent trolls, are attempting to convince the US Supreme Court (SCOTUS) to have another look at abstract patents and reconsider its position on cases like Alice Corp. v CLS Bank International


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts