EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

11.04.14

Cryptome Reveals How Microsoft Gives the FBI and the NSA Back Doors to Crack Encryption

Posted in Microsoft, Security at 3:06 pm by Dr. Roy Schestowitz

Cryptome

Summary: Cryptome has an article, comprised/composed of hard evidence, revealing ways in which Microsoft enables aggressive spies to break encryption

The FBI does not even pretend not to be pursuing back doors; quite the contrary! It demands them and now insists on legislation that would make them mandatory. The same goes for the NSA, Microsoft’s very special partner. Anyone who still thinks that back doors in encryption are within the realm of “conspiracy theory” must not have paid attention. We wrote about such issues more than half a decade ago. At this stage, judging by thousands of articles on the topic, these factual observations are very commonplace in the press, even in the corporate media.

“Anyone who still thinks that back doors in encryption are within the realm of “conspiracy theory” must not have paid attention.”“Microsoft backdoor bitlocker key escrow for the FBI & NSA,” writes to us David Sugar ‏from GNU Telephony. “From the OS that loves to spy on you,” he added.

Some months ago we showed that a former Microsoft engineer working on Windows BitLocker confirmed that the US government asks Microsoft for back doors and now we have more details on how this is done, courtesy of cryptology enthusiasts in Cryptome:

Microsoft OneDrive in NSA PRISM

A sends:

1) Bitlocker keys are uploaded to OneDrive by ‘device encryption’.

“Unlike a standard BitLocker implementation, device encryption is enabled automatically so that the device is always protected.

If the device is not domain-joined a Microsoft Account that has been granted administrative privileges on the device is required. When the administrator uses a Microsoft account to sign in, the clear key is removed, a recovery key is uploaded to online Microsoft account and TPM protector is created.”

http://technet.microsoft.com/en-us/library/dn306081.aspx

2) Device encryption is supported by Bitlocker for all SKUs that support connected standby. This would include Windows phones.

“BitLocker provides support for device encryption on x86 and x64-based computers with a TPM that supports connected stand-by. Previously this form of encryption was only available on Windows RT devices.”

http://technet.microsoft.com/en-us/library/dn306081.aspx#BKM…

3) The tech media and feature articles recognise this.

“… because the recovery key is automatically stored in SkyDrive for you.”

http://www.zdnet.com/surface-bitlocker-and-the-future-of-encryption-7000024613/

4) Here’s how to recover your key from Sky/OneDrive.

“Your Microsoft account online. This option is only available on non-domain-joined PCs. To get your recovery key, go to …onedrive.com…”

http://windows.microsoft.com/en-us/windows-8/bitlocker-recovery-keys-faq

5) SkyDrive (now named OneDrive) is onboarded to PRISM. (pg 26/27)

http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-

Documents-Uncompressed.pdf

When Microsoft speaks about security it usually means “national security”, i.e. the ability of the state to break security of software. It’s about interception, not security. When Microsoft speaks about ‘secure boot’ it speaks about an antifeature in UEFI that enables the state to remotely brick computers, too.

The sad thing is that amid many BSD milestones as of recently (FreeBSD, OpenBSD, PC-BSD and others) there are those who fall for the false promise of UEFI, which does more harm than good to security. OpenBSD, which takes security very seriously, has already blasted UEFI 'secure boot' and blasted those who support it (including Red Hat), whereas FreeBSD got bamboozled into UEFI 'secure boot' and with it, the FreeBSD-derived PC-BSD gets bamboozled too:

Marking the twenty-first birthday of FreeBSD was the release of FreeBSD 10.1-RC4 and separately was the FreeBSD-derived PC-BSD 10.1 RC2 release.

FreeBSD 10.1-RC4 is expected to be the final RC build of FreeBSD 10.1 and brought fixes for ATA CF ERASE breakage and a race fix that could cause an EPT misconfiguration VM-exit.

More details on FreeBSD 10.1-RC4 can be found via its Sunday release announcement. The official release of FreeBSD 10.1 is now hopefully a few days out with its many new features and changes.

This is not a good idea at all. PC-BSD needs to follow the example set by OpenBSD, not FreeBSD (with its codebase). It sure starts looking like not only Microsoft but Red Hat too is bending over to its lucrative clients and contracts with the Deep State. Based on established observations from one decade ago, including more recent developments that Red Hat refuses to comment on, it seems possible that back doors in encryption (by default) is the de facto standard among large corporations. When they speak about “security” there must be fine prints and they’re omitted from the advertising. At risk of breaking the silence about systemd (because we don’t want to inflame ‘civil wars’), systemd replaces/obviates so much highly mature software that it certainly increases the likelihood of bug doors being introduced in RHEL/Red Hat (systemd‘s patron) and by extension/inheritance many other distributions of GNU/Linux.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New

  1. The Way Things Are Going in the Eastern District of Texas and Other US District Courts, South Korean Companies Might as Well Exit the US Like They Exit China

    Apple and Samsung conclude another major patent battle (after 7 years of chaos, taking up a lot of Judge Lucy Koh's time), but many patent battles remain, which means that lawyers at both companies receive salaries which otherwise engineers would have gotten

  2. The Patent Extremists Resort to Trump-Styled China-Baiting in an Effort to Destroy US Patent Policy

    The patent microcosm, in its non-ending pursuit of patent maximalism, uses China's truly misguided patent policy to alarm US lawmakers (based on false assumptions and deliberate misinformation)

  3. Letting the USPTO Decide on Fees Would Lead to a 'Battistelli Scenario'

    The US patent office, which ultimately profits from patent maximalism, is being given too much power/leverage over the laws/policy which govern its operations, enabling the Trump-connected new chief to implement rollbacks which would harm patent quality and empower patent trolls

  4. Another Week of Federal Circuit Supporting PTAB and Acting Tough for Patent Quality in the United States

    The Patent Trial and Appeal Board (PTAB) and the Court of Appeals for the Federal Circuit (CAFC) maintain a productive cycle of patent elimination, except when the patents do have merit (e.g. when they're on physical inventions and not nature or code)

  5. The Irish Knowledge Development Box (KDB) is Just Another Tax Evasion Ploy

    Ireland — like several other nations across the world — opens to business by basically giving tax breaks to large companies under the guise of ‘innovation’ (as measured superficially by quantity of patents etc.)

  6. Software Patents Advocacy and UPC Lies Go Hand in Hand

    The push for UPC, which accompanies the lobby for software patents in Europe, is still based on a large pile of lies and false projections of commencement

  7. IAM Warns That China is Outpacing the United States at Granting Rubbish, Unproductive Patents on Abstract Things

    Sites that speak for patent maximalists tell us that we should envy if not fear or mimic China's self-defeating patent scope, which basically welcomes patents on just about anything under the Sun

  8. On Ethics of Patent Lawyers

    Ethics in the legal community, including the practice of patent attorneys/lawyers, are paramount; they need to live up to the notions of law and justice, not greed and extortion

  9. Techrights at 24,000

    Techrights has nearly reached 24k blog posts (just a couple of days away), marking the latest milestone in a long history of relentless activism/journalism

  10. Index for EPO and Saint-Germain's Poisonous Legacy of "Toxic Loans" Series

    A roundup or an index of this past week's series about financial gambles at the EPO -- Battistelli's own dubious idea

  11. Saint-Germain's Poisonous Legacy of "Toxic Loans": Quo Vadis EPO?

    In spite of the SIDRU “toxic loans” scandal in St. Germain-en-Laye, where Battistelli is Deputy Mayor, the EPO’s Administrative Council repeats similar mistakes with opposition only from one country — the only country that actually bothered to study the matter before voting on it

  12. Links 26/5/2018: Wine 3.9, KStars 2.9.6, Bodhi 3.8.0, FreeBSD 11.2 Beta 3

    Links for the day

  13. Saint-Germain's Poisonous Legacy of "Toxic Loans": The SIDRU “Toxic Loan” Débâcle a Case of “Take the Money and Run...”

    The fourth part of the series exploring the debt crisis at Battistelli’s town (where he’s deputy mayor) in light of the EPO’s gambling with financial speculators, potentially adding to the many EPO scandals

  14. EPO, a Longtime Privacy Offender, Uses General Data Protection Regulation (GDPR) Day to Lie to the Public

    The European Patent Office (EPO) has the nerve to pretend to value privacy after all it has done; it's just exploiting the "GDPR Day" buzz to spread some more face-saving lies about the very subject it has become incredibly notorious for

  15. The Unitary Patent and the Unified Patent Court (UPC): This Week's Latest Spin and Lies

    The EPO has adopted a largely passive approach, choosing barely to comment at all on the UPC whereas Team UPC keeps repeating the same misleading if not patently untrue claims to perpetuate the notion that UPC is inevitable

  16. Links 25/5/2018: OpenSUSE 15 Leap Released, PostgreSQL 11 Beta

    Links for the day

  17. Privacy Statement

    Today, May 25th, the European General Data Protection Regulation (GDPR) goes into full effect; we hereby make a statement on privacy

  18. Saint-Germain's Poisonous Legacy of "Toxic Loans": The SIDRU “Toxic Loan” Débâcle and Criticism of Lamy From Local Opposition Groups

    The EPO‘s entrance into the “toxic loans” trap as of a few months back (just like in Saint-Germain) is a sign of potential trouble ahead; The SIDRU “toxic loan” débâcle is highlighted as per criticism of mayor Lamy (St Germain-en-Laye, where Battistelli is deputy mayor) from local opposition groups

  19. New EPO Caricature: The Rubber Stamp

    Cartoon which circulates in EPO 'circles', encapsulating the concern many people have about the quality of granted patents and unrealistic expectations from the management

  20. Links 24/5/2018: RIP Robin “Roblimo” Miller, Qt 5.11 Released

    Links for the day

  21. Walmart, Bank of America, Allied Security Trust (AST) and the Rush for 'Blockchain' Patents

    The hoarding of patents on novel-sounding code has reached ridiculous levels; very large corporations and even patent trolls arm themselves with such patents, hoping to make returns by means of litigation or an 'arms trade'

  22. Stupid Blogs, Stupid Lawsuits, and Stupid Patents

    The stupidity of the patent microcosm, which would like to see everything in the world patented and which would gleefully smear or even sue its critics (the EFF was sued several times for libel over its "Stupid Patent of the Month" series)

  23. Perpetuating the Big Lie That Unitary Patent (UPC) is About to Kick Off

    The (in)famous old lie about UPC being "just around the corner" is still being circulated, mainly if not only by patent law firms which stand to benefit from a litigation Armageddon in Europe

  24. EPO Validation in Former French Colonies That Have Zero European Patents

    The strategy of the EPO seems to be centered around the interests of Benoît Battistelli and his political career rather than that of the EPO; validation deals and dubious 'Inventor Awards' seem to be part of this pattern

  25. Saint-Germain's Poisonous Legacy of "Toxic Loans": The Cautionary Tale of SIDRU and Its “Toxic Loans”

    The town where the EPO‘s President (Battistelli) is a deputy mayor has a track record of financial hardship and alleged financial misconduct, attributed to the same financial practices Battistelli has just implemented at the EPO

  26. Links 23/5/2018: DragonFlyBSD 5.2.1 and Kata Containers 1.0 Released

    Links for the day

  27. Masking Abstract Patents in the Age of Alice/§ 101 in the United States

    There are new examples and ample evidence of § 101-dodging strategies; the highest US court, however, wishes to limit patent scope and revert back to an era of patent sanity (as opposed to patent maximalism)

  28. PTAB's Latest Applications of 35 U.S.C. § 101 and Obviousness Tests to Void U.S. Patents

    Validity checks at PTAB continue to strike out patents, much to the fear of people who have made a living from patenting and lawsuits alone

  29. France is Irrelevant to Whether or Not UPC Ever Becomes a Reality, Moving/Outsourcing de Facto Patent Examination to European Courts Managed in/Presided by France

    Team UPC is still focusing on France as if it's up for France to decide the fate of the UPC, which EPO insiders say Battistelli wants to be the chief of (the chief, it has already been decided, would have to be a Frenchman)

  30. Saint-Germain's Poisonous Legacy of "Toxic Loans": The Emperor’s New Investment Guidelines

    Details about a secret vote to 'gamble' the EPO's budget on "a diversified portfolio managed by external experts"

CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts