Jump to content

theshadowbrokers asserts that the NSA pays Microsoft to keep vulnerabilities open, to be exploited

Delicieuxz
By Delicieuxz
in Tech News
 Share
Posted
Just now, leadeater said:

From my experience in supporting users that is rather accurate.....

"I am not a computer person" is sadly something a lot of users say, nothing we can really do about it. 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
5 hours ago, LAwLz said:

Source? I have not seen any evidence that supports this claim.

While it can be argued that the requirement is of their own doing, that certainly does not mean that they are handing it out "because they feel like it"; you cannot be this politically naïve.

 

Here is a video source (ironically controversial based on which "side" he is on; nobody can make up their minds):

Article sources, showing that this goes all the way back to 2003-2004 (therefore debunking that this has anything to do with Windows 10). In fact, it was around the release of Windows 10 that they released the source code to the oh so innocent EU. Unless you are telling me that the agency you love so much is in on it, despite it's "anger" at Microsoft (which is already riddled with logical holes), this makes no sense and is what it is: a cooky conspiracy theory. Blind idealism can only go so far.

 

http://www.computerworld.com/article/2580563/microsoft-windows/microsoft-opens-source-code-to-governments.html

https://www.cnet.com/news/governments-to-see-windows-code/

https://www.microsoft.com/en-us/sharedsource/default.aspx

https://news.microsoft.com/2004/09/19/microsoft-announces-government-shared-source-license-for-office/

http://windowsitpro.com/security/microsoft-opens-source-code-governments

Read the community standards; it's like a guide on how to not be a moron.

 

Gerdauf's Law: Each and every human being, without exception, is the direct carbon copy of the types of people that he/she bitterly opposes.

Remember, calling facts opinions does not ever make the facts opinions, no matter what nonsense you pull.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
59 minutes ago, Nicholatian said:

'Tis a shame then. I thought we were discussing the above with the ability to break things down and perform problem solving already in-hand. My bad.

 

...seriously though, the whole "what about average users" is a fallacious proposition that works because nobody has come to a consensus on what an average user is and isn't, and therefore the person defending them can take advantage of that confusion and create an impossible scenario of trying to please all of the people all of the time - an "average user" could literally mean what I said above, to be frank. A world where we save everybody technologically speaking is imaginary... not even the glorious Windows intranets and Indian tech support can help all of those average users. That's not to say they don't make a damn good effort to do so, but I digress.

There may never be a consensus on what an average user truly is but we can with a great deal of confidence say it is no higher than a gamer that is able to install steam, buy games, browse the internet, create basic documents and print them using automatically installed printer drivers. Anything higher than that is pushing in to power user territory.

 

We could even try an define an average user by the most common device which are smartphones.

 

People like to label and assume that the current generation growing up today are good at using computers. I can say with first hand experience across multiple different schools, cities, universities etc that this is far from the truth. Browsing for files is a common task that is beyond most, finding applications using the start menu is too hard, every website address starts with www always even when I say the exact url to go to with no www in front of it.

 

You're right this is beyond the point of this discussion but if we try and hinge solving the problems you are talking about on users solving the issues themselves then it is doomed to failure. People who can should, people who can't have no other choice but to petition for change and ask for help. If we can help them by installing Linux and teaching them how to use it great do it. This is an issue that can only be solved as a collective not on an individual basis.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
1 hour ago, Nicholatian said:

You're welcome to have unrealistic expectations, but it's not going to make much of a difference one way or the other unless you do something to fix it for yourself. That's pretty much my message.

I don't even think you understood what I meant in my post.  Unreasonable expectations indeed.

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
5 hours ago, mr moose said:

You are confusing having  the exploits with proof of how they came to be.  I have a tv in my lounge room, I can prove it with pictures, but that is not proof I paid for it, nor is it proof a paid a specific person for it.

If you want a TV analogy, this is as if you had a TV, we all knew you had a TV, and someone at the store witnessed and said "yes, he bought the TV yesterday and paid for it. Here is the TV in our internal system where it is marked as paid for using credit card, but we do not have the exact transaction number. Your brother who was with you that day also witnesses, saying that you paid for it". I think it would be irrational to look at that scenario and go "See? There is no evidence that I paid for it so it's all just a conspiracy!".

Witnesses is one of the biggest source of evidence we have, and in this case we have several and the original documents from the NSA's internal systems that clearly labels things as "purchased".

 

2 hours ago, Colonel_Gerdauf said:

While it can be argued that the requirement is of their own doing, that certainly does not mean that they are handing it out "because they feel like it"; you cannot be this politically naïve.

 

Here is a video source (ironically controversial based on which "side" he is on; nobody can make up their minds):

 

http://www.computerworld.com/article/2580563/microsoft-windows/microsoft-opens-source-code-to-governments.html

https://www.cnet.com/news/governments-to-see-windows-code/

https://www.microsoft.com/en-us/sharedsource/default.aspx

https://news.microsoft.com/2004/09/19/microsoft-announces-government-shared-source-license-for-office/

http://windowsitpro.com/security/microsoft-opens-source-code-governments

Thanks for the source. This does not excludes the possibility that Microsoft helps the NSA and others to find exploits. It is possible that Microsoft both gives them the source code, as well as help them develop the tools in other ways. In fact, when it comes to crypto then a well designed system does not become vulnerable just because you see the source code, yet in the Outlook example we see just that happening. The NSA has access to private keys which are not included in the source code.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted (edited)
3 hours ago, LAwLz said:

If you want a TV analogy, this is as if you had a TV, we all knew you had a TV, and someone at the store witnessed and said "yes, he bought the TV yesterday and paid for it. Here is the TV in our internal system where it is marked as paid for using credit card, but we do not have the exact transaction number. Your brother who was with you that day also witnesses, saying that you paid for it". I think it would be irrational to look at that scenario and go "See? There is no evidence that I paid for it so it's all just a conspiracy!".

Witnesses is one of the biggest source of evidence we have, and in this case we have several and the original documents from the NSA's internal systems that clearly labels things as "purchased".

 

Thanks for the source. This does not excludes the possibility that Microsoft helps the NSA and others to find exploits. It is possible that Microsoft both gives them the source code, as well as help them develop the tools in other ways. In fact, when it comes to crypto then a well designed system does not become vulnerable just because you see the source code, yet in the Outlook example we see just that happening. The NSA has access to private keys which are not included in the source code.

No, I could claim Microsoft stole the TV and I paid them to do it, or I could claim MS paid me to take the TV.    The end result is the same, me having a TV is not proof something untoward happened on someone else behalf in me getting it.  You need other evidence for that.  What we have here is evidence the NSA has tools to exploit back doors in windows, what we don't have is proof that MS were willing partners in creating them.  

 

Also, it doesn't say who they purchased them from or if the term purchased actually means what it does to you and me..  Snowden is a fugitive now and it is still claiming to have current cleared inside information.  I know it is getting down to semantics here, but that is the nature of the beast.   It is very convoluted situation and drawing absolute conclusions from inadequate/incomplete evidence is not being objective. 

 

EDITED to remove ambiguous content that doesn't say what I meant it to.

Edited by mr moose

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
43 minutes ago, mr moose said:

The end result is the same, me having a TV is not proof something untoward happened on someone else behalf in me getting it.

That's not what anyone is arguing either. But when the internal documents specifically say certain exploits were purchased then it is a fair assumption to say that they were purchased, especially since most if not all other information from the same leak has been true.

 

45 minutes ago, mr moose said:

Also, it doesn't say who they purchased them from

True, which is why I said for example there might be people inside Microsoft who are secretly working for the NSA, unbeknownst to Microsoft. One thing is for sure though, NSA has access to information from inside Microsoft. That's the only logical explanation for why they for example had access to the new encryption system used by Outlook months before it even launched.

 

That's not to say all exploits the NSA buys are straight from first party vendors, but they at the very least gets help from inside the companies on some of them.

 

50 minutes ago, mr moose said:

or if the term purchased actually means what it does to you an

Well, I think it is silly to assume that NSA is using code words like that. If someone went "I am a murderer" in court you wouldn't say "we don't know if murderer means the same thing to him as it does to us!" right?

What would you suggest purchase could mean?
To me, I think it means the change of goods and/or services for other goods and/or services. I am fairly sure the NSA uses that definition too.

 

53 minutes ago, mr moose said:

It is very convoluted situation and drawing absolute conclusions from inadequate/incomplete evidence is not being objective.

But isn't that exactly what you're doing? Just a few posts ago you implied that people should ignore this because it was just a conspiracy theory, unsubstantiated and speculation.

I am of the opinion that it is a very real possibility, but we lack a lot of details and evidence to definitively say it is happening one way or another. But that means we should look into it more and have an open mind. Not dismiss the claims as inane conspiracy theories, nor should we burn Microsoft at the stake.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
38 minutes ago, LAwLz said:

That's not what anyone is arguing either. But when the internal documents specifically say certain exploits were purchased then it is a fair assumption to say that they were purchased, especially since most if not all other information from the same leak has been true.

 

True, which is why I said for example there might be people inside Microsoft who are secretly working for the NSA, unbeknownst to Microsoft. One thing is for sure though, NSA has access to information from inside Microsoft. That's the only logical explanation for why they for example had access to the new encryption system used by Outlook months before it even launched.

 

My opinions have always been there are no absolutes and whilst the information is not supported by any other sources (of which there should be many if people are looking) that drawing absolute conclusions like the OP  is consistent with conspiracy theories.  It is clear we don't have absolutes because even you are using qualifiers like the ones in bold above.

38 minutes ago, LAwLz said:

That's not to say all exploits the NSA buys are straight from first party vendors, but they at the very least gets help from inside the companies on some of them.

 

The NSA has full access to the windows source code along with most other governments. They have done for a rather long time, they don't need inside information if they have decent enough software engineers (which I am sure they do).

 

38 minutes ago, LAwLz said:

Well, I think it is silly to assume that NSA is using code words like that. If someone went "I am a murderer" in court you wouldn't say "we don't know if murderer means the same thing to him as it does to us!" right?

What would you suggest purchase could mean?
To me, I think it means the change of goods and/or services for other goods and/or services. I am fairly sure the NSA uses that definition too.

 

But isn't that exactly what you're doing? Just a few posts ago you implied that people should ignore this because it was just a conspiracy theory, unsubstantiated and speculation.

I am of the opinion that it is a very real possibility, but we lack a lot of details and evidence to definitively say it is happening one way or another. But that means we should look into it more and have an open mind. Not dismiss the claims as inane conspiracy theories, nor should we burn Microsoft at the stake.

I agree with you last sentence.

 

I wouldn't assume anything when it comes to the NSA,  anyone can make up a document and make claims about it's meaning and origin.  

 

This is my very first post:

Quote

 

 

Given MS is a public company and has to fill out all relevant securities papers quarterly, if they were being paid by the government in some way, there would either have to be very creative accounting methods employed (more people at both the government and MS to keep quiet) or the entire securities exchange would have to be part of the conspiracy.  It's one thing to have the NSA et al doing dodgy shit, but quite another to try and make it a global conspiracy, becasue the reality is there are so many independent contractors who work with this stuff that I find it very difficult to believe that only one ex employee and one hacker group with no reputation or evidence have laid these claims.

The truth always comes out in the end,  the bigger the issues the more workers there are and the more evidence surfaces. 

 

 

MS do enough shit to legitimately complain about, you don't need to go digging up conspiracies, unsubstantiated hacker claims and speculative twitter feeds to further a personal ideal. 

 

 

 

I did not say you should just ignore it all as conspiracy, but rather that any claim made without evidence (in this context and specifically about MS being paid for it) is a conspiracy, and no one should go digging them up solely to prop up an ideal.  I am simply being objective.   I am clearly pointing out that there are absolutes we can't deny, then there is speculation that requires a lot more scrutiny.  As I pointed out there is no other evidence that money changed hands, not through contracts, or single employees or even lump sums through off shore holdings etc.  They are all heavily scrutinized by other governments, accountants, middle management, tax offices and the securities exchange.   If someone (anyone) is convinced this is happening then it really should be that hard to point out inconsistencies in any contracts and payments made to MS.   Even the tax office in Australia has programs running 24/7 on all transactions looking for anomalies in business/personal accounts.  

http://www.news.com.au/finance/david-and-libby-koch/david-koch-warns-the-taxman-will-catch-you-if-you-try-to-cheat/news-story/20742350fb25e56d43101171f0b29dbc

 

If we can do it hear in the arse end of the world I am sure better resourced people in the US can too.

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

dont use windows kids, i know this so old now its not even worht mentioning but USE LINUX ffs, use it promote it, learn it, teach it to others, help develop it, cause the desktop linux aint that great of an experience or best OS/kernel, but at least its open and no one can pay its way into the kernel to keep vulnerabilities around, sure theres GNU/linux and companies like Canonical, red hat etc who can get payed but since their software is mostly open source too i doubt they would go down that dangerous road

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
27 minutes ago, Kumaresh said:

I think many of you don't seem to understand how intelligence ops are supposed to work. Bad guys aren't gonna leave important evidence lying around which clearly showing that they are doing something bad. Do you take them for simplistic idiots ? I think many of you are expecting a clearly verifiable digital document or physical documents signed by NSA and Microsoft executives which have statements to the effect of "The NSA had had contact with Microsoft executives and paid so and so amount of dollars though these channels and these accounts with so and so transaction IDs to keep this vulnerability a secret". People who would really be conspiratorial enough to cook up such a plan aren't gonna leave any hard evidence of such things easily accessible. And they have a ridiculous number of untraceable payment methods, and the payment needn't necessarily even be financial. It could be bit coin transfers, or it could be disguised as something else. And the people who are claiming this are a group of hackers who have had several years of experience in intelligence agencies as evidenced by their access to such high level NSA tools. So the possibility for them to have knowledge of such operations is extremely likely, giving their theories credibility. If Julian Assange came out and said the things he knew without the physical evidence ( which was extremely hard to obtain ),  people would have blindly dismissed him as a lunatic. That wouldn't change the fact that what he said was completely true.

 

I really am not too sure what you are trying to say here, on one hand you are saying they are not going to leave evidence lying around becasue they are too smart for that, then you are saying this hacker group is in deep enough to have gathered the evidence.  which one is it?  

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
On 2017-5-18 at 5:06 AM, SCHISCHKA said:

As usual RT, Russia's news company, is all over this. Their even pulling out decade old stories on YouTube about USA gov buying user data

It's almost as if they're providing a background of dialogue for their news stories, like i don't know maybe every other news network in the world?

My Rig - Intel I7-5820k@ 4ghz| Rampage V Extreme| 4x4GB Corsair Vengeance DDR4|RTX 2060 SUPER| Corsair 650D| Corsair HX750| 2TB Samsung 850 EVO| H100i| 3x SF-120's| 1x 240 cooler master Red LED Front intake

 

Everything I say defaults to include /s

 

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
15 minutes ago, RuffRuffmcgruff said:

It's almost as if they're providing a background of dialogue for their news stories, like i don't know maybe every other news network in the world?

Russia's news holds nothing back when attacking foreign governments. They do like to blow things out of proportion but in some cases they are a lot more honest; western political spin vs russian anti-USA propaganda. The bullshit balances itself out <insert Confucius or ying yang crap here>.

Im no USA law expert so I am bit slow, but what i think i understand from wikileaks vault 7 is that USA gov agencies are suppose to disclose to USA companies any exploits they discover.

             ☼

ψ ︿_____︿_ψ_   

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
2 hours ago, yian88 said:

dont use windows kids, i know this so old now its not even worht mentioning but USE LINUX ffs, use it promote it, learn it, teach it to others, help develop it, cause the desktop linux aint that great of an experience or best OS/kernel, but at least its open and no one can pay its way into the kernel to keep vulnerabilities around, sure theres GNU/linux and companies like Canonical, red hat etc who can get payed but since their software is mostly open source too i doubt they would go down that dangerous road

There are Linux corporations and they have worked with USA agencies. Wikileaks vault 7 is an interesting read and will put you off using SELinux or any linux component made by a USA government agency. Sure they cannot pay to keep a vulnerability secret but they can find them and keep it secret (which i think might be illegal but im still researching). USA agencies who employ the best mathematicians and software engineers do contribute to the linux kernel so they do employ people to get intimate enough with it.

             ☼

ψ ︿_____︿_ψ_   

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
4 hours ago, mr moose said:

My opinions have always been there are no absolutes and whilst the information is not supported by any other sources (of which there should be many if people are looking) that drawing absolute conclusions like the OP  is consistent with conspiracy theories.  It is clear we don't have absolutes because even you are using qualifiers like the ones in bold above.

You're making two assumptions here.

1) That there are no other sources (how many sources do you even need before even considering that it might be true?).

2) That if it happened then we would have heard about it. There might be a ton of things which we have no idea about. I mean, for how long did the NSA get away with what they did until we got solid evidence? It was a long, long time. Who knows what other things might yet have been disclosed?

 

 

4 hours ago, mr moose said:

The NSA has full access to the windows source code along with most other governments. They have done for a rather long time, they don't need inside information if they have decent enough software engineers (which I am sure they do).

Something tells me you don't have much experience with coding. Proper code is not secure because it is hidden. Well designed systems are secure even if the source code is completely open.

There are only two possibilities here.

1) Microsoft writes really shitty code that is fundamentally broken.

2) They write decent or good code, but the NSA have someone on the inside helping them.

 

The source code for OpenSSL is completely free for anyone to look at. Yet it is very secure (sans Heartbleed).

 

 

4 hours ago, mr moose said:

I wouldn't assume anything when it comes to the NSA,  anyone can make up a document and make claims about it's meaning and origin.  

So you think the NSA was lying in their own internal documents? Or are you saying you think there is a conspiracy where several groups and people are working together to forge documents just to make Microsoft and other companies to look bad? Going as far as to weave in these fake documents with real ones obtained from the NSA.

 

It doesn't make sense to think that thousands of documents have been completely legit, but this one particular thing is just a hoax. These are not some nobodies making a wild claim.

 

 

Do you, or do you not believe that the leaked NSA documents, which undeniably contains data from the NSA, contains forged data to make companies such as Microsoft look bad?

I would answer no to that question.

 

Do you or do you not believe that there is a chance that Microsoft (either the entity of Microsoft, or individuals within Microsoft) has willingly helped the NSA to gain access to their systems?

I would answer yes to this, with 99% certainty.

 

 

4 hours ago, mr moose said:

I did not say you should just ignore it all as conspiracy, but rather that any claim made without evidence (in this context and specifically about MS being paid for it) is a conspiracy, and no one should go digging them up solely to prop up an ideal.

Well the facts of the matter are these:

1) Microsoft has helped the NSA gain access to their systems at several occasions.

2) Some exploits the NSA have used have been labeled "purchased".

 

These two might not be related. Microsoft might have helped the NSA for free (which is just as bad if you ask me), and the purchased exploits might have been from third parties, but I would not be so quick to just write it off as a conspiracy that people shouldn't "dig up"

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
12 hours ago, Nicholatian said:

Either you have a problem with it and you try to solve it, or you're basically just bitching about nothing. Don't like Windows but need it for work? Why don't you like it? What are you going to do to fix it for yourself? There are countless potential solutions to that problem, from Spybot to network firewalling and from dual-booting to encrypted Linux installs... none of the solutions amount to sitting around and whining over it and expecting someone to fix it for you. You're not 5 anymore.

Try to solve it? Last time I checked Windows is not open source. We can't fix what microsoft breaks. If your "solution" is to use something else in parallel (don't you think we do that?) then thank you, captain obvious - that doesn't change anything.

12 hours ago, Nicholatian said:

You're welcome to have unrealistic expectations, but it's not going to make much of a difference one way or the other unless you do something to fix it for yourself. That's pretty much my message.

Again, we. can't. modify. Windows.

 

Nor can we force companies to port mission critical (and often closed) software to Linux. I'd like to hear some of those "countless potential solutions" to windows just being a bad operating system and getting in the way of your work.

Don't ask to ask, just ask... please 🤨

sudo chmod -R 000 /*

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
11 hours ago, LAwLz said:

Thanks for the source. This does not excludes the possibility that Microsoft helps the NSA and others to find exploits. It is possible that Microsoft both gives them the source code, as well as help them develop the tools in other ways. In fact, when it comes to crypto then a well designed system does not become vulnerable just because you see the source code, yet in the Outlook example we see just that happening. The NSA has access to private keys which are not included in the source code.

nick-young-confused-face.jpg

 

OK, now you are determined that the blame goes 100% to Microsoft. No, that is not how any of this works; Once the NSA and equivalent agencies obtain the source code, they have full access and control of the inner workings of the operating system. It does not take a genius to understand how easy clear-box testing is in comparison to black-box. It does not matter how well-designed or vetted a software is; when the source code is given to anybody, you are giving them the house and car keys. The NSA is not run by the average idiot, but rather some of the brightest people that the USA has. They will get the exploits discovered and running, without any sort of consent to Microsoft. For them, private keys are not hard at all to find. It really annoys me to see people still gravely underestimating the cyber prowess of the NSA and the like.

 

Now let's look at this on a more sociopolitical perspective. Let us assume that Microsoft is cooperating with the NSA for a minute... would the NSA want to bother with that? Even without the Snowden leaks (which I continue to believe is merely the tip of the iceberg), that introduces a remarkable risk to the secrecy of their work. Microsoft is not just one person; it is a company housing hundreds to thousands. There are people with sharp eyes, and people with less-than-noble intentions, not mutually exclusive. Yes, they can sign a red tape contract that says "only the CEO knows" (which is 9 times out of 10, for naught), but it does not take long for somebody to put the dots together. Somebody could come in and use this matter to shame the NSA, and spike the general hostility and paranoia of the government agencies. Also, somebody could come in, and "steal the exploit" to sell to others on the black market (which has already happened, as explained by Barnacules), and anybody in that mesh network could use it to make yet another string of ransomware/worm attacks. Either of those will be a bet that the NSA is very clearly not willing to take. So it is much better for them if Microsoft does not know, as they have a relative safety of keeping their methods to themselves.

Read the community standards; it's like a guide on how to not be a moron.

 

Gerdauf's Law: Each and every human being, without exception, is the direct carbon copy of the types of people that he/she bitterly opposes.

Remember, calling facts opinions does not ever make the facts opinions, no matter what nonsense you pull.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
2 hours ago, Colonel_Gerdauf said:

OK, now you are determined that the blame goes 100% to Microsoft.

What? Where did I say this?

 

2 hours ago, Colonel_Gerdauf said:

No, that is not how any of this works; Once the NSA and equivalent agencies obtain the source code, they have full access and control of the inner workings of the operating system. It does not take a genius to understand how easy clear-box testing is in comparison to black-box. It does not matter how well-designed or vetted a software is; when the source code is given to anybody, you are giving them the house and car keys.

You lack a fundamental understanding of how modern encryption works.

OpenSSL, the most widely used library for HTTPS, is completely open source. Yet, it is near impossible to decrypt anything using it. The strength from modern encryption does not come from the source code because that has historically been a horrible idea. Modern encryption techniques are based on well designed architectures and strong keys.

Also, how do you explain GNU/Linux being very secure? It is completely open source so it has not only the NSA looking over the code, but also potentially everyone else on the planet.

Encryption that relies on the source code being kept hidden in order to be secure, is garbage design. That entire concept was outdated about 100 years ago.

 

Again, a well designed encryption scheme does not rely on the source code, it relies on the architecture and keys.

 

2 hours ago, Colonel_Gerdauf said:

The NSA is not run by the average idiot, but rather some of the brightest people that the USA has. They will get the exploits discovered and running, without any sort of consent to Microsoft. For them, private keys are not hard at all to find. It really annoys me to see people still gravely underestimating the cyber prowess of the NSA and the like.

Do you even understand what a private key is? It's not something you can find in the source code, unless Microsoft is run by monkeys and has it hard coded somewhere.

 

2 hours ago, Colonel_Gerdauf said:

Now let's look at this on a more sociopolitical perspective. Let us assume that Microsoft is cooperating with the NSA for a minute... would the NSA want to bother with that? Even without the Snowden leaks (which I continue to believe is merely the tip of the iceberg), that introduces a remarkable risk to the secrecy of their work. Microsoft is not just one person; it is a company housing hundreds to thousands.

Why assume when there is hard evidence for it?

But I'll play along. Why would the NSA want to cooperate? Because even if they are given the source code to inspect, they can not introduce their own backdoors without going through Microsoft. They don't need to contact every single person at Microsoft and make them agree to keep quiet. Projects are done in modules. They just need one person who is working on one part to introduce a backdoor. That person might even be employed by the NSA.

 

2 hours ago, Colonel_Gerdauf said:

There are people with sharp eyes, and people with less-than-noble intentions, not mutually exclusive. Yes, they can sign a red tape contract that says "only the CEO knows" (which is 9 times out of 10, for naught), but it does not take long for somebody to put the dots together.

And when they do we got a lot of people screaming "It's just a conspiracy! Don't believe it!".

 

2 hours ago, Colonel_Gerdauf said:

Somebody could come in and use this matter to shame the NSA, and spike the general hostility and paranoia of the government agencies.

This is already happening.

 

2 hours ago, Colonel_Gerdauf said:

Also, somebody could come in, and "steal the exploit" to sell to others on the black market (which has already happened, as explained by Barnacules), and anybody in that mesh network could use it to make yet another string of ransomware/worm attacks.

Yep, that is happening too (and you agree that it does).

 

2 hours ago, Colonel_Gerdauf said:

Either of those will be a bet that the NSA is very clearly not willing to take.

But they are willing to take that bet. You even agreed that they are doing the latter, so why are you saying they aren't willing to take the risk?

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
6 hours ago, LAwLz said:

You're making two assumptions here.

1) That there are no other sources (how many sources do you even need before even considering that it might be true?).

2) That if it happened then we would have heard about it. There might be a ton of things which we have no idea about. I mean, for how long did the NSA get away with what they did until we got solid evidence? It was a long, long time. Who knows what other things might yet have been disclosed?

 

 

1. Only one source with indisputable evidence is required for me to believe it's true.  I think you misunderstood me though.  I am merely pointing out that there is a myriad of other sources from which evidence could be found to support the claim. The fact that not even one of these sources has been leveraged to provide the evidence speaks against the assertion in the OP.

2. I only judge based on the evidence at hand. I always have and always will.  To many times I here people using retrospective situations to appraise current unfolding events. There are morons doing that right now with GMO food, they are saying exactly the same thing, "we haven't found evidence it's dangerous yet so we better not eat it".  In this case the rhetoric is, we haven't found evidence MS actually willingly made these exploits for money so we had better assume they did just in case.

 

6 hours ago, LAwLz said:

Something tells me you don't have much experience with coding. Proper code is not secure because it is hidden. Well designed systems are secure even if the source code is completely open.

There are only two possibilities here.

1) Microsoft writes really shitty code that is fundamentally broken.

2) They write decent or good code, but the NSA have someone on the inside helping them.

 

The source code for OpenSSL is completely free for anyone to look at. Yet it is very secure (sans Heartbleed).

 

 

They have all the code, they have spies, they are a well resourced agency, I make no assumptions without evidence. It is not objective to consider only one possibility when clearly more than two exist.

1. they write shitty code

2.they write decent code but the NSA have someone on the inside (this is still not MS being paid, this is NSA espionage)

3. MS actually sold the exploits (no evidence yet of this)

4. Someone from MS leaked the exploits in exchange for something like cash/immunity/protection from underworld. (harder to trace as the amounts are significantly smaller than trying to buy a whole company and still isn't the same as MS willingly providing the exploits).

 

As you can see there are several possibilities here and only one is that MS was paid for it.

 

6 hours ago, LAwLz said:

So you think the NSA was lying in their own internal documents? Or are you saying you think there is a conspiracy where several groups and people are working together to forge documents just to make Microsoft and other companies to look bad? Going as far as to weave in these fake documents with real ones obtained from the NSA.

 

It doesn't make sense to think that thousands of documents have been completely legit, but this one particular thing is just a hoax. These are not some nobodies making a wild claim.

 

 

I am not saying any of that. I am simply saying of all the evidence there is to report on,  the OP focuses on the part the evidence is lacking on.  Neither good journalism nor being objective. 

 

6 hours ago, LAwLz said:

 

Well the facts of the matter are these:

1) Microsoft has helped the NSA gain access to their systems at several occasions.

2) Some exploits the NSA have used have been labeled "purchased".

 

These two might not be related. Microsoft might have helped the NSA for free (which is just as bad if you ask me), and the purchased exploits might have been from third parties, but I would not be so quick to just write it off as a conspiracy that people shouldn't "dig up"

 

I know you understand my point now, being objective means you know as well as I do that the NSA having inside information from MS is not proof that the company willingly provided it.  That is why you use the "might" qualifier becasue it can't be claimed as a fact in it's own right.

 

A conspiracy is conjecture without evidence that collusion occurred.  It is one thing to  hold the opinion or believe they are involved, but if you start making that the centre piece of your argument then I am afraid it is a conspiracy.   Remember most of the content in wikileaks was conspiracy until it was proven, same with snowden.  This is the same, until proven the claim that MS was a willing partner (received money for) is still a conspiracy.

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
5 hours ago, LAwLz said:

(1) What? Where did I say this?

 

(2a) You lack a fundamental understanding of how modern encryption works.

OpenSSL, the most widely used library for HTTPS, is completely open source. Yet, it is near impossible to decrypt anything using it. The strength from modern encryption does not come from the source code because that has historically been a horrible idea. Modern encryption techniques are based on well designed architectures and strong keys.

Also, how do you explain GNU/Linux being very secure? It is completely open source so it has not only the NSA looking over the code, but also potentially everyone else on the planet.

Encryption that relies on the source code being kept hidden in order to be secure, is garbage design. That entire concept was outdated about 100 years ago.

 

Again, a well designed encryption scheme does not rely on the source code, it relies on the architecture and keys.

 

(2b) Do you even understand what a private key is? It's not something you can find in the source code, unless Microsoft is run by monkeys and has it hard coded somewhere.

 

(3) Why assume when there is hard evidence for it?

But I'll play along. Why would the NSA want to cooperate? Because even if they are given the source code to inspect, they can not introduce their own backdoors without going through Microsoft. They don't need to contact every single person at Microsoft and make them agree to keep quiet. Projects are done in modules. They just need one person who is working on one part to introduce a backdoor. That person might even be employed by the NSA.

 

(4) And when they do we got a lot of people screaming "It's just a conspiracy! Don't believe it!".

 

(5) This is already happening.

 

Yep, that is happening too (and you agree that it does).

 

But they are willing to take that bet. You even agreed that they are doing the latter, so why are you saying they aren't willing to take the risk?

Before you make another circular response, please pay attention to the context of the original post. Selective reading helps no-one. There is this thing called 'the bigger picture'; I have been saying it for years and sadly you are still not getting the hint.

 

1) This is the impression that you gave me and many others with the language of your posts. You heave repeatedly insisted on the possibility of Microsoft playing a role, when there has been nothing good thus far to support such a lofty claim; only conjecture based on 'precedence' (I will address this later). Even here, you strongly imply that this is the doing of Microsoft alone, which raises alarm bells for the rest of us who like to see the bigger picture of the matter. I am NOT saying that Microsoft is 100% innocent, but rather I am saying that there is a near-complete lack of solid evidence and good information to support the accusation that Microsoft is simply enjoying a nice cup of coffee with the NSA. Not to mention that the OP is not helping matters, giving us a negative impression.

 

2) For somebody who hates the use of this so-called 'ad-hominem', you sure do like to use it yourself as you so please. I'd say I know a lot more about security that you are assuming. Yes, modern encryption is on the basis on good solid architecture; I never disagreed with that. This being a 'strong encryption' also makes sense in the general use case, but let me remind you that we are talking about the NSA here. I will bet you that they have more than enough computing power in house to break through AES128 or even AES256 via clear-box testing without breaking a sweat; this is how powerful these agencies actually are. That is the point of clear-box testing; you poke holes in the systems, until you find an internal flaw and study how this flaw came to be, including finding clues as to what private keys are being asked. A strong security is not an invincible one; a private key is not immune to third-party duplication, they will find a way to do so. People auditing open-source code does not mean that all are willing to share what they find; again, do not be so naïve. Let me go back to an argument I made a long while ago that you never properly answered: going by this security by obscurity, there are many algorithms that they house (NSA Type I, which includes SAVILLE, BATON, MAYFLY, WEASEL, and others, including several we may never even know the names of, both old and new) which has never been shown to anybody, and has never been broken into outside of the other secret agencies. Let me ask you, if architectural security is such a big deal, then why is confidentiality still a thing?

 

3) I would not call a gag order a matter of willing compliance on Microsoft's end. I would like to be specific with something: my issue is not that Microsoft did nothing (they did do things), but rather the actions are NOT something that Microsoft had much of any alternatives on. I would like to see the 'hard evidence' that claims that Microsoft had choices and picked the worst ones of the bunch IN THIS SITUATION.

 

4) Nice derailment, but we cannot believe everything that comes out of one's mouth, can we? Can we inquire about this matter with he-who-shall-not-be-named, the one who knows every single thing and can shed some light on some secrets? Are you really not seeing the massive fallacy with what you are saying? Skepticism is healthy, but cynicism is not; I already mentioned this in another conversation, but I do not personally believe in the concept of precedence. That is the nature of whistle-blowing, you will ALWAYS face heavy resistance, not from the 'shills', but rather from those that are not so willing to accept thrown information as is, they need to criticize it. It is from this that the authenticity of the claims can be vetted; no amount of back-handed corporate deals is able to prevent that.

 

5) What are you even trying to say here? The former example was done when the NSA's overconfidence was at it's peak, and it was quite a few years ago. To repeat, they are not idiots; publicity has always been their enemy. The latter example was something that (so far) happened (1) purely on Microsoft's end and (2) on the NSA's end without compliance from Microsoft. You are making massive leaps of logic here.

Read the community standards; it's like a guide on how to not be a moron.

 

Gerdauf's Law: Each and every human being, without exception, is the direct carbon copy of the types of people that he/she bitterly opposes.

Remember, calling facts opinions does not ever make the facts opinions, no matter what nonsense you pull.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
7 minutes ago, mr moose said:

1. Only one source with indisputable evidence is required for me to believe it's true.  I think you misunderstood me though.  I am merely pointing out that there is a myriad of other sources from which evidence could be found to support the claim. The fact that not even one of these sources has been leveraged to provide the evidence speaks against the assertion in the OP.

There is no such thing as indisputable evidence if the other person don't want to believe the thing to be true. You can always come up with excuses for why evidence is not 100% conclusive.

 

What other sources could you find sources? Besides, you are basically arguing that absence of evidence is evidence of absence, which is nonsense.

 

 

12 minutes ago, mr moose said:

2. I only judge based on the evidence at hand. I always have and always will.  To many times I here people using retrospective situations to appraise current unfolding events. There are morons doing that right now with GMO food, they are saying exactly the same thing, "we haven't found evidence it's dangerous yet so we better not eat it".  In this case the rhetoric is, we haven't found evidence MS actually willingly made these exploits for money so we had better assume they did just in case.

I think focusing on "did they do it for money or not" is distracting from the real issue. The real issue being that Microsoft has directly or indirectly helped the NSA and other agencies to find exploits in their software.

Also, you keep saying that there is no evidence for it, but there is a mountain of evidence which may not be 100% conclusive, but point towards it being a real possibility. You can't just dismiss evidence just because it by itself is not 100% conclusive. Imagine doing that in a trial.

"Yes your honor, we have DNA tests, witnesses and a confession that he is the murderer, but we should abolish all charges because these things are not 100% conclusive and therefore it is reasonable to assume that he is innocent".

(and since I can already hear the Microsoft Defense Force frothing at their mouths, analogies are not 1:1 comparisons. I am not literally saying Microsoft are getting away with murder. I am pointing out flaws in this way of thinking by drawing parallels with another situation.)

 

 

21 minutes ago, mr moose said:

They have all the code, they have spies, they are a well resourced agency, I make no assumptions without evidence. It is not objective to consider only one possibility when clearly more than two exist.

1. they write shitty code

2.they write decent code but the NSA have someone on the inside (this is still not MS being paid, this is NSA espionage)

3. MS actually sold the exploits (no evidence yet of this)

4. Someone from MS leaked the exploits in exchange for something like cash/immunity/protection from underworld. (harder to trace as the amounts are significantly smaller than trying to buy a whole company and still isn't the same as MS willingly providing the exploits).

 

As you can see there are several possibilities here and only one is that MS was paid for it.

I think all four of those possibilities are terrible and should not happen.

You can argue semantics if you want but I think it is distracting from the bigger issue.

(and before the MSDF start saying I am backpedaling, please read my previous posts where I also suggested things such as NSA people working at Microsoft, or individuals at Microsoft leaking information or programming backdoors)

 

 

The rest of the post I agree with, but like I have said I don't think you should simply dismiss it just because there is no 100% concrete evidence for it. We have bits and pieces, and it is a real possibility that it is all true, so why deny it? I think the people denying it are just as irrational as the people saying it is confirmed.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
23 minutes ago, LAwLz said:

There is no such thing as indisputable evidence if the other person don't want to believe the thing to be true. You can always come up with excuses for why evidence is not 100% conclusive.

 

What other sources could you find sources? Besides, you are basically arguing that absence of evidence is evidence of absence, which is nonsense.

 

 

What are you even talking about, that's what indisputable evidence is, evidence you can't dispute. Of course there is such a thing. Making an excuse to dismiss evidence does not actually dismiss evidence.   The cum on Monica Lewinsky's dress was Bill Clinton's, that is indisputable evidence.  All other evidence was circumstantial. one can be disputed the other can't.

 

23 minutes ago, LAwLz said:

I think focusing on "did they do it for money or not" is distracting from the real issue. The real issue being that Microsoft has directly or indirectly helped the NSA and other agencies to find exploits in their software.

Also, you keep saying that there is no evidence for it, but there is a mountain of evidence which may not be 100% conclusive, but point towards it being a real possibility. You can't just dismiss evidence just because it by itself is not 100% conclusive. Imagine doing that in a trial.

"Yes your honor, we have DNA tests, witnesses and a confession that he is the murderer, but we should abolish all charges because these things are not 100% conclusive and therefore it is reasonable to assume that he is innocent".

(and since I can already hear the Microsoft Defense Force frothing at their mouths, analogies are not 1:1 comparisons. I am not literally saying Microsoft are getting away with murder. I am pointing out flaws in this way of thinking by drawing parallels with another situation.)

 

 

 

Why?  the title asserts they did it for money and it is the only thing they don't have evidence for, I think the whole thread is distracting from the real issue.  Is it not fair and objective that I only  take issue with the one component that lacks hard evidence?

 

And yes, I can dismiss evidence that is not conclusive, because treating inclusive evidence as hard facts is disingenuous to finding the truth. 

23 minutes ago, LAwLz said:

The rest of the post I agree with, but like I have said I don't think you should simply dismiss it just because there is no 100% concrete evidence for it. We have bits and pieces, and it is a real possibility that it is all true, so why deny it? I think the people denying it are just as irrational as the people saying it is confirmed.

I have no problem with equal weight in. I just have a problem with people reading between the lines and making it all about the one thing. 

 

EDIT: to me this becomes a bit of a "think of the children" argument, without evidence the children are in danger why instigate a change?  Be cautious for sure, don't let your guard down, however making out there are hard facts to further an agenda undermines the core issue and only serves to perplex that issue further.  The real danger here is the NSA and anyone who sells or uses their tools. The secondary danger is how it came to be and we can't change that until we know for sure how it happened.  

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
36 minutes ago, Colonel_Gerdauf said:

 

3) I would not call a gag order a matter of willing compliance on Microsoft's end. I would like to be specific with something: my issue is not that Microsoft did nothing (they did do things), but rather the actions are NOT something that Microsoft had much of any alternatives on. I would like to see the 'hard' evidence' that claims that Microsoft had choices and picked the worst ones of the bunch IN THIS SITUATION.

 

I think this is the crux of it all right here.  There is a difference between willing and strong armed.  One is of major concern becasue MS would be evil and we should all be avoiding them.  The other is of major concern because the government will stop at nothing for total control, and we can't avoid that short of a revolution.

 

If it's the former then our only hope is to find a way to be rid of MS and their ilk.  If it is the later though then by hanging MS we might be throwing our strongest allies in a fight against corrupt government under a snowden sized bus.   You have to choose, but choose carefully becasue should you succeed you don't get a second chance. 

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
5 hours ago, LAwLz said:

OpenSSL, the most widely used library for HTTPS, is completely open source. Yet, it is near impossible to decrypt anything using it. The strength from modern encryption does not come from the source code because that has historically been a horrible idea. Modern encryption techniques are based on well designed architectures and strong keys.

OpenSSL is a completely different thing to an entire operating system though. An encryption standard only does one thing and it's purpose is to be secure.

 

There have been many encryption standards in the past that have turned out to be easily defeated, all operating systems will have flaws in them open source or not and not all will be discovered easily.

 

Linux is continuing to have security flaws found in it's kernel. Windows being closed source and the NSA/CIA etc having access to the source with the understanding they and they alone have it so no body else is potentially going to discover what they do.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
3 minutes ago, Colonel_Gerdauf said:

You heave repeatedly insisted on the possibility of Microsoft playing a role, when there has been nothing good thus far to support such a lofty claim

BUT THERE IS EVIDENCE FOR IT!

Holy crap how many times do I have to repeat this? There is a ton of evidence that Microsoft has played a role in providing NSA with exploits. To what extent is still up for debate, but they have most certainly played some role in it (and even you have agreed with this several times in this thread, but I don't think you have realized it).

 

 

5 minutes ago, Colonel_Gerdauf said:

Even here, you strongly imply that this is the doing of Microsoft alone, which raises alarm bells for the rest of us who like to see the bigger picture of the matter.

No I am not. I have explicitly said, multiple times, the exact opposite.

How many times have I not said that one explanation for this would be that NSA has people on the inside of Microsoft? This is probably like the fourth or fifth time. That is the exact opposite of what you are claiming I am saying.

Also, I don't think I am missing the bigger picture. Like I said in my previous post, I think that regardless of the explanation (Microsoft helping the NSA, the NSA having spies, or any other explanation) it is a shitty situation and something needs to be done about it.

 

 

12 minutes ago, Colonel_Gerdauf said:

For somebody who hates the use of this so-called 'ad-hominem', you sure do like to use it yourself as you so please. I'd say I know a lot more about security that you are assuming. Yes, modern encryption is on the basis on good solid architecture; I never disagreed with that.

But you did disagree with that. Here is a quote from you which shows a complete lack of understanding for encryption:

6 hours ago, Colonel_Gerdauf said:

It does not take a genius to understand how easy clear-box testing is in comparison to black-box. It does not matter how well-designed or vetted a software is; when the source code is given to anybody, you are giving them the house and car keys.

[...]

For them, private keys are not hard at all to find.

If your encryption architecture is well designed then handing over the source code is NOTHING like handing them your house and car keys. It's more like handing them a picture of your house and car.

There are also no private keys to find in the source code. Private keys are not part of the source code, so how do you expect the NSA to find them?

 

 

17 minutes ago, Colonel_Gerdauf said:

I will bet you that they have more than enough computing power in house to break through AES128 or even AES256 via clear-box testing without breaking a sweat; this is how powerful these agencies actually are.

And once again you show a lack of understanding of cryptography. AES128 and AES256 are not something you can break with computational power, unless your password is something like "password".

By the way, the NSA has at several times been unable to decrypt things such as Truecrypt which relies on, among other things AES.

 

24 minutes ago, Colonel_Gerdauf said:

including finding clues as to what private keys are being asked.

Once again, no understanding of modern encryption algorithms.

1) Private keys are not something the program requests.

2) Private keys are not part of the source code. Microsoft can hand over the entire source code for their crypto libraries, and it will contain 0 traces of their private keys.

 

28 minutes ago, Colonel_Gerdauf said:

Let me go back to an argument I made a long while ago that you never properly answered: going by this security by obscurity, there are many algorithms that they house (NSA Type I, which includes SAVILLE, BATON, MAYFLY, WEASEL, and others, including several we may never even know the names of, both old and new) which has never been shown to anybody, and has never been broken into outside of the other secret agencies. Let me ask you, if architectural security is such a big deal, then why is confidentiality still a thing?

By confidentiality do you mean why does the NSA keep their in house algorithms a secret?

We'll, let me use your own arguments against you now. Do you have any evidence that these encryption suits are actually exists? Even if they exist, are they actually used? The NSA has lots of people working for them, so if these suits actually existed then surely we would have 100% undeniable proof that they existed right? But we don't.

 

No but seriously, if your first line of defense is that your source code is obscured then your encryption system is shit. Since the Type 1 suits have not been cracked it is safe to say that they are well designed, on top of being secret. It is most likely not the code being a secret that has prevented it from being cracked though (because it has historically never worked). Correlation does not imply causation. Just because the algorithm hasn't been disclosed does not mean that is the reason why they haven't been cracked.

Besides, it is believed that a lot of those are no longer in use since they are old and outdated compared to newer standards (which are often public, such as AES).

 

52 minutes ago, Colonel_Gerdauf said:

3) I would not call a gag order a matter of willing compliance on Microsoft's end. I would like to be specific with something: my issue is not that Microsoft did nothing (they did do things), but rather the actions are NOT something that Microsoft had much of any alternatives on. I would like to see the 'hard' evidence' that claims that Microsoft had choices and picked the worst ones of the bunch IN THIS SITUATION.

I would not be so quick in claiming that they were forced to do everything they did. Since you are claiming the contradictory and then asking for evidence, how about you provide hard evidence that support your claim that Microsoft were forced into it?

 (Tagging you here too @mr moose)Personally I have not picked a side, and have countless of times claimed that I do not know to what extent nor the reasons why Microsoft has helped the NSA. Perhaps the true answer is not one of the extremes (100% guilty or 100% innocent) but rather somewhere in the middle?

 

And I've said it before and I will say it again, absence of evidence is not evidence of absence. You can't use the lack of "hard evidence" as evidence for an opposing claim.

 

1 hour ago, Colonel_Gerdauf said:

but we cannot believe everything that comes out of one's mouth, can we?

Well, I choose to believe in documents obtained from the NSA. Like I have said countless of times, I don't think it is logical to assume that these particular pieces of information have been forged just to make companies such as Microsoft look bad, when everything else that have been leaked have been accurate.

(and please remember that I am not arguing from the position that Microsoft are 100% guilty and is doing this because they get paid or for fun, and this is a position I have repeatedly stated in this thread)

 

1 hour ago, Colonel_Gerdauf said:

5) What are you even trying to say here? The former example was done when the NSA's overconfidence was at it's peak, and it was quite a few years ago. To repeat, they are not idiots; publicity has always been their enemy. The latter example was something that (so far) happened (1) purely on Microsoft's end and (2) on the NSA's end without compliance from Microsoft. You are making massive leaps of logic here.

So first you say that they would not risk it, then I point out that they have already done so, and your argument is "well they were just overconfident before and they would never do it again"? Where is your evidence for that? How do you know that they were just overconfident back then and would not do the same things again, but this time maybe try and be more sneaky about it?

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
3 minutes ago, leadeater said:

OpenSSL is a completely different thing to an entire operating system though. An encryption standard only does one thing and it's purpose is to be secure.

I was referring to the Outlook incident, not Windows. Follow the conversation two more quotes and you will see it mentioned specifically.

 

18 hours ago, LAwLz said:

when it comes to crypto then a well designed system does not become vulnerable just because you see the source code, yet in the Outlook example we see just that happening. The NSA has access to private keys which are not included in the source code.

It was an example used to prove a point. The point being that you can't just go "well they saw the source code so therefore they can hack into it easily".

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Tech News

×