I have been hearing a lot of stuff on NSA this and NSA that over the last while, we are being spied on our PCS/Windows/Skype/Whatever Software and it's the end of the world etc. But what I haven't seen a lot of is the actual means of Spying they use? Where is the communication taking place. A few years back when this was first OS news, I saw that it was discovered because of a faulty SSL cert (something along those lines) when the person reverse engineered whatever process. But I haven't actually seen anything else since then except a lot of speculation.
Has any gov or organization in Europe or anywhere else given any full disclosures of NSA/US government spying?
Any independent hackers or anyone else with some actual packet capture files or code showing this? I mean Skype was reverse engineered not long ago and I am not sure why but I don't think anything was mentioned of US Gov/NSA involvement in that code.
In essence if NSA backdoors are hard coded in our Microsoft or Whatever systems why can't we just apply patches to remove it?
Something doesn't add up imo
Just my own personal observance and speculation.
I should note I watched a small talk where it said Linus Torvalds was approached by someone to install a back door into Linux, but he said even if I did it is open source and would be easily discoverable. At least this was said by his father at a conference and didn't seem to come from the man himself.
Anyway what's your opinions?
NSA Backdoors and why not just patch?
-
bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
Re: NSA Backdoors and why not just patch?
that NSA thing is nothing but a big hype...I mean, secret services doing surveillance? wow, now that's something new, I never would have expected they do that. 
the NSA collects about 5 billion cellphone data sets alone already every day, now imagine how much internet traffic it is...that data is queried if there is a reason, and it's not like there is a huge drawer somewhere with a file for everyone like people think. so why on earth should the NSA be interested in "bad_brain going to the bakery" or "bad_brain watching porn online".....they even wouldn't care if "bad_brain downloading warez". what interests them is in context with terrorism and severe crimes.
but back to the topic:
I haven't seen a real proof yet about the existence of such backdoors (tcpdump anyone?), or at least a proof they work like "the NSA guy clicks a button and he's on your computer".
that's imo the reason why there's no patch. in germany the government planned to release a super-secret trojan software that spies on people....it was published and reverse engineered faster than the latest miley cyrus mp3 makes it to TPB. if there would be a real backdoor it would be the same, and it would be patched just as fast by the community people.
to be safe it's still the best to use a good ol' vpn which is not located in the USA, that way it makes it much more complicated for them to get their hands on both endpoints which are needed to intercept the SSL handshake. they still could of course, but the cost and the needed agreements in the other country only makes sense in the terrorism and severe crimes cases....again. if someone whines about the NSA again best ask why he is so concerned about it and what highly illegal activities he is up to that could interest secret services...
the NSA collects about 5 billion cellphone data sets alone already every day, now imagine how much internet traffic it is...that data is queried if there is a reason, and it's not like there is a huge drawer somewhere with a file for everyone like people think. so why on earth should the NSA be interested in "bad_brain going to the bakery" or "bad_brain watching porn online".....they even wouldn't care if "bad_brain downloading warez". what interests them is in context with terrorism and severe crimes.
but back to the topic:
I haven't seen a real proof yet about the existence of such backdoors (tcpdump anyone?), or at least a proof they work like "the NSA guy clicks a button and he's on your computer".
that's imo the reason why there's no patch. in germany the government planned to release a super-secret trojan software that spies on people....it was published and reverse engineered faster than the latest miley cyrus mp3 makes it to TPB. if there would be a real backdoor it would be the same, and it would be patched just as fast by the community people.
to be safe it's still the best to use a good ol' vpn which is not located in the USA, that way it makes it much more complicated for them to get their hands on both endpoints which are needed to intercept the SSL handshake. they still could of course, but the cost and the needed agreements in the other country only makes sense in the terrorism and severe crimes cases....again. if someone whines about the NSA again best ask why he is so concerned about it and what highly illegal activities he is up to that could interest secret services...
Re: NSA Backdoors and why not just patch?
True that man!
Nice commentary regarding this.
Nice commentary regarding this.
-
reparto_temp
- On the way to fame!
- Posts: 34
- Joined: 20 Dec 2013, 16:23
- 10
Re: NSA Backdoors and why not just patch?
I think the biggest problem with a backdoor would be that if someone not the NSA figured it out then it would be the biggest exploit ever
imagine if you found an exploit on intel cpus that let you run arbitrary code that couldnt be detected or prevented, you could charge double on the skid forums...
just imagine all those skids stealing pictures of girls not wearing clothes because they cant afford air conditioning and the heat from their laptop is making them all sweaty...
just imagine the number of RMAs because the laptop fans are getting blocked up with sweat and possibly other bodily fluids...
just imagine the increase in build quality of laptops to reduce the number of RMAs...
i might have gone off-topic here...
imagine if you found an exploit on intel cpus that let you run arbitrary code that couldnt be detected or prevented, you could charge double on the skid forums...
just imagine all those skids stealing pictures of girls not wearing clothes because they cant afford air conditioning and the heat from their laptop is making them all sweaty...
just imagine the number of RMAs because the laptop fans are getting blocked up with sweat and possibly other bodily fluids...
just imagine the increase in build quality of laptops to reduce the number of RMAs...
i might have gone off-topic here...
Re: NSA Backdoors and why not just patch?
Exactly! That's why I never cared about companies using/selling my "personal" info, browsing history etc. I'm not doing anything remotely illegal enough to make me a target, nor do I plan to do anything of that sort. If my info makes them happy then let them have it - privacy is overrated.bad_brain wrote:if someone whines about the NSA again best ask why he is so concerned about it and what highly illegal activities he is up to that could interest secret services...