Regarding your final statement here, I seem to recall it being reported a little company called RSA allowed NSA backdooring and I¹m pretty sure they are far from Out-Of-Business. Claiming that giants like MS would go out of business if it got out that they were working with the NSA is completely naïve.
On 5/29/14, 4:13 PM, "Mike Cramer" <mike.cra...@outlook.com> wrote: >I think it¹s more important to have rational discussions. This isn¹t the >first time Microsoft has been Œrumored¹ to have backdoors in Windows for >the US Government. These rumors have been perpetuated for years. While I >don¹t know how long you¹ve been in the industry, it¹s something I recall >even being 14 years old and sitting on IRC and having people discuss. > > > >The reality now, just as then, is that these are unsubstantiated. > > > >A more apt description about the cooperation between the US Government >and Microsoft I think falls back onto our old pals ³Alice and Bob². I¹m >sure you may recall these names from any sort of discussion about PKI. > > > >What people seem to forget in all of these discussions is that Microsoft >is Bob. (Microsoft Bob? :P) > > > >No amount of encryption, protection, secret keying is going to protect >you when one party is going to hand over the information to 3rd parties >to review. > > > >Based on my Alice and Bob comment above, it¹s reasonable to assume that >the encryption itself is 100% fine, so as long as you believe that Bob >will never divulge the information you¹ve disclosed. > > > >Through all of these discussions surrounding Bitlocker across multiple >forums nobody has brought up the fact that Bitlocker in Windows 8 allows >you to store recovery key information in OneDrive/²The Cloud². Why bother >writing in backdoors to the software when the keys are readily available >with a warrant? > > > >There are a million and one ways to get access to the information and the >absolutely most difficult, most costly, and most potentially damaging is >the one people are jumping to first. > > > >If it were ever revealed that Microsoft purposefully weakened its >encryption systems to allow the NSA access to any Windows device, then it >would be the end of the organization. They¹re just not that dumb. > > > >Mike > > > >From: Justin Bull [mailto:m...@justinbull.ca] >Sent: Thursday, May 29, 2014 18:02 >To: Mike Cramer >Cc: fulldisclosure@seclists.org; secuip >Subject: RE: [FD] TrueCrypt? > > > >Closed source and Microsoft is notoriously known to play ball with LEO >and government. It's an ill-fitting shoe. > >Sent from mobile. > >On May 29, 2014 5:47 PM, "Mike Cramer" <mike.cra...@outlook.com ><mailto:mike.cra...@outlook.com> > wrote: > >What is careless about recommending Bitlocker? > >-----Original Message----- >From: Fulldisclosure [mailto:fulldisclosure-boun...@seclists.org ><mailto:fulldisclosure-boun...@seclists.org> ] On Behalf Of Justin Bull >Sent: Thursday, May 29, 2014 17:18 >To: secuip >Cc: fulldisclosure@seclists.org <mailto:fulldisclosure@seclists.org> >Subject: Re: [FD] TrueCrypt? > >But why go out in that style? Why not be frank? Why be so careless as to >recommend BitLocker? > >The diff was meticulous but the website and comms were not. It doesn't >add up. > >Sent from mobile. >On May 29, 2014 5:13 PM, "secuip" <r...@secuip.fr <mailto:r...@secuip.fr> >> wrote: > >> http://krebsonsecurity.com/2014/05/true-goodbye-using- >> truecrypt-is-not-secure/comment-page-1/#comment-255908 >> >> >> Le 29/05/2014 22:51, uname -a a écrit : >> >>> There are several strange behaviors. >>> >>> Sitesource is not clean. Just a html that say take now Bitlocker or >>> other built-in tools of your OS !? >>> >>> New Keys got added to SF 3h before release of 7.2 happened. >>> >>> On SF the old versions got removed. For older Versions you've to >>> download them elsewhere (there are several sources available). >>> >>> Encryption, Help and all traces to truecrypt.org >>><http://truecrypt.org> got removed in the >>> Programsource. >>> >>> No explanation for this anywhere. Just speculations. >>> >>> Truecrypt isn't available on the webarchive! >>> >>> The Wiki got editet massively. >>> >>> >>> >>> Am 29.05.2014 04:21, schrieb Anthony Fontanez: >>> >>>> I'm surprised I haven't seen any discussion about the recent issues >>>> with TrueCrypt. Links to current discussions follow. >>>> >>>> /r/sysadmin: http://www.reddit.com/r/sysadmin/comments/26pxol/ >>>> truecrypt_is_dead/ >>>> /r/netsec: http://www.reddit.com/r/netsec/comments/26pz9b/ >>>> truecrypt_development_has_ended_052814/ >>>> >>>> Thank you, >>>> >>>> Anthony Fontanez >>>> PC Systems Administrator >>>> Client Services - College of Liberal Arts Information & Technology >>>> Services, Enterprise Support Rochester Institute of Technology >>>> LBR-A290 >>>> 585-475-2208 <tel:585-475-2208> (office) >>>> ajf...@rit.edu <mailto:ajf...@rit.edu> <mailto:ajf...@rit.edu >>>><mailto:ajf...@rit.edu> > >>>> >>>> Submit a request via email: serviced...@rit.edu >>>><mailto:serviced...@rit.edu> <mailto:ser <mailto:ser> >>>> viced...@rit.edu <mailto:viced...@rit.edu> > Check the status of an >>>>active request: >>>> footprints.rit.edu <http://footprints.rit.edu> <https:// >>>>footprints.rit.edu/ <http://footprints.rit.edu/> > Manage your RIT >>>> account and computers: start.rit.edu <http://start.rit.edu> >>>><https://start. >>>> rit.edu/ <http://rit.edu/> > >>>> >>>> CONFIDENTIALITY NOTE: The information transmitted, including >>>> attachments, is intended only for the person(s) or entity to which >>>> it is addressed and may contain confidential and/or privileged >>>> material. Any review, retransmission, dissemination or other use of, >>>> or taking of any action in reliance upon this information by persons >>>> or entities other than the intended recipient is prohibited. If you >>>> received this in error, please contact the sender and destroy any >>>>copies of this information. >>>> >>>> >>>> >>>> _______________________________________________ >>>> Sent through the Full Disclosure mailing list >>>> http://nmap.org/mailman/listinfo/fulldisclosure >>>> Web Archives & RSS: http://seclists.org/fulldisclosure/ >>>> >>>> _______________________________________________ >>> Sent through the Full Disclosure mailing list >>> http://nmap.org/mailman/listinfo/fulldisclosure >>> Web Archives & RSS: http://seclists.org/fulldisclosure/ >>> >> >> >> _______________________________________________ >> Sent through the Full Disclosure mailing list >> http://nmap.org/mailman/listinfo/fulldisclosure >> Web Archives & RSS: http://seclists.org/fulldisclosure/ >> > >_______________________________________________ >Sent through the Full Disclosure mailing list >http://nmap.org/mailman/listinfo/fulldisclosure >Web Archives & RSS: http://seclists.org/fulldisclosure/ > > >_______________________________________________ >Sent through the Full Disclosure mailing list >http://nmap.org/mailman/listinfo/fulldisclosure >Web Archives & RSS: http://seclists.org/fulldisclosure/ _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
