Posted on 06/24/2013 10:51:00 AM PDT by big'ol_freeper
WASHINGTON – The National Security Agency has backdoor access to all Windows software since the release of Windows 95, according to informed sources, a development which follows the insistence by the agency and federal law enforcement for backdoor “keys” to any encryption, according to a report in Joseph Farah’s G2 Bulletin.
Having such “keys” is essential for the export of any encryption allowed under U.S. export control laws to foreign users.
The NSA plays a prominent role in deliberations over whether such products can be exported, and routinely turns down any requests above a certain megabyte level that exceeds NSA’s technical capacity to decrypt it. That’s been the standard for years for NSA, as well as the departments of Defense, Commerce and State.
Computer security specialists say that the Windows software driver used for security and encryption functions contains unusual features which give NSA that backdoor access.
These security specialists have identified the driver as ADVAPI.DLL. It enables and controls a variety of security functions. These specialists say that on Windows, it is located at C:\\Windows\system directory of anyone’s computer that uses Windows software.
Nicko van Someren says the driver contains two different keys. One was used by Microsoft to control cryptographic functions in Windows while another initially remained a mystery.
Then, two weeks ago, a U.S. security firm concluded that the second key belonged to NSA. Analysis of the driver revealed that one was labeled KEY while the other was labeled NSAKEY, according to sources. The NSA key apparently had been built into the software by Microsoft, which Microsoft sources don’t deny.
This has allowed restricted access to Microsoft’s source code software that allows for such programming.
Access to Windows source code is supposed to be highly compartmentalized, actually making such actions easier because many of the people working on the software wouldn’t see the access.
Such access to the encryption system of Windows can allow NSA to compromise a person’s entire operating system. The NSA keys are said to be contained inside all versions of Windows from Windows 95 OSR2 onwards.
Having such the secret key inside your Windows operating system makes it “tremendously easier for the NSA to load unauthorized security services on all copies of Microsoft Windows, and once these security services are loaded, they can effectively compromise your entire operating system,” according to Andrew Fernandez, chief scientist with Cryptonym Corporation of North Carolina.
Being open source there are plenty of back doors they can sneak into the Linux flavors as well. Apple also collaborated with them as well.
Boys and girls, this has been going on for quite a while, not new. Whenever you have an open rather than closed and isolated system you are open to all kinds of things like viruses, trojans, snooping, etc.
If hackers can find ways around your security and firewalls and openings in your OS then the Fed with all its years of experience spying and cracking systems can do it easily.
Do any of you honestly believe that MS OS machines are the only ones they are interested in or can crack?
Yeah, sure, and obama didn’t know anything about the IRS scandal until he read it in the papers.
Does Linux have this “feature” too?
Delete it!
er...given Microsoft’s solid reputation for rock solid operating systems...(sarc)...methinks anyone using their stuff had pretty much given up on all thoughts of privacy around twenty years ago.
And yes, there are security holes in every operating system...it’s just that Microsoft has established the standard below which no company operates.
And being open source, they can be found pretty darn quick. Unlike MicroSloth, which is closed software, and where the source code is unavailable.
/johnny
That statement just proves you know nothing about open source.
Please research before commenting further.
No.
Does Microsoft protect its Windows own computers from US Government penetration?
If so, how?
If not, wouldn’t their shareholders be interested?
/johnny
This I know for sure: if this situation ever begins to be taken seriously by Joe Sixpack (which I doubt will ever happen) you’ll know because it will all be blamed on George Bush.
How is this different from lock makers giving a master key to the government that opens all locks?
No different.
Illegal. Both.
How about a master car key that lets the gov open your car door?
No different.
Illegal. Both.
This is all so scary...
Four different .dll's on my Windows XP computer.
Good Hunting... from Varmint Al
Linux per se, no. Some implementations of Linux might, but since it’s open source, you can read the source code and cut out or modify any bits you don’t like. That’s the whole point of open source: you’re not buying a license when you get your copy, you own your copy (which you probably got free, though maybe you paid to get some support services from one of the Linux distro companies and got it on a disk you bought from them) and can do what you want with it.
Open Source is the virtue that permits detection of the fault, not the cause of the back door.
So how much did our Government PAY HIM for this ability to snoop on all of us?
It came out of taxpayers money, I'm sure.
We have a right to know.
Sarah Palin, are you listening?
Providing anyone finds the fault. The industry stats have indicated for a while that all OS have faults that are not detected until something very bad happens. They are all software and there aren’t enough geeks in the world to be able to detect the possible backdoors and other faulty code and access schemes. Remember, the software security industry is not the most sophisticated or competent entities in finding and detecting these problems; governments, including the U.S. have the resources and facilities to be on the bleeding edge of computer espionage. The private companies can’t come close to matching these capabilities. No OS, no coding language, and no Browser is truly safe.
Thanks, beyond my ken. I wrote hex assembly code twenty-five years ago, but have no recent experience with anything but html & css in recent years.
If one runs Windows on top of Linux, is that back door then open? I would assume so.
Not entirely true. We can prove that things are correct. As an example there is Ironsides, which is an implementation of a DNS server which is:
provably invulnerable to many of the problems that plague other servers. It achieves this property through the use of formal methods in its design, in particular the language Ada and the SPARK formal methods tool set. Code validated in this way is provably exception-free, contains no data flow errors, and terminates only in the ways that its programmers explicitly say that it can. These are very desirable properties from a computer security perspective.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.