Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: FBI Back Door

  1. #1
    Master Untangler mozerd's Avatar
    Join Date
    Nov 2008
    Location
    Nepean Ontario Canada
    Posts
    253

  2. #2
    Untangle Ninja mrunkel's Avatar
    Join Date
    Jul 2008
    Posts
    3,022

    Default

    I'm throwing the bullshit flag on this story. It sounds like just a load of nonsense.
    m.
    <BR>
    Big Frickin Disclaimer:
    While I'm pretty sure, I can't guarantee that I know what I'm doing. There might be a better way to do this, and this way might actually suck. Make sure you understand the implications of what you're doing before trying to follow these directions.
    <BR>It often helps troubleshooting if you have a good network map. Look <A HREF="http://forums.untangle.com/tip-day/5407-how-draw-network-diagram.html">here</A> if you want my advice on how to draw one. <BR> <B>Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com<B>

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,498

    Default

    I've heard that Windows has certificates installed in it that are supposed to allow access to information encrypted on the platform for law enforcement purposes.

    To my knowledge, no open source operating system suffers from that limitation as no single nation has sway on its development. That said, OpenBSD ans the associated OpenSSL project form the basis for the entire open source community's encryption methods.

    However, I have to call bull on this entire idea set... the reality of the situation is that if the good guys put intentional weaknesses in the encryption technology so they could decrypt it, the bad guys would have found it ages ago and been using it to subvert the encryption themselves.

    I've read multiple security articles written by FBI, NSA, and military officials that have pointed out the same. There is an issue, in that law enforcement does at time need the ability to breach the encryption. However, everyone that has half a brain also acknowledges that any such mechanisms would be easily discovered and exploited to subvert the encryption to begin with.

    Since we don't have mass encryption subversion going on, I have to assume that this entire mess is nothing more than paranoia. Healthy paranoia perhaps, but paranoia none the less.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Untangler
    Join Date
    May 2008
    Posts
    80

    Default

    I've heard that Windows has certificates installed in it that are supposed to allow access to information encrypted on the platform for law enforcement purposes.
    Equal part folklore...

  5. #5

  6. #6
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    Agreed. Sounds like BS. The code is completely open and readable.

    Besides I suspect it would be hard to intentionally write a flawed implementation that still worked with other correct implementations.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  7. #7
    Untangle Ninja Solignis's Avatar
    Join Date
    Jul 2008
    Location
    Hudson, Ohio, USA
    Posts
    1,697

    Default

    About the whole idea, I always believe in the idea that if someone...including law enforcement really wanted/needed in there is very few things that can stop them cold.

    For example the NSA is know to have banks of high power computing clusters that are dedicated to various number crunching tasks like breaking encryption ciphers. So while back doors would make the job easier I agree with sky-knight in the fact that the backdoor would have been exploited long ago.

    It would not surprise me either to find a few boxes dotted around in government offices running OpenBSD or a variant of it because BSD is about as close as you get to pure Unix without loading up something like System VII or whatever they are up to now.

    I also would call the BS flag on this, oddly enough though I saw this very story on a Revision3 show I was watching. They also called it BS though they said IN THEORY such a said backdoor could have been over looked being that the code is very long, I am still not convinced of any potential danger.
    “Most good programmers do programming not because they expect to get paid or get adulation by the public, but because it is fun to program.” - Linus Torvalds

  8. #8
    Untangle Ninja hescominsoon's Avatar
    Join Date
    Sep 2007
    Posts
    1,704

    Default

    actually the NSA spent a DECADE trying to crack kevin mitnick's pgp encrypted disk...and failed. Modern cryptography is nearly impervious to today's processing(as long as you aren't using weak passphrases or compromised certificates). Even RC$ which isn't considered strong enough anymore took years of distributed brute forcing before it fell. The combined processing abilities of the distributed project was many orders of magnitude more than what any single gov't entity could being to bear in the foreseeable future. I am going to raise the bs flag on this until such time that well-known cryptanalysts verify this..until then it's bunk.

  9. #9
    Untangle Ninja Solignis's Avatar
    Join Date
    Jul 2008
    Location
    Hudson, Ohio, USA
    Posts
    1,697

    Default

    Well it is the same kind of idea that makes Linux so solid.

    Many people + Many different ways of thinking = Many possibilities.

    In that case of something like Windows, you only have a few people working on the project so you end up with, granted I use the word FEW loosely with Microsoft.

    Few people + Few different ways of thinking = Few possibilites.

    People are always changing granted but not at the same speed as the Linux communities change. I would guess ATLEAST 5 people or so jump on Linux each day heck probably more like 5000 people.

    So for a weak spot to have eluded new people and old people for so long is damn near impossible.
    “Most good programmers do programming not because they expect to get paid or get adulation by the public, but because it is fun to program.” - Linus Torvalds

  10. #10
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,498

    Default

    That logic doesn't hold water. The Microsoft development team that works on Windows is far from a "small group of people". Furthermore, I would argue that open source has issues controlling the general quality of code submits... how many updates get thrown out?

    The commercial development model isn't perfect, but it has strengths. The open source development model is also not perfect, but has different strengths.

    Honestly I feel that projects like Untangle are the future, leveraging multiple volunteer sponsored and open source projects to build a solid commercial product. But even Untangle has its share of closed bits of code.

    This hybrid model has its own ups and downs... but I think the ups in this case are the best we could hope for.

    Microsoft doesn't want government interference with their products. And if you study the way the company has thumbed their nose at anti-trust rulings and legislation world wide you can see they don't have a good track record of conforming to such stupidity. They will make a solid product, because their customers demand it.

    Linux will be a solid product because its creators demand it.

    Two sides of the same coin from my perspective.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2