[117478] in Cypherpunks
Re: A-M$: The Microsoft NSA Back Door
daemon@ATHENA.MIT.EDU (Arizona)
Fri Sep 3 21:06:10 1999
Date: Fri, 3 Sep 1999 20:52:38 -0400
Message-Id: <19990904005021.18454.rocketmail@send205.yahoomail.com>
From: Arizona <katmai733@yahoo.com>
To: Multiple recipients of list <cypherpunks@openpgp.net>
Content-Type: text/plain; charset=us-ascii
MIME-Version: 1.0
Reply-To: Arizona <katmai733@yahoo.com>
David,
I think you have made some errors in your thinking, or
at least in your writing.
--- David Wagner <daw@cs.berkeley.edu> wrote:
> In article
>
<Pine.LNX.4.10.9909032217220.5420-100000@zor.hut.fi>,
> So, at worst, this is a backdoor that allows that
> NSA to manage their own
> computers more easily, without going through the
> rigamorole that the rest of
> us have to deal with. This is, IMHO, a lesser sin
> (albeit still an abuse of
> export controls, if true).
Three points here:
1) The *worst* case is that this is a backdoor for NSA
administrative use? I would consider the worst case
to be that the agency may have managed to give
themselves potential access to every Windows machine
on the planet. Maybe that's just me...
2) Does it bother you that the NSA would have enough
influence inside MS to get their own private changes
made to the OS? Even if it was simply to allow easier
management of their own machines, they managed to get
a $400 Billion company to alter their prize product,
opening a huge security gap, to ease a system
administrator's problem? Note that this wasn't a
patch created to alter just NSA systems, this was a
change to *all* copies of the OS.
3) What makes you think the *NSA*, the N-fucking-SA
for godsakes, uses Windows? Seriously? They have to
understand the issues of network security and just how
full of holes MS products are; why would you assume
that they use them?
I agree with you that some skepticism is in order
here, and that there is a good chance that this whole
thing is overblown. It doesn't seem to me that you
thought through what you were writing before you
pressed "send."
> Also, there is some question whether this key
> actually belongs to the NSA.
> One reporter I spoke to said she talked to
> Microsoft, and they claim that it
> is just a backup key (in case they lose the private
> key corresponding to the
> first one?), and is not a backdoor for the NSA.
> Their response is weasel
> worded carefully enough that I do not trust it 100%,
> but I'd urge everyone to
> check further with Microsoft before drawing any
> final conclusions.
I don't understand this point. MS wouldn't, under any
circumstance that I can think of, admit to such a
thing at this stage. To say that MS is probably
telling the truth because they have issued a denial is
a little naive. MS does have a history (including
this week, I believe) of denying, denying, denying,
until the evidence is overwhelming.
Once again, I also urge skepticism (mainly because
this seems to simple and pat), but I think that you
need to re-think your reasoning. Especially if you
are acting as the voice of the crypto and privacy
communities, to the media.
Kat
__________________________________________________
Do You Yahoo!?
Bid and sell for free at http://auctions.yahoo.com