ladybug
Posts: 10
Joined: Sun Mar 30, 2014 3:33 pm

Backdoors Everywhere

Mon Mar 31, 2014 9:34 am

Following advice from ShiftPlusOne I thought I would start a new thread for everybody and talk about a subject that's been on the news a bit lately.

BACKDOORS in The Hardware && The Software.

Let's break it down:

Every computer hacker ever told off for searching for UFO's or just wanting to tag there name on some server somewhere has always seemed to be unemployed at the time they where doing it, so following in this great traditions footsteps I decided to pay a quick visit and point out some key facts for the rest of us.

Kevin David Mitnik: Status @ time of arrest - Unemployed
Kevin Poulsen: Status @ time of arrest - Unemployed

& The List go's on: http://en.m.wikipedia.org/wiki/List_of_ ... _criminals

Notice that many of these criminals are now reformed and now call themseleves Security Professionals.

So after that brief look in the past, your probably now asking yourself, well where are the back-doors we're all hearing so much about in the news?

Well according to another FREE-LANCER (Love that word) Jim Stone the backdoor's are all in the latest Intel i7 CPU Chips, yeap it seems that Intel has solved the problem of putting 3G capability into your PC's CPU. The secret 3G chip can act as a backdoor, complete with wake-on-LAN and wake-on-mobile. Which is to say, the computer can be turned on remotely through this undocumented 3G radio.

So it's no small surprise why those newer AMD FX CPU's actually appear to have what looks like a phone SIM card plugged directly onto the top.

Image

Ah, so here we have a potential candidate with an in built backdoor SIM card.

But wait what about back-doors in the software, there are none in there are there!?!

Well thats a good question that only you can decide for yourself, lets take a look at those Free Operating Systems that Hackers seem to love so much.

BSD/Linux Back-door free?

On 11 December 2010, Gregory Perry sent an email to Theo de Raadt alleging that the FBI had paid some OpenBSD ex-developers 10 years previously to insert backdoors into the OpenBSD Cryptographic Framework. Theo de Raadt made the email public on 14 December by forwarding it to the openbsd-tech mailing list and suggested an audit of the IPsec codebase. De Raadt's response was skeptical of the report and he invited all developers to independently review the relevant code. In the weeks that followed, bugs were fixed but no evidence of backdoors were found.

According to the developer who came forward the Back-door had been built into PfSensor.

But now lets see is there anything that leaps out at you as a Programmer or Hacker when it comes to looking at your chosen free operating system.

Well there are a few bit's that might give you pause, why dont we just open a terminal window and sudo to root and try out a few commands? Like how about the good old favourite: stty

Let's try this on an Android that has had it's root permissions restored with a few FREE developer modifications:

I see we have now been rewarded with our potential back-door, according to our terminal window we now have 38400 Buad Speed available on Line:0

Linux Kernel 4 - Million Lines of Code and counting, how many IOCTLS && how much dynamic linking?

But wait you cant over-ride the android window manager that easily can you? Ah, well lets see most Unices have the X11 Window manager preventing you from doing something that could be considered illegal and stupid, oh but no, that appears to be missing on our chosen android platform. So in theory yes you can bind to the Window Manager and create a presentation, in fact the android developer guide even has handy pointers for everyone so that they can all give it a try with the Octopus O/Mero && O/Live with the inclusion of a few hardware level back-doors to make that task so much easier.

Oh but wait look they've closed the back-door in the Samsung Galaxy S
https://www.fsf.org/blogs/community/rep ... y-backdoor

Closing a loop in the modem does not essentially remove the backdoor feature's from there OS and it's worth reflecting that whilst our government insist's it's to prevent terrorism, they've been actively putting back-doors into all our products since the early 1970's whilst only now seeming to want to find: Cyber-Magicians - When at the same time the people that they call magicians are all those teenagers and college kids that seem to know more about the technology than any singular technician in there spare time and it seems that the majority of them are distrustful and want nothing to do with them.

It's really hard to imagine why. :lol:

My advice to the Government in the US && the UK - "Keep it up!" you'll see some real magic, when people figure out where the back-doors are!

User avatar
Richard-TX
Posts: 1549
Joined: Tue May 28, 2013 3:24 pm
Location: North Texas

Re: Backdoors Everywhere

Mon Mar 31, 2014 12:45 pm

All of the concerns about back doors is pointless. There are no backdoors. Remember the Clipper Chip? It as well as other project like that are all moot. The USG has ways to crack any encryption. This is evidenced by the total lack of serious efforts to insert their own keys into any given encryption scheme. This fact as well as other facts lead to the conclusion that the USG doesn't care if something is encrypted as they have the means to monitor any traffic on the internet and decrypt it all. Sure they ask for master keys, etc but that is just so they don't have to use their massive decryption computer.

Want your data secure? Here is the only way but it has to be done before you start entering data.
Image
Richard
Doing Unix since 1985.
The 9-25-2013 image of Wheezy can be found at:
http://downloads.raspberrypi.org/raspbian/images/raspbian-2013-09-27/2013-09-25-wheezy-raspbian.zip

User avatar
jackokring
Posts: 816
Joined: Tue Jul 31, 2012 8:27 am
Location: London, UK
Contact: ICQ

Re: Backdoors Everywhere

Mon Mar 31, 2014 12:56 pm

There are likely hard ways to crack any standard coding, and master keys do help to install any keys, I'd assume. There is no such thing as total security of transport of information unless you own some expensive stuff and have lots of protected land run by yourself.

Cryptography just prevents non aligned upstarts from getting in on the game of pay for watching other people not getting paid. Such is the nature of those records you can't get hold of showing you how much your split would have been, and how you wouldn't have had to come up with some highly risky pay day scheme. :D
Pi[NFA]=B256R0USB CL4SD8GB Raspbian Stock.
Pi[Work]=A+256 CL4SD8GB Raspbian Stock.
My favourite constant 1.65056745028

mikerr
Posts: 2778
Joined: Thu Jan 12, 2012 12:46 pm
Location: UK
Contact: Website

Re: Backdoors Everywhere

Mon Mar 31, 2014 3:47 pm

ladybug wrote: Well according to another FREE-LANCER (Love that word) Jim Stone the backdoor's are all in the latest Intel i7 CPU Chips, yeap it seems that Intel has solved the problem of putting 3G capability into your PC's CPU. The secret 3G chip can act as a backdoor, complete with wake-on-LAN and wake-on-mobile. Which is to say, the computer can be turned on remotely through this undocumented 3G radio.
As usual with conspiracy theories, a small grain of truth amongst the hyperbole, this was based on misinterpreting intel's advertising.

vPro/AMT is a remote management tool that can give remote BIOS level access but it's really in the intel chipset not the CPU.
Network access is via the normal laptop's peripherals (3g if it has a 3g modem) - certainly not "3g inside CPU"
Android app - Raspi Card Imager - download and image SD cards - No PC required !

User avatar
RaTTuS
Posts: 10458
Joined: Tue Nov 29, 2011 11:12 am
Location: North West UK

Re: Backdoors Everywhere

Mon Mar 31, 2014 3:53 pm

Image
How To ask Questions :- http://www.catb.org/esr/faqs/smart-questions.html
WARNING - some parts of this post may be erroneous YMMV

1QC43qbL5FySu2Pi51vGqKqxy3UiJgukSX
Covfefe

ladybug
Posts: 10
Joined: Sun Mar 30, 2014 3:33 pm

Re: Backdoors Everywhere

Mon Mar 31, 2014 4:30 pm

tut-tut-tut, richard how little you know of there cracking capabilities, the whole reason behind wanting to build a Quantum super computer has all been publicly admitted by there little notorious agency, so they can decrypt COMMS, in that hell hole filled with people surfing the web on Windows 8 which of course is pure hyper-visor stuff from the Lad's who clearly work in there TAO Op's.
Richard-TX wrote:All of the concerns about back doors is pointless. There are no backdoors. Remember the Clipper Chip? It as well as other project like that are all moot. The USG has ways to crack any encryption. This is evidenced by the total lack of serious efforts to insert their own keys into any given encryption scheme. This fact as well as other facts lead to the conclusion that the USG doesn't care if something is encrypted as they have the means to monitor any traffic on the internet and decrypt it all. Sure they ask for master keys, etc but that is just so they don't have to use their massive decryption computer.

Want your data secure? Here is the only way but it has to be done before you start entering data.

Image
There are no back-doors, I think edward would disagree seeing as he's publicly stated if I wanted to get in your phone right now, he could.

The backdoor has always been in the Crypto API and the PKI, thats why you are forced to use all those CA-Certificates from authorities you've never heard from like the RSA && Microshaft, because even though you can create your own Crypto_API and sign your own Root_CA certificates easily on *Nix they bundle other providers in there instead.

Dont think because it's on a NULL pointer it can not be redirected with the right programming strings.

But what is really anoying is there backdoor is glaring us all in the face whilst they're trying to play the innocent at the same time buying the master keys from the RSA, although lets be honest, with SSL_Strip freely available to all, you dont really need master keys any-more just the same signed CERT. An that is where they will find they now have a huge problem. Oh siphoning money off-shore where we, did your 100 Billion just drop to being only 1 Billion Left because the Burmese Government decided they wanted to Tax you for all those off-shore tax free holdings.. "Dutch Sandwhich" and "Ireland Holdings" indeed.

Sigh, it's always so sweet to read how these corrupt idiots come completely unstuck.

Of course there livid that there Tax dealings are now becoming public knowledge.

But dont forget in the interim all those man hours spent at the tax payers expense surfing the world of war-craft maybe having to move occassionally in that plush office to get a free coffee from the KLIX machine, it was all in the effort (we're told) of rooting out the BAD element, on-line in the world of warcraft. Funny thing is I recollect reading that they banned the sale of play-stations to the middle east because they where afraid they would be used as missle chips, so how many BAD elements can you expect to find and root out on such an excersize? Oh 0.1%... Marvellous deductive reasoning, clearly we're all dealing with Sherlock Holmes.

But they justify it none the less as trying to curb terrorism... If you have a problem with DDOS and people hacking your WEBPAGE, perhaps you shouldnt Run Apache.. Perhaps you should run thttpd instead with a load Balancer and not allow SCRIPTS! SQL-Backend with CSS.. Time & Time again has proven to be broken and fruitless because the people that set-it up can't be bothered to run it under CHROOT. Sigh, it's just frustrating that they've used the fake element of curbing terrorism, to justify stripping the general public of there right's to privacy.

User avatar
Burngate
Posts: 6006
Joined: Thu Sep 29, 2011 4:34 pm
Location: Berkshire UK Tralfamadore
Contact: Website

Re: Backdoors Everywhere

Mon Mar 31, 2014 5:04 pm

Don't get me wrong, I do find these sorts of conspiracies quite entertaining.

But could I ask you to use proper spelling, punctuation and grammar?
For example, "their" is not the same as "there"; when you write "... from the Lad's who ..." what do the Lads own?

Of course if you wish to, you may carry on as you were, but there are two advantages to writing well.

Better grammar etc. makes it easier for most people to read, so they're more likely to read what you write, and understand it.
And better grammar etc. gives a more authoritative feel to what you write, so people may be more willing to believe you.

And, surely, you want people to read, understand, and believe what you write, otherwise you wouldn't be writing?

User avatar
DougieLawson
Posts: 36121
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: Backdoors Everywhere

Mon Mar 31, 2014 5:11 pm

How are the NSA going to decrypt my traffic in an OpenVPN tunnel where I own the CA cert, all intermediate certs, the private key and the public key and they've only ever been used on my equipment?

If we can trust the likes for Rivest, Shamir, Adleman & others that's a computationally impossible task to decrypt it.

(They'd be exceedingly bored if they do decrypt my noise, it's tedious in the extreme.)
Note: Having anything humorous in your signature is completely banned on this forum. Wear a tin-foil hat and you'll get a ban.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

Naraden
Posts: 3
Joined: Wed Jul 10, 2013 5:07 pm

Re: Backdoors Everywhere

Mon Mar 31, 2014 5:32 pm

Image

Who needs a back door?

ladybug
Posts: 10
Joined: Sun Mar 30, 2014 3:33 pm

Re: Backdoors Everywhere

Mon Mar 31, 2014 10:05 pm

Actually there is one project that give's the man grief; Kerberos & Factotum. One's PPP the other is SLIP. :D

An one open source project that does use Apache - Vulture & Beef

Hackers will always literally give you the SLIP.

They've already gotten onto your VPN because their Key's are in your Digest.

User avatar
mahjongg
Forum Moderator
Forum Moderator
Posts: 12224
Joined: Sun Mar 11, 2012 12:19 am
Location: South Holland, The Netherlands

Re: Backdoors Everywhere

Mon Mar 31, 2014 11:52 pm

DougieLawson wrote:How are the NSA going to decrypt my traffic in an OpenVPN tunnel where I own the CA cert, all intermediate certs, the private key and the public key and they've only ever been used on my equipment?
perhaps if you used a huawei products to conduct your traffic!

http://www.nytimes.com/2014/03/23/world ... .html?_r=1

Huawei products like wifi adapters, modems and routers might be compromised, and contain (NSA) backdoors.
Other communication products might also be compromised.

http://news.techeye.net/business/huawei ... -backdoors

ladybug
Posts: 10
Joined: Sun Mar 30, 2014 3:33 pm

Re: Backdoors Everywhere

Tue Apr 01, 2014 5:29 pm

Nah, I heard that was why they banned Lenovo laptops everywhere because they thought they might have a Huawei back-door somewhere, but laughbly loads of people love Lenovo buisness laptops. I guess your only safe if your running something other than proprietary rubbish, it's always been in the drivers, hence GPU threaded cards have closed source drivers, but putting a SIM onto the actual CPU is going a little bit OTT. But I wouldnt mind laying my hands on one, just so I can chisel the chip off and replace it with something else whilst plugging the SIM into something unpleasent with lots of Porn and mounting it on a mag-mount and then discretely attaching it to a filth wagon.

I heard some kids on an estate did something similar years ago and put there Transciever on top of a Police station, so when they finally tracked down the source of all that drum & bass over-riding there radio, it was coming from the top of there own head-quaters. Solar panels and phones really are a marvel of the modern age.

If they're going to give everybody the keys to the Car they'll have to expect some Joy-Riders!

They've cured that problem nowadays though, because all there radios are now encrypted with - Weak-Encrypt-Protocol (WEP)

Thats why when your running Kismet with the GPS pluggin's enabled everytime a bobby walks past you'll see:

PATROL-78182293
PATROL-54738393
PATROL-37389229

Isnt it good that they tag there own personel 24/7 so when you think your slipping off for a sly dohnut and coffee thinking nobody will know about it, think again! (WEP && WPS) My god the level of technical expertise is stunning! An I can imagine the pep talk now, yes, we give you way's to know where your staff are all the time. They'll never know about it! Pfft, turn off the bloody GPS repeater & take out the battery, now you can have that much needed Fag break.

Arranged to meet the missus for 5 minutes whilst out walking around, don't worry they know..

"PC334 are you near the corner of such and such a street"

"Erm, no I'm still up the top of such and such road actually!"

Little note goes on file, tells "LIES" to Control, well gee whizz would you look at that, your career is over before you've even started! That must be why my last employer giving us all tri-band GSM Radio with a Camera loved me so much, first thing I alaways did, set the correct time, because they where always off time wise because the battery's where shagged (or they where trying to screw you on your hours worked) and then disabled the GPRS. "Where are you?" Where do you think! Standing on a street corner freezing my balls off whilst your in some plush office next to the coffee machine, doing what you told me, selling your crap to an empty street!

An yes, it was an AMERICAN company!
Last edited by ladybug on Tue Apr 01, 2014 7:21 pm, edited 1 time in total.

jdb
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 2093
Joined: Thu Jul 11, 2013 2:37 pm

Re: Backdoors Everywhere

Tue Apr 01, 2014 7:05 pm

ladybug wrote:Nah, I heard that was why they banned Lenovo laptops everywhere because they thought they might have a Huawei back-door somewhere, but laughbly loads of people love Lenovo buisness laptops. I guess your only safe if your running something other than proprietary rubbish, it's always been in the drivers, hence GPU threaded cards have closed source drivers, but putting a SIM onto the actual CPU is going a little bit OTT. But I wouldnt mind laying my hands on one, just so I can chisel the chip off and replace it with something else whilst plugging the SIM into something unpleasent with lots of Porn and mounting it on a mag-mount and then discretely attaching it to a filth wagon.

I heard some kids on an estate did something similar years ago and put there Transciever on top of a Police station, so when they finally tracked down the source of all that drum & bass over-riding there radio, it was coming from the top of there own head-quaters. Solar panels and phones really are a marvel of the modern age.

If they're going to give everybody the keys to the Car they'll have to expect some Joy-Riders!

They've cured that problem nowadays though, because all there radios are now encrypted with - Weak-Encrypt-Protocol (WEP)

Thats why when your running Kismet with the GPS pluggin's enabled everytime a bobby walks past you'll see:

PATROL-78182293
PATROL-54738393
PATROL-37389229

Isnt it good that they tag there own personel 24/7 so when you think your slipping off for a sly dohnut and coffee thinking nobody will know about it, think again! (WEP && WPS) My god the level of technical expertise is stunning! An I can imagine the pep talk now, yes, we give you way's to know where your staff are all the time. They'll never know about it! Pfft, turn off the bloody GPS repeater & take out the battery, now you can have that much needed Fag break.

Arranged to meet the missus for 5 minutes whilst out walking around, don't worry they know..

"PC334 are you near the corner of such and such a street"

"Erm, no I'm still up the top of such and such road actually!"

Little note goes on file, tells "LIES" to Control, well gee whizz would you look at that, your career is over before you've even started! That must be why my last employer giving us all tri-band GSM Radio with a Camera loved me so much, first thing I alaways did, set the correct time, because they where always off time wise because the battery's where shagged and then disabled the GPRS. "Where are you?" Where do you think! Standing on a street corner freezing my balls off whilst your in some plush office next to the coffee machine, doing what you told me, selling your crap to an empty street!
What on God's green earth are you blathering on about?
Rockets are loud.
https://astro-pi.org

ladybug
Posts: 10
Joined: Sun Mar 30, 2014 3:33 pm

Re: Backdoors Everywhere

Tue Apr 01, 2014 7:22 pm

You mean you've never packet sniffed @ Jdb, my good god man your missing out on all the Fun!

It's KARMA - Metasploit and the unknowable way's of the TAO!

DECnet Lives - It's risen from the grave!

jdb
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 2093
Joined: Thu Jul 11, 2013 2:37 pm

Re: Backdoors Everywhere

Tue Apr 01, 2014 7:42 pm

Yes. Quite.

ladybug, as far as I can see in your posting history you have had nothing relating to Raspberry Pi.

Please refrain from making any more off-topic posts.
Rockets are loud.
https://astro-pi.org

Return to “Off topic discussion”