Really? https://blog.0xbadc0de.be/archives/155
Am 30.05.2014 17:21, schrieb Michael Cramer: > On a technicality, > > There has never been a demonstration of a vulnerability in Dual_EC_DRBG. > There are only allegations based on ties to the NSA. > > -Mike > > Sent from my iPhone > >> On May 30, 2014, at 11:09, "Chris Schmidt" >> <[email protected]> wrote: >> >> Regarding your final statement here, I seem to recall it being reported a >> little company called RSA allowed NSA backdooring and I¹m pretty sure they >> are far from Out-Of-Business. Claiming that giants like MS would go out of >> business if it got out that they were working with the NSA is completely >> naïve. >> >>> On 5/29/14, 4:13 PM, "Mike Cramer" <[email protected]> wrote: >>> >>> I think it¹s more important to have rational discussions. This isn¹t the >>> first time Microsoft has been Œrumored¹ to have backdoors in Windows for >>> the US Government. These rumors have been perpetuated for years. While I >>> don¹t know how long you¹ve been in the industry, it¹s something I recall >>> even being 14 years old and sitting on IRC and having people discuss. >>> >>> >>> >>> The reality now, just as then, is that these are unsubstantiated. >>> >>> >>> >>> A more apt description about the cooperation between the US Government >>> and Microsoft I think falls back onto our old pals ³Alice and Bob². I¹m >>> sure you may recall these names from any sort of discussion about PKI. >>> >>> >>> >>> What people seem to forget in all of these discussions is that Microsoft >>> is Bob. (Microsoft Bob? :P) >>> >>> >>> >>> No amount of encryption, protection, secret keying is going to protect >>> you when one party is going to hand over the information to 3rd parties >>> to review. >>> >>> >>> >>> Based on my Alice and Bob comment above, it¹s reasonable to assume that >>> the encryption itself is 100% fine, so as long as you believe that Bob >>> will never divulge the information you¹ve disclosed. >>> >>> >>> >>> Through all of these discussions surrounding Bitlocker across multiple >>> forums nobody has brought up the fact that Bitlocker in Windows 8 allows >>> you to store recovery key information in OneDrive/²The Cloud². Why bother >>> writing in backdoors to the software when the keys are readily available >>> with a warrant? >>> >>> >>> >>> There are a million and one ways to get access to the information and the >>> absolutely most difficult, most costly, and most potentially damaging is >>> the one people are jumping to first. >>> >>> >>> >>> If it were ever revealed that Microsoft purposefully weakened its >>> encryption systems to allow the NSA access to any Windows device, then it >>> would be the end of the organization. They¹re just not that dumb. >>> >>> >>> >>> Mike >>> >>> >>> >>> From: Justin Bull [mailto:[email protected]] >>> Sent: Thursday, May 29, 2014 18:02 >>> To: Mike Cramer >>> Cc: [email protected]; secuip >>> Subject: RE: [FD] TrueCrypt? >>> >>> >>> >>> Closed source and Microsoft is notoriously known to play ball with LEO >>> and government. It's an ill-fitting shoe. >>> >>> Sent from mobile. >>> >>> On May 29, 2014 5:47 PM, "Mike Cramer" <[email protected] >>> <mailto:[email protected]> > wrote: >>> >>> What is careless about recommending Bitlocker? >>> >>> -----Original Message----- >>> From: Fulldisclosure [mailto:[email protected] >>> <mailto:[email protected]> ] On Behalf Of Justin Bull >>> Sent: Thursday, May 29, 2014 17:18 >>> To: secuip >>> Cc: [email protected] <mailto:[email protected]> >>> Subject: Re: [FD] TrueCrypt? >>> >>> But why go out in that style? Why not be frank? Why be so careless as to >>> recommend BitLocker? >>> >>> The diff was meticulous but the website and comms were not. It doesn't >>> add up. >>> >>> Sent from mobile. >>> On May 29, 2014 5:13 PM, "secuip" <[email protected] <mailto:[email protected]> >>>> wrote: >>> >>>> http://krebsonsecurity.com/2014/05/true-goodbye-using- >>>> truecrypt-is-not-secure/comment-page-1/#comment-255908 >>>> >>>> >>>> Le 29/05/2014 22:51, uname -a a écrit : >>>> >>>>> There are several strange behaviors. >>>>> >>>>> Sitesource is not clean. Just a html that say take now Bitlocker or >>>>> other built-in tools of your OS !? >>>>> >>>>> New Keys got added to SF 3h before release of 7.2 happened. >>>>> >>>>> On SF the old versions got removed. For older Versions you've to >>>>> download them elsewhere (there are several sources available). >>>>> >>>>> Encryption, Help and all traces to truecrypt.org >>>>> <http://truecrypt.org> got removed in the >>>>> Programsource. >>>>> >>>>> No explanation for this anywhere. Just speculations. >>>>> >>>>> Truecrypt isn't available on the webarchive! >>>>> >>>>> The Wiki got editet massively. >>>>> >>>>> >>>>> >>>>> Am 29.05.2014 04:21, schrieb Anthony Fontanez: >>>>> >>>>>> I'm surprised I haven't seen any discussion about the recent issues >>>>>> with TrueCrypt. Links to current discussions follow. >>>>>> >>>>>> /r/sysadmin: http://www.reddit.com/r/sysadmin/comments/26pxol/ >>>>>> truecrypt_is_dead/ >>>>>> /r/netsec: http://www.reddit.com/r/netsec/comments/26pz9b/ >>>>>> truecrypt_development_has_ended_052814/ >>>>>> >>>>>> Thank you, >>>>>> >>>>>> Anthony Fontanez >>>>>> PC Systems Administrator >>>>>> Client Services - College of Liberal Arts Information & Technology >>>>>> Services, Enterprise Support Rochester Institute of Technology >>>>>> LBR-A290 >>>>>> 585-475-2208 <tel:585-475-2208> (office) >>>>>> [email protected] <mailto:[email protected]> <mailto:[email protected] >>>>>> <mailto:[email protected]> > >>>>>> >>>>>> Submit a request via email: [email protected] >>>>>> <mailto:[email protected]> <mailto:ser <mailto:ser> >>>>>> [email protected] <mailto:[email protected]> > Check the status of an >>>>>> active request: >>>>>> footprints.rit.edu <http://footprints.rit.edu> <https:// >>>>>> footprints.rit.edu/ <http://footprints.rit.edu/> > Manage your RIT >>>>>> account and computers: start.rit.edu <http://start.rit.edu> >>>>>> <https://start. >>>>>> rit.edu/ <http://rit.edu/> > >>>>>> >>>>>> CONFIDENTIALITY NOTE: The information transmitted, including >>>>>> attachments, is intended only for the person(s) or entity to which >>>>>> it is addressed and may contain confidential and/or privileged >>>>>> material. Any review, retransmission, dissemination or other use of, >>>>>> or taking of any action in reliance upon this information by persons >>>>>> or entities other than the intended recipient is prohibited. If you >>>>>> received this in error, please contact the sender and destroy any >>>>>> copies of this information. >>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Sent through the Full Disclosure mailing list >>>>>> http://nmap.org/mailman/listinfo/fulldisclosure >>>>>> Web Archives & RSS: http://seclists.org/fulldisclosure/ >>>>>> >>>>>> _______________________________________________ >>>>> Sent through the Full Disclosure mailing list >>>>> http://nmap.org/mailman/listinfo/fulldisclosure >>>>> Web Archives & RSS: http://seclists.org/fulldisclosure/ >>>> >>>> >>>> _______________________________________________ >>>> Sent through the Full Disclosure mailing list >>>> http://nmap.org/mailman/listinfo/fulldisclosure >>>> Web Archives & RSS: http://seclists.org/fulldisclosure/ >>> >>> _______________________________________________ >>> Sent through the Full Disclosure mailing list >>> http://nmap.org/mailman/listinfo/fulldisclosure >>> Web Archives & RSS: http://seclists.org/fulldisclosure/ >>> >>> >>> _______________________________________________ >>> Sent through the Full Disclosure mailing list >>> http://nmap.org/mailman/listinfo/fulldisclosure >>> Web Archives & RSS: http://seclists.org/fulldisclosure/ >> > > _______________________________________________ > Sent through the Full Disclosure mailing list > http://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ > _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
