Announcement

**Tuberski** · December 15, 2010, 11:32

Originally posted by Asher View Post

Because of code obfuscation. A programmer who knows what he's doing can make seemingly innocuous code have very, very non-obvious side-effects.

How many programmers can figure out what this does (disassembling the compiled result doesn't count):

Additionally, quite simply: if all of the effects of code were known, we'd not have any bugs. What looks like normal code could very well have bugs, or security problems. It's the same reason code that's 20+ years old with tens of thousands of eyes that've looked upon it can still have (unintentional) security vulnerabilities. In this case, the FBI allegedly inserted an INTENTIONAL vulnerability that only they knew about.

That only they, and the programmers that actually inserted them, knew about. If this thing is true, why don't the people with the NDAs, which are now expired, correct all the backdoors that they put in?

ACK!

**Asher** · December 15, 2010, 11:33

Originally posted by Tuberski View Post

That only they, and the programmers that actually inserted them, knew about. If this thing is true, why don't the people with the NDAs, which are now expired, correct all the backdoors that they put in?

ACK!

Why do you think he contacted the maintainer of the project?

He hasn't worked on it in 10 years, and these implementations are VERY complicated pieces of software. You don't just go in there without a clue how it works and start yanking out code.

**Tuberski** · December 15, 2010, 11:36

If he doesn't know how it works, how could he have helped put them in? If he didn't help put them in why the **** would he need an NDA?

ACK!

**Asher** · December 15, 2010, 11:38

Originally posted by Tuberski View Post

If he doesn't know how it works, how could he have helped put them in? If he didn't help put them in why the **** would he need an NDA?

ACK!

Knowledge of systems that you worked on 10 years ago does not necessarily apply now. There's tons of code churn in projects like this, especially over 10 years. It's highly likely that he would barely recognize it now due to all of the changes, in addition to being 10 years...

**Asher** · December 15, 2010, 11:39

Also, PS: The OP clearly indicates that the guy was not a programmer, but a CTO. He identifies the programmers who were responsible. He didn't add them himself.

**Asher** · December 15, 2010, 11:41

This also very much explains why his project mysteriously lost its DARPA funding (worth millions of dollars) shortly after these backdoors were added.

**Hauldren Collider** · December 15, 2010, 11:42

Some guy in the thread pointed out that if the NDA expired you could just file an FOIA request to know for sure whether this actually happened.

There is still a distinct possibility this guy is just making crap up. Although I stand by my opinion that the government is perfectly within its rights and authority to do this.

**Asher** · December 15, 2010, 11:43

The current scuttlebut is the backdoor was very subtle differences that would leak the details of the key being used, "such as taking slightly longer if a bit is a 1 instead of a 0"

Another reason why you should not be surprised there wasn't a section of code saying "HEY! BACKDOOR IS HERE!"

**Asher** · December 15, 2010, 11:44

Originally posted by Hauldren Collider View Post

Some guy in the thread pointed out that if the NDA expired you could just file an FOIA request to know for sure whether this actually happened.

There is still a distinct possibility this guy is just making crap up. Although I stand by my opinion that the government is perfectly within its rights and authority to do this.

What kind of rational person would assume he's making this up?

Please provide your rational reasons, not your irrational love of authority and obedience to your government.

All possible rational reasons point to him telling the truth. He's no reason to lie.

**Hauldren Collider** · December 15, 2010, 11:45

you still have not proven the backdoor actually exists, and everything you are saying is essentially hearsay. So not only are you wrong to kvetch about the principal, you are also speculating on the facts.

How could you possibly know enough about this guy to assume he has no reason to lie?

**Tuberski** · December 15, 2010, 11:46

Very convenient for the guy claiming there are backdoors, no?

I'm not saying he's a kook or anything, but I think I'll wait for corroboration before I drink the Kool=Aid.

ACK!

**Asher** · December 15, 2010, 11:47

Originally posted by Hauldren Collider View Post

you still have not proven the backdoor actually exists, and everything you are saying is essentially hearsay. So not only are you wrong to kvetch about the principal, you are also speculating on the facts.

Oh, what ****ing weaksauce.

It's not been found yet, because this just happened and it's OBVIOUSLY not an obvious hole.

This thread is PREDICATED on the assumption that this is TRUE, because otherwise WE WOULD NOT BE ABLE TO DISCUSS ANYTHING.

Now that I've unfortunately had to state the obvious, where are your real arguments?

**Asher** · December 15, 2010, 11:48

Originally posted by Tuberski View Post

Very convenient for the guy claiming there are backdoors, no?

Uh. What?

This guy hasn't had anything to do with that industry for ten years. He has nothing to gain or lose by this allegation except clearing his conscience.

He's also not some cook, he's a professional and a businessman -- he's been a CTO/CEO for over a decade in various companies.

**Hauldren Collider** · December 15, 2010, 11:49

My argument is that your *****ing is pathetic. You're whining about things that benevolent, free governments have done since time immemorial and you don't even know for sure if the government did what you accuse.

**Asher** · December 15, 2010, 11:53

Originally posted by Hauldren Collider View Post

My argument is that your *****ing is pathetic.

It's not pathetic to be wary of the US government allegedly inserting security vulnerabilities and backdoors into security-oriented software.

It IS, however, pathetic for someone to wave their hands and say "nothing to see here!" just because you're young enough to have absolute faith in the government...

You're whining about things that benevolent, free governments have done since time immemorial and you don't even know for sure if the government did what you accuse.

Benevolent governments don't actively try to make legal, secure devices fundamentally insecure for their use (and potentially ANY use). Benevolent governments don't grope old ladies at security checkpoints, either.

Announcement

Welcome to the US government. How can we secretly piss you off today?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment