Entry 16458 (Berkeley CSUA MOTD)

Berkeley CSUA MOTD:Entry 16458

WIKI \| FAQ \| Tech FAQ
`http://csua.com/feed/`

2025/05/25 [General] UID:1000 Activity:popular

5/25

1999/9/3-5 [Computer/SW/Security] UID:16458 Activity:moderate

9/3     They're out there watching you:
        http://www.cnn.com/TECH/computing/9909/03/windows.nsa
        \_ Either MS was trying to please the DOJ to ease itself from the
           antitrust case, or it was simple an unintentional bug.
           \_ UNINTENTIONAL BUG? Jeeez, how stupid are you?
              WHy do you think microsoft "easily" got through various
              crypto regulations, when everyone else is fighting
              nasty battles?
           \_ Hey, fuckhead: don't go selectively erasing replies.
              Particularly, on-topic, and ACCURATE replies.
              To repeat:
              How the hell can it be "unintentional".. you don't
              "accidentally" distribute something with an additional
              key that can unlock everything. It was deliberately
              put in. Anyone with a CLUE would realise this was to
              get NSA/government approval for their crypto API stuff.
              In fact, anyone with a clue would have realized this
              the minute they heard that MS got their crypto API
              'approved' a year ago or whatever. EXPORTABLE.
              This violates ITAR, without a back door!
        \_ see also http://www.cryptonym.com/hottopics/msft-nsa.html
           What I'm wondering is what MSFT gets in return?  Think they cut
           some deal with our buddies in the NSA?
        \_ it's all about th "__NSAKEY" reference
        \_ Read some of the rank 5 posts on /. for clue which you won't find
           here.

2025/05/25 [General] UID:1000 Activity:popular

5/25

You may also be interested in these entries...

2013/6/6-7/31 [Politics/Foreign/Asia/China, Computer/SW/Security] UID:54690 Activity:nil

6/6     Wow, NSA rocks. Who would have thought they had access to major
        data exchangers? I have much more respect for government workers,
        crypto experts, mathematicans now than ever.
        \_ flea to Hong Kong --> best dim-sum in the world
           \_ "flee"
        \_ The dumb ones work for DMV, the smart ones for the NSA. If you
	...

2012/8/26-11/7 [Computer/SW/Security] UID:54465 Activity:nil

8/26    Poll: how many of you pub/priv key users: 1) use private keys that
        are not password protected 2) password protect your private keys
        but don't use ssh-agent 3) use ssh-agent:
        1) .
        2) ..
        3) ...
	...

2012/8/7-10/17 [Computer/SW/Security] UID:54455 Activity:nil

8/6     Amazon and Apple have lame security policies:
        http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all
        "First you call Amazon and tell them you are the account holder, and
         want to add a credit card number to the account. All you need is the
         name on the account, an associated e-mail address, and the billing
         address. "
	...

2012/7/18-8/19 [Health/Men, Computer/SW/Security] UID:54438 Activity:nil

7/18    "Largest penis record holder arouses security suspicions at airport"
        http://www.csua.org/u/x2f (in.news.yahoo.com)
        \_ I often have that same problem.
        \_ I think the headline writer had some fun with that one.
           \_ One time when I glanced over a Yahoo News headline "U.S. busts
              largest-ever identity theft ring" all I saw was "U.S. busts
	...

2012/4/23-6/1 [Computer/SW/WWW/Browsers] UID:54360 Activity:nil

4/19    My Firefox 3.6.28 pops up a Software Update box that reads "Your
        version of Firefox will soon be vulnerable to online attacks."  Are
        they planning to turn off some security feature in my version of
        Firefox?
        \_ Not as such, no, but they're no longer developing this version,
           so if a 3.6.x-targeted hack shows up, you're not going to get
	...

2011/11/8-30 [Computer/SW/Security, Computer/SW/OS/Windows] UID:54218 Activity:nil

11/8    ObM$Sucks
        http://technet.microsoft.com/en-us/security/bulletin/ms11-083
        \_ How is this different from the hundreds of other M$ security
           vulnerabilities that people have been finding?
           \_ "The vulnerability could allow remote code execution if an
               attacker sends a continuous flow of specially crafted UDP
	...

2011/11/11-30 [Computer/SW/Security] UID:54224 Activity:nil

11/11   MacOSX's Sandbox security hole:
        http://preview.tinyurl.com/7ph2wtg [arstechnica]
	...

Cache (1750 bytes)

www.cnn.com/TECH/computing/9909/03/windows.nsa -> www.cnn.com/TECH/computing/9909/03/windows.nsa/BUSINESS 10 SPORTS * 11 TECHNOLOGY 12 computing 13 personal technology 14 SPACE 15 HEALTH 16 ENTERTAINMENT 17 BOOKS 18 TRAVEL 19 FOOD 20 ARTS & STYLE 21 NATURE 22 IN-DEPTH 23 ANALYSIS 24 myCNN 25 Headline News brief 26 news quiz 27 daily almanac MULTIMEDIA: 28 video 29 video archive 30 audio 31 multimedia showcase 32 more services E-MAIL: Subscribe to one of our news e-mail lists. Enter your address: Or: 33 Get a free e-mail account 34 E-MAIL DISCUSSION: 35 message boards 36 chat 37 feedback CNN WEB SITES: 38 CNN Websites 39 AsiaNow 40 En Espaol 41 Em Portugus 42 Svenska 43 Norge 44 Danmark 45 Italian FASTER ACCESS: 46 europe 47 japan TIME INC. EDT (1806 GMT) (CNN) -- A cryptography expert says that Microsoft operating systems include a back door that allows the National Security Agency to enter systems using one of the operating system versions. The chief scientist at an Internet security company reported the flaw at a recent conference in Santa Barbara where he discussed a "key" entrance into the cryptographic standard used in Microsoft Windows products. That includes Windows 95, Windows 98, Windows NT4 and Windows2000. Fernandes works for Cryptonym, a company based in Ontario. The press release states "the second belongs to the NSA. Goldberg was among a few dozen people in the audience at the conference when Fernandes dropped his bomb. The session occurred just before midnight so no one saw it coming, he said, but the audience was shocked. Zero-Knowledge Systems is about to release a security product built specially to make such security flaws impossible, he said. It is unclear why or if Microsoft cooperated with the NSA on the key to its "CryptoAPI," the standard interface to its cryptography services, Goldberg said.