Mastodawn

Show thread

Kevin Karhan

Jan 25

@GossiTheDog Obviously this is nothing new, as #Microsoft's #CryptoAPI is so #backdoored that it's basically #Govware.

Whoever believed #CensorBoot & #BitLocker ever were secure needs to be banned from doing #IT, because it never has been and that was oretty obvious.
- Cuz #CloudAct exists for quite a while, and not having exclusive #SelfCustody means it violates #KerckhoffsPrinciple.

I'll be collecting apologies once the next #ToldYaSo hits.

My money is on @signalapp / #Signal cuz @Mer__edith won't face lifetime in jail for non-paying users - not even paid VPNs would do that!

thaddeus e. grugq on Twitter

“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”

Twitter

Show thread

Kevin Karhan

Jan 24

@ann3nova sadly this is nothing new.

The entire #CryptoAPI of #Windows is #backdoored for decades and #CensorBoot merely exists to prevent #Linux adoption and #DualBoot from working!

Show thread

Kevin Karhan

Jan 24

@Xeniax OFC #CensorBoot never was about #Security and #Microsoft having #Govware - #Backdoors in their #CryptoAPI is nothing new.

Just glad to have them admit publicly that they don't give a fuck about #Windows #security or #orivacy!

If this doesn't disqualify Windows & Microsoft in general then those who made that decision should be fired.

Simply because there's no legitimate reason for them to have this kind of #Backdoor!

The only secure #encryption is #FLOSS with #SelfCustody of all the keys…

And Windows is just #malware… #BitLocker having a #GoldenKey is just yet another piece of evidence after #GoldenKeyBoot...

#USpol #cyherfascism #CloudAct #GAFAMs

GitHub - kkarhan/windows-ca-backdoor-fix: Fixes a critical backdoor in Windows' CryptoAPI, which allows to unconsenting Update of CA Certificates in the background. See https://www.heise.de/ct/ausgabe/2013-17-Zweifelhafte-Updates-gefaehrden-SSL-Verschluesselung-2317589.html

Fixes a critical backdoor in Windows' CryptoAPI, which allows to unconsenting Update of CA Certificates in the background. See https://www.heise.de/ct/ausgabe/2013-17-Zweifelhafte-Updates-gefae...

GitHub

Reddit Tech VN Bot Dec 22

Chúc mừng lần đầu tiên đạt doanh thu 40,99€ từ dự án API dữ liệu crypto của tôi - giá 85% rẻ hơn các đối thủ! Hy vọng truyền cảm hứng cho những người đam mê công nghệ và khởi nghiệp. #CryptoAPI #SideProject #Startup #DoanhThuTrongBán #CôngNghệFinTech

https://www.reddit.com/r/SideProject/comments/1pszm9h/my_first_4099_in_revenue_i_built_a_crypto_data/

Kevin Karhan

Nov 26

@necrosis unter #WindowsXP & #Windows7 gab's nur #CryptoAPI - #Backdoors…

Show thread

Kevin Karhan

Aug 17, 2025

@froge @mozilla_support THIS is where #NSS does indeed differenciate from most encryption, as it comes with it's own #CA infrastructure.

This is why #Frefox, #Thunderbird & #TorBrowser are not vulnerable to the #CryptoAPI #Backdoor in #Windows!

https://web.archive.org/web/20160507122657/https://www.heise.de/ct/ausgabe/2013-17-Zweifelhafte-Updates-gefaehrden-SSL-Verschluesselung-2317589.html
https://github.com/kkarhan/windows-ca-backdoor-fix

Zweifelhafte Updates gefährden SSL-Verschlüsselung

Was macht Windows, wenn es auf ein Verschlüsselungszertifikat trifft, dessen Echtheit es nicht überprüfen kann? Es schlägt nicht etwa Alarm, sondern fragt bei Microsoft…

c't

Show thread

Kevin Karhan

Jul 15, 2025

@briankrebs That explains all the shite I've seen, incl. the #CryptoAPI #backdoor in #Windows itself...

https://github.com/kkarhan/windows-ca-backdoor-fix

GitHub - kkarhan/windows-ca-backdoor-fix: Fixes a critical backdoor in Windows' CryptoAPI, which allows to unconsenting Update of CA Certificates in the background. See https://www.heise.de/ct/ausgabe/2013-17-Zweifelhafte-Updates-gefaehrden-SSL-Verschluesselung-2317589.html

Fixes a critical backdoor in Windows' CryptoAPI, which allows to unconsenting Update of CA Certificates in the background. See https://www.heise.de/ct/ausgabe/2013-17-Zweifelhafte-Updates-gefae...

GitHub

Show thread

Kevin Karhan

Jul 9, 2025

@iX_Magazin #Windows ist inhärent unfixbar unsicher...

Siehe #CryptoAPI - #Backdoor!

Show thread

Kevin Karhan

Jul 1, 2025

@euroinfosec which doesn't matter when they literally #backdoor the #CryptoAPI and integrate #Govware like #Recall!

http://github.com/kkarhan/windows-ca-backdoor-fix

GitHub - kkarhan/windows-ca-backdoor-fix: Fixes a critical backdoor in Windows' CryptoAPI, which allows to unconsenting Update of CA Certificates in the background. See https://www.heise.de/ct/ausgabe/2013-17-Zweifelhafte-Updates-gefaehrden-SSL-Verschluesselung-2317589.html

Fixes a critical backdoor in Windows' CryptoAPI, which allows to unconsenting Update of CA Certificates in the background. See https://www.heise.de/ct/ausgabe/2013-17-Zweifelhafte-Updates-gefae...

GitHub

Kevin Karhan

Jun 17, 2025

@cR0w too many.

Jist like there are way too many applications suceptible to the #CryptoAPI #backdoor of #Windows.

http://github.com/kkarhan/windows-ca-backdoor-fix

So far testing by @ct_Magazin / @heiseonline (and myseof later on) revealed only few #Apps not vulnerable to this specifics #Govware:

#Firefox (uses @Mozilla / @mozilla_support / #Mozilla #NSS & has it's own #SSL certificate storage)
@thunderbird (Mozilla NSS)
@torproject / #TorBrowser (Mozilla NSS; custom certificates)
#curl (uses @bagder #WolfSSL and manages it's own certs)

Anything else that uses the CryptoAPI is, espechally *all #Chromium-Forks (aka. All Browsers except Firefox, Tor Browser, #dillo, #LynxBrowser…)

GitHub - kkarhan/windows-ca-backdoor-fix: Fixes a critical backdoor in Windows' CryptoAPI, which allows to unconsenting Update of CA Certificates in the background. See https://www.heise.de/ct/ausgabe/2013-17-Zweifelhafte-Updates-gefaehrden-SSL-Verschluesselung-2317589.html

Fixes a critical backdoor in Windows' CryptoAPI, which allows to unconsenting Update of CA Certificates in the background. See https://www.heise.de/ct/ausgabe/2013-17-Zweifelhafte-Updates-gefae...

GitHub