Cody  Apr 8, 2024
Windows: Literally gets backdoors injected in by the FBI and distributed to every single copy being executed in production in every system on the planet, and they're not only not removed, but INTENTIONALLY ALLOWED FOR YEARS nothing happens, everyone just continues to use Windows.
Linux: little cheeky mf commits a backdoor, gets removed before it even makes it to production it's the fucking end of the world, open source software is doomed etc etc...
Show threadWillow Brook 💜Apr 8, 2024
@cody I imagine it's cuz they didn't know how it worked. Windows back door is managed vuln.
Show threadCody  Apr 8, 2024
@Paradox Yeah managed by Microsoft lol
Show threadWillow Brook 💜
@cody Managed by somebody (especially a megacorp) is my point. They're scared of something they can't reliably deal with.
Apr 8, 2024 at 11:28pmWeb
Show threadCody  Apr 8, 2024
@Paradox My point is you can't really deal with microsoft backdoors either. It don't matter who manages it, a backdoor is a backdoor. It's just as dangerous if not more, because if it's managed by some random guy, he probably will at most destroy your computer. If it's managed by the FBI, they might destroy your life.
Show threadWillow Brook 💜Apr 8, 2024
@cody Has nobody tried to exploit the Windows backdoor?
Show threadCody  Apr 8, 2024
@Paradox Well it was patched. We don't know of any that are active right now, but you might want to check out why Eduard Snowden is in prison and stuff... These are not backdoors that are voluntarily made public exactly... And since it's closed source, it's MUCH harder to detect them. That's the worst part.

Edit: Edward* Snowden is not in prison im stupid, meant why he's famous.
Show threadWillow Brook 💜Apr 9, 2024
@cody Oh, so these are proprietary backdoors and they're hoping nobody snitches. And then Eddie did and they told him to go fuck himself in the strongest possible terms. I knew he was an expat cuz of being a whistleblower, but I never looked into what whistle it was.
Show threadKevin Karhan Apr 9, 2024
@Paradox @cody there are way more thn just #_NSAKEY tho...
https://infosec.space/@kkarhan/112242593461847268
Kevin Karhan :verified: (@[email protected])

@[email protected] @[email protected] the #CryptoAPI - #backdoor is still exploitable to this day... In fact, #WindowsUpdate to this day backrolls it into an *exploitable* state... http://github.com/kkarhan/windows-ca-backdoor-fix Shit like this is why I refuse to use #Windows because otherwise I may be liable due to *"criminally gnross neglect"* as I evidently *"knew about the scope and type of risks"*... https://infosec.space/@kkarhan/112242578307217182

Infosec.Space
Show threadKevin Karhan Apr 9, 2024

@Paradox @cody the #CryptoAPI - #backdoor is still exploitable to this day...

In fact, #WindowsUpdate to this day backrolls it into an exploitable state...
http://github.com/kkarhan/windows-ca-backdoor-fix

Shit like this is why I refuse to use #Windows because otherwise I may be liable due to "criminally gnross neglect" as I evidently "knew about the scope and type of risks"...

https://infosec.space/@kkarhan/112242578307217182

GitHub - kkarhan/windows-ca-backdoor-fix: Fixes a critical backdoor in Windows' CryptoAPI, which allows to unconsenting Update of CA Certificates in the background. See https://www.heise.de/ct/ausgabe/2013-17-Zweifelhafte-Updates-gefaehrden-SSL-Verschluesselung-2317589.html

Fixes a critical backdoor in Windows' CryptoAPI, which allows to unconsenting Update of CA Certificates in the background. See https://www.heise.de/ct/ausgabe/2013-17-Zweifelhafte-Updates-gefae...

GitHub