Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I will personally pay you twenty thousand US dollars (in the cryptocurrency of your choice, bank transfer, western union, whatever) if you can prove beyond reasonable doubt that Microsoft has ever secretly shipped a backdoor in their OS so government agencies could spy on their users.

Perhaps you will be the first person to actually prove the existence of the NSAKEY backdoor? (I doubt it.)



Why would this even be necessary to prove? At least for me that's not required, NSA_KEY plus Snowden leaks are enough. Microsoft is known to have no problems cooperating with governments requests, or how do you think they can operate all their services in China?

Any hard evidence for such a backdoor wouldn't really change anything towards Microsoft for me.


They don't need a backdoor anymore. Microsoft now routinely collects your data and pushes mandatory updates through the front door.


You might be right and there is no backdoor that was intentionally implemented. Although, numerous leaks do show that neither are always law-abiding saints, so a backdoor might not be too far fetched. From what I've heard (I may be wrong since I'm not from US), US company is not allowed to publicly disclose requests from NSA, so proving it would be very difficult.


I strongly believe that there’s just no point in backdooring Windows, this is complicated software with extremely large attack surface.

We’ve seen NSAs incredibly cool 0day exploits leak, we’ve seen some of their backdoors exposed, but so far there hasn’t been anything indicating a desire to backdoor Windows itself.


What about this old NSA backdoor? https://en.wikipedia.org/wiki/Dual_EC_DRBG

If MS or Apple or Google or some hardware makers or some communication equipment makers have some backdoors for NSA, why would you think they would do such a poor job that anyone can pay $20k to prove it?


I feel like convincing the world to use your backdoored encryption algorithms is a bit more interesting than planting yet another RCE bug in Windows.


Who needs a backdoor when you can just exploit the print spooler from 1999???


Exactly!


Is that $20,000 just for proof or also showing the method?


For example: I’d be very curious to learn about the actual mechanism by which the supposed “_NSAKEY backdoor” would work. I’m not interested in the private key if that’s what you mean by method :)

AFAICT it doesn’t, you can’t hit those code paths unless you already have access to the machine.

(This is a pretty unfair example though, _NSAKEY is the “Bush did 9/11” of backdoors.)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: