Articles about backdoor

Crypto-gurus: Which idiots told the FBI that Feds-only backdoors in encryption are possible?

Four cryptography experts have backed a US Senator's campaign to force the FBI to explain how exactly a Feds-only backdoor can be added to strong and secure encryption. The four are: Stanford professor Martin Hellman, of Diffie-Hellman fame and who helped invent the foundations of today's crypto systems; Columbia professor and …
Kieren McCarthy, 14 Feb 2018

FBI says it can't unlock 8,000 encrypted devices, demands backdoors for America's 'public safety'

FBI Director Christopher Wray has picked up where he left off last year with a new call for backdoors in encryption exclusively for law enforcement. Speaking at the International Conference on Cyber Security in New York today, Wray complained that in the past year the Feds have seized 7,775 devices that they can't unlock and …
Iain Thomson, 9 Jan 2018
backdoor_648. Pic via Shutterstock

WordPress captcha plugin on 300,000 sites had a sneaky backdoor

WordFence are warning that the WordPress Captcha plugin, popular enough to get around 300,000 installations, should be replaced with the latest official WordPress version (4.4.5). To help admins, WordFence worked with the WordPress plugin team to patch pre-4.4.5 versions of the software; the code's developer has been blocked …

Oz government says UK's backdoor will be its not-a-backdoor model

The issue of lawful access to encrypted communications featured in Australia's news over the long weekend, but we're none the wiser to what our government has in mind beyond it being based on the UK Investigatory Powers Act. Both prime minister Malcolm Turnbull and attorney-general George Brandis took to the media to reiterate … kills adult section, claims government censorship

Online ads site has shut down all its adult categories claiming US government censorship. The decision was made the same day as a highly critical Congressional report [PDF] into the company and just hours before a Congressional hearing that lambasted it for profiting from child sex trafficking. According to the …
Kieren McCarthy, 11 Jan 2017
backdoor_648. Pic via Shutterstock

Windows PC spy nasty dormant for three years, mutates and resurfaces

Two new variants of some Windows spyware first discovered in 2013 have surfaced in targeted attacks, security firm Forcepoint warns. The new nasties – BigBoss and SillyGoose – are based on the three-year-old MM Core backdoor. MM Core spawned a spin-off named "StrangeLove" shortly after its discovery before mysteriously …
John Leyden, 5 Jan 2017
Photo by a katz /

FBI Director wants 'adult conversation' about backdooring encryption

FBI Director James Comey is gathering evidence so that in 2017 America can have an "adult" conversation about breaking encryption to make crimefighters' lives easier. Speaking at Tuesday's 2016 Symantec Government Symposium in Washington, Comey banged on about his obsession with strong cryptography causing criminals to "go …
Iain Thomson, 31 Aug 2016
John Brennan

Non-US encryption is 'theoretical,' claims CIA chief in backdoor debate

CIA director John Brennan told US senators they shouldn't worry about mandatory encryption backdoors hurting American businesses. And that's because, according to Brennan, there's no one else for people to turn to: if they don't want to use US-based technology because it's been forced to use weakened cryptography, they'll be …
Iain Thomson, 17 Jun 2016

Security real talk time: So what exactly do we mean by 'backdoor'?

Analysis If there's one thing we've learned from the Snowden revelations it's that when you're dealing with law enforcement and national security, words matter. Section 215 of the US Patriot Act, for example, noted that the NSA was allowed to seize any "tangible thing" that is "relevant" to an investigation. It decided that definition …

All-American Apple challenges US gov call for iOS 'backdoor'

Apple CEO Tim Cook has explained why his company will refuse to write custom iOS firmware to help the FBI decrypt an iPhone belonging to a mass murderer. A magistrate judge in California had ordered Apple to assist the FBI in decrypting an iDevice owned by one of the San Bernardino shooters. In response to this, Cook wrote an …
Bruce Schneier

Global crypto survey proves govt backdoors completely pointless

In 1999, when a fierce crypto war was raging between governments and developers, researchers undertook a global survey of available encryption products. Now security guru Bruce Schneier and other experts have repeated the exercise, and it spells bad news for those demanding backdoors in today's cryptography. The latest study …
Iain Thomson, 11 Feb 2016
Facepalm by  cc 2.0 attribution generic

Socat slams backdoor, sparks thrilling whodunit

Popular admin tool Socat has issued a patch for an error that's been in the code for 12 months and is so egregious some fear it could be a backdoor. The problem, revealed here, is simple: the Socat SSL implementation uses a non-prime number as its Diffie-Hellman p parameter. Socat is akin to the famous *nix cat command, but …

Thought you were safe from the Fortinet SSH backdoor? Think again

Fortinet has admitted that many more of its networking boxes have the SSH backdoor that was found hardcoded into FortiOS – with FortiSwitch, FortiAnalyzer and FortiCache all vulnerable. Last week, a Python script emerged that could allow anyone to get administrator-level access to some of Fortinet's firewall devices using …
Iain Thomson, 23 Jan 2016
Axelle Lemaire

French say 'Non, merci' to encryption backdoors

The French government has rejected an amendment to its forthcoming Digital Republic law that required backdoors in encryption systems. Axelle Lemaire, the Euro nation's digital affairs minister, shot down the amendment during the committee stage of the forthcoming omnibus digital bill, saying it would be counterproductive and …
Iain Thomson, 15 Jan 2016

Fortinet tries to explain weird SSH 'backdoor' discovered in firewalls

Enterprise security vendor Fortinet has attempted to explain why its FortiOS firewalls were shipped with hardcoded SSH logins. It appears Fortinet's engineers implemented their own method of authentication for logging-into FortiOS-powered devices, and the mechanism ultimately uses a secret passphrase. This code was reverse- …
Iain Thomson, 12 Jan 2016

Cisco probes self for Juniper-style backdoors, silently mouths: 'We're doing this for yooou'

In the wake of the Juniper firewall backdoor scandal, Cisco is reviewing its source code to make sure there are no similar nasty surprises lurking within. "Our development practices specifically prohibit any intentional behaviors or product features designed to allow unauthorized device or network access, exposure of sensitive …
Iain Thomson, 22 Dec 2015

How to log into any backdoored Juniper firewall – hard-coded password published

The access-all-areas backdoor password hidden in some Juniper Networks' Netscreen firewalls has been published. Last week it was revealed that some builds of the devices' ScreenOS firmware suffer from two severe security weaknesses: one allows devices to be commandeered over SSH and Telnet, and the other allows encrypted VPN …
Iain Thomson, 21 Dec 2015

Top FBI lawyer: You win, we've given up on encryption backdoors

After spending months pressuring tech companies to add backdoors into their encryption software, the FBI says it has given up on the idea. Speaking at a conference in Boston on Wednesday, the bureau's general counsel James Baker even used the term that has been repeatedly used to undermine the FBI's argument: magical thinking …

Create a news alert about backdoor, or find more stories about backdoor.

Biting the hand that feeds IT © 1998–2018