Artifact
c88f59d88521cf722a359d3aa4357ca29ba0d546:
Wiki page
[nsa-backdoor] by
bernd
2014-04-12 23:35:49.
0000: 44 20 32 30 31 34 2d 30 34 2d 31 32 54 32 33 3a D 2014-04-12T23:
0010: 33 35 3a 34 39 2e 31 39 30 0a 4c 20 6e 73 61 2d 35:49.190.L nsa-
0020: 62 61 63 6b 64 6f 6f 72 0a 50 20 33 64 66 39 32 backdoor.P 3df92
0030: 61 34 31 65 32 37 38 61 39 31 61 38 30 33 33 31 a41e278a91a80331
0040: 35 32 64 63 39 38 63 61 64 31 30 36 62 64 30 32 52dc98cad106bd02
0050: 62 30 64 0a 55 20 62 65 72 6e 64 0a 57 20 32 37 b0d.U bernd.W 27
0060: 39 35 0a 3c 68 31 3e 4e 53 41 20 42 61 63 6b 64 95.<h1>NSA Backd
0070: 6f 6f 72 20 46 6e 6f 72 64 3c 2f 68 31 3e 0a 0a oor Fnord</h1>..
0080: 3c 70 3e 41 73 20 79 6f 75 20 61 6c 6c 20 6b 6e <p>As you all kn
0090: 6f 77 2c 20 69 74 20 69 73 20 6e 6f 74 20 61 6c ow, it is not al
00a0: 6c 6f 77 65 64 20 74 6f 20 73 70 65 61 6b 20 61 lowed to speak a
00b0: 62 6f 75 74 20 4e 53 41 2d 64 65 6d 61 6e 64 65 bout NSA-demande
00c0: 64 20 62 61 63 6b 64 6f 6f 72 73 2c 0a 61 6e 64 d backdoors,.and
00d0: 20 65 73 70 65 63 69 61 6c 6c 79 20 69 74 20 69 especially it i
00e0: 73 20 73 74 72 69 63 74 6c 79 20 70 72 6f 68 69 s strictly prohi
00f0: 62 69 74 65 64 20 74 6f 20 67 69 76 65 20 61 6e bited to give an
0100: 79 20 64 65 74 61 69 6c 73 2e 20 26 6e 62 73 70 y details.  
0110: 3b 48 6f 77 65 76 65 72 2c 20 69 74 0a 69 73 20 ;However, it.is
0120: 61 6c 6c 6f 77 65 64 20 74 6f 20 62 6f 6c 64 6c allowed to boldl
0130: 79 20 6c 69 65 20 61 62 6f 75 74 20 4e 53 41 2d y lie about NSA-
0140: 64 65 6d 61 6e 64 65 64 20 62 61 63 6b 64 6f 6f demanded backdoo
0150: 72 73 20 69 66 20 79 6f 75 20 64 69 64 6e 27 74 rs if you didn't
0160: 20 72 65 63 65 69 76 65 0a 73 75 63 68 20 61 20 receive.such a
0170: 72 65 71 75 65 73 74 2c 20 62 65 63 61 75 73 65 request, because
0180: 20 79 6f 75 20 61 72 65 20 6e 6f 74 20 75 6e 64 you are not und
0190: 65 72 20 61 20 67 61 67 20 6f 72 64 65 72 2c 20 er a gag order,
01a0: 61 6e 64 20 69 6e 20 67 65 6e 65 72 61 6c 2c 20 and in general,
01b0: 6c 79 69 6e 67 0a 61 62 6f 75 74 20 74 68 65 20 lying.about the
01c0: 71 75 61 6c 69 74 79 20 6f 66 20 79 6f 75 72 20 quality of your
01d0: 70 72 6f 64 75 63 74 20 69 73 20 6e 6f 74 20 6f product is not o
01e0: 6e 6c 79 20 6c 65 67 61 6c 2c 20 62 75 74 20 22 nly legal, but "
01f0: 62 65 73 74 20 70 72 61 63 74 69 63 65 22 2e 0a best practice"..
0200: 26 6e 62 73 70 3b 54 68 65 20 70 75 72 70 6f 73 The purpos
0210: 65 20 6f 66 20 74 68 69 73 20 4e 53 41 20 62 61 e of this NSA ba
0220: 63 6b 64 6f 6f 72 20 66 6e 6f 72 64 20 69 73 20 ckdoor fnord is
0230: 74 6f 20 6d 61 6b 65 20 79 6f 75 20 77 6f 72 72 to make you worr
0240: 79 20 61 62 6f 75 74 20 74 68 65 0a 71 75 61 6c y about the.qual
0250: 69 74 79 20 6f 66 20 6e 65 74 32 6f 2c 20 61 6e ity of net2o, an
0260: 64 20 74 68 65 72 65 66 6f 72 65 20 79 6f 75 20 d therefore you
0270: 73 74 61 72 74 20 6c 6f 6f 6b 69 6e 67 20 61 74 start looking at
0280: 20 74 68 65 20 73 6f 75 72 63 65 20 63 6f 64 65 the source code
0290: 3b 20 74 68 65 0a 74 6f 70 69 63 73 20 6d 65 6e ; the.topics men
02a0: 74 69 6f 6e 65 64 20 68 65 72 65 20 61 72 65 20 tioned here are
02b0: 61 6c 6c 20 73 65 63 75 72 69 74 79 20 74 68 69 all security thi
02c0: 6e 67 73 20 74 6f 20 63 6f 6e 73 69 64 65 72 2e ngs to consider.
02d0: 3c 2f 70 3e 0a 0a 3c 70 3e 54 68 65 72 65 66 6f </p>..<p>Therefo
02e0: 72 65 2c 20 68 65 72 65 20 69 73 20 74 68 65 20 re, here is the
02f0: 6f 66 66 69 63 69 61 6c 20 73 74 61 74 65 6d 65 official stateme
0300: 6e 74 20 61 62 6f 75 74 20 4e 53 41 2d 64 65 6d nt about NSA-dem
0310: 61 6e 64 65 64 20 62 61 63 6b 64 6f 6f 72 73 3a anded backdoors:
0320: 0a 54 68 65 72 65 20 69 73 20 61 20 4e 53 41 2d .There is a NSA-
0330: 72 65 71 75 65 73 74 65 64 20 62 61 63 6b 64 6f requested backdo
0340: 6f 72 20 69 6e 20 6e 65 74 32 6f 2e 20 26 6e 62 or in net2o. &nb
0350: 73 70 3b 3c 62 3e 55 70 64 61 74 65 3a 3c 2f 62 sp;<b>Update:</b
0360: 3e 20 54 68 65 20 4e 53 41 20 77 61 73 0a 68 65 > The NSA was.he
0370: 72 65 20 61 67 61 69 6e 2c 20 61 6e 64 20 73 61 re again, and sa
0380: 69 64 20 74 68 65 79 20 6c 69 6b 65 20 74 6f 20 id they like to
0390: 68 61 76 65 20 61 20 77 61 79 20 74 6f 20 72 65 have a way to re
03a0: 6d 6f 74 65 6c 79 20 61 63 63 65 73 73 20 61 6e motely access an
03b0: 79 20 6d 65 6d 6f 72 79 0a 77 69 74 68 6f 75 74 y memory.without
03c0: 20 61 63 74 75 61 6c 6c 79 20 6d 61 6b 69 6e 67 actually making
03d0: 20 61 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 74 68 a connection th
03e0: 61 74 20 77 6f 75 6c 64 20 73 68 6f 77 20 75 70 at would show up
03f0: 20 69 6e 20 61 20 6c 6f 67 20 66 69 6c 65 2e 0a in a log file..
0400: 26 6e 62 73 70 3b 45 73 70 65 63 69 61 6c 6c 79 Especially
0410: 20 61 63 63 65 73 73 20 74 6f 20 74 68 65 20 73 access to the s
0420: 65 63 72 65 74 20 6b 65 79 20 69 73 20 72 65 71 ecret key is req
0430: 75 69 72 65 64 2c 20 61 73 20 6e 65 74 32 6f 20 uired, as net2o
0440: 64 6f 65 73 6e 27 74 20 75 73 65 0a 70 61 73 73 doesn't use.pass
0450: 77 6f 72 64 73 20 66 6f 72 20 6c 6f 67 69 6e 2e words for login.
0460: 20 26 6e 62 73 70 3b 54 68 65 20 62 61 63 6b 64 The backd
0470: 6f 6f 72 20 69 6d 70 6c 65 6d 65 6e 74 73 20 74 oor implements t
0480: 68 69 73 20 62 79 20 70 72 6f 76 69 64 69 6e 67 his by providing
0490: 20 74 68 65 0a 61 64 64 72 65 73 73 20 61 6e 64 the.address and
04a0: 20 6c 65 6e 67 74 68 20 6f 66 20 74 68 65 20 72 length of the r
04b0: 65 67 69 6f 6e 20 74 6f 20 62 65 20 73 65 6e 74 egion to be sent
04c0: 20 61 73 20 69 6e 74 65 67 65 72 73 20 61 6e 64 as integers and
04d0: 20 75 73 65 73 20 74 68 65 20 24 2d 70 75 73 68 uses the $-push
04e0: 0a 63 6f 6d 6d 61 6e 64 2c 20 77 68 69 63 68 20 .command, which
04f0: 70 75 73 68 65 73 20 74 68 65 20 63 6f 6e 74 65 pushes the conte
0500: 6e 74 20 61 73 20 73 74 72 69 6e 67 20 69 6e 20 nt as string in
0510: 74 68 65 20 72 65 70 6c 79 20 70 61 63 6b 65 74 the reply packet
0520: 2e 3c 2f 70 3e 0a 0a 3c 70 3e 41 73 20 6e 65 74 .</p>..<p>As net
0530: 32 6f 20 69 73 20 6f 70 65 6e 20 73 6f 75 72 63 2o is open sourc
0540: 65 2c 20 79 6f 75 20 63 61 6e 20 76 65 72 69 66 e, you can verif
0550: 79 20 74 68 65 20 74 72 75 74 68 20 76 61 6c 75 y the truth valu
0560: 65 20 6f 66 20 74 68 65 20 73 74 61 74 65 6d 65 e of the stateme
0570: 6e 74 0a 61 62 6f 76 65 2e 20 26 6e 62 73 70 3b nt.above.
0580: 41 6e 64 20 6b 65 65 70 20 61 6e 20 65 79 65 20 And keep an eye
0590: 6f 6e 20 74 68 69 73 20 70 61 67 65 2e 3c 2f 70 on this page.</p
05a0: 3e 0a 0a 3c 68 32 3e 57 68 61 74 20 69 73 20 74 >..<h2>What is t
05b0: 68 69 73 20 70 61 67 65 20 66 6f 72 3f 3c 2f 68 his page for?</h
05c0: 32 3e 0a 0a 3c 64 69 76 3e 53 6f 66 74 77 61 72 2>..<div>Softwar
05d0: 65 20 69 73 20 69 6e 68 65 72 65 6e 74 6c 79 20 e is inherently
05e0: 62 75 67 67 79 20 2d 20 77 65 20 61 6c 6c 20 6d buggy - we all m
05f0: 61 6b 65 20 6d 69 73 74 61 6b 65 73 2e 20 53 65 ake mistakes. Se
0600: 63 75 72 65 20 6e 65 74 77 6f 72 6b 69 6e 67 0a cure networking.
0610: 73 6f 66 74 77 61 72 65 20 69 73 20 65 76 65 6e software is even
0620: 20 77 6f 72 73 65 2c 20 62 65 63 61 75 73 65 20 worse, because
0630: 73 6d 61 6c 6c 20 62 75 67 73 20 68 61 76 65 20 small bugs have
0640: 62 69 67 20 63 6f 6e 73 65 71 75 65 6e 63 65 73 big consequences
0650: 2e 20 41 6e 64 20 77 69 74 68 20 74 68 65 0a 4e . And with the.N
0660: 53 41 20 42 75 6c 6c 72 75 6e 20 70 72 6f 67 72 SA Bullrun progr
0670: 61 6d 2c 20 77 65 20 6e 6f 74 20 6f 6e 6c 79 20 am, we not only
0680: 68 61 76 65 20 74 6f 20 64 65 61 6c 20 77 69 74 have to deal wit
0690: 68 20 74 68 65 20 6e 6f 72 6d 61 6c 2c 20 22 6c h the normal, "l
06a0: 61 7a 79 22 20 62 75 67 73 2c 0a 77 68 69 63 68 azy" bugs,.which
06b0: 20 64 6f 6e 27 74 20 63 61 75 73 65 20 61 6e 79 don't cause any
06c0: 20 68 61 72 6d 20 75 6e 74 69 6c 20 66 6f 75 6e harm until foun
06d0: 64 20 28 65 69 74 68 65 72 20 62 79 20 68 6f 6e d (either by hon
06e0: 65 73 74 20 73 65 63 75 72 69 74 79 20 72 65 73 est security res
06f0: 65 61 72 63 68 65 72 20 6f 72 0a 65 76 69 6c 20 earcher or.evil
0700: 63 72 69 6d 69 6e 61 6c 73 29 2c 20 62 75 74 20 criminals), but
0710: 77 69 74 68 20 62 75 67 73 20 69 6e 74 65 6e 74 with bugs intent
0720: 69 6f 6e 61 6c 6c 79 20 70 6c 61 63 65 64 2c 20 ionally placed,
0730: 61 6e 64 20 75 73 65 64 20 62 79 20 74 68 65 20 and used by the
0740: 73 65 63 72 65 74 0a 73 65 72 76 69 63 65 73 20 secret.services
0750: 66 72 6f 6d 20 64 61 79 20 30 2e 3c 2f 64 69 76 from day 0.</div
0760: 3e 0a 0a 3c 64 69 76 3e 44 65 76 65 6c 6f 70 69 >..<div>Developi
0770: 6e 67 20 69 6e 20 46 6f 72 74 68 20 69 73 20 61 ng in Forth is a
0780: 20 22 63 72 61 73 68 20 65 61 72 6c 79 2c 20 63 "crash early, c
0790: 72 61 73 68 20 6f 66 74 65 6e 22 20 65 78 65 72 rash often" exer
07a0: 63 69 73 65 2c 20 62 75 74 20 73 65 63 75 72 69 cise, but securi
07b0: 74 79 0a 72 65 6c 61 74 65 64 20 62 75 67 73 20 ty.related bugs
07c0: 64 6f 6e 27 74 20 63 72 61 73 68 20 74 68 65 20 don't crash the
07d0: 70 72 6f 67 72 61 6d 2e 3c 2f 64 69 76 3e 0a 0a program.</div>..
07e0: 3c 64 69 76 3e 6e 65 74 32 6f 20 69 73 20 6e 6f <div>net2o is no
07f0: 74 20 72 65 61 64 79 20 66 6f 72 20 75 73 65 2c t ready for use,
0800: 20 73 6f 20 62 75 67 73 20 64 6f 20 68 61 70 70 so bugs do happ
0810: 65 6e 2c 20 61 6e 64 20 67 65 74 20 66 69 78 65 en, and get fixe
0820: 64 2c 20 62 75 74 20 74 68 65 20 62 75 67 73 0a d, but the bugs.
0830: 64 65 73 63 72 69 62 65 64 20 68 65 72 65 20 75 described here u
0840: 73 75 61 6c 6c 79 20 61 72 65 20 72 65 61 6c 20 sually are real
0850: 62 75 67 73 20 49 20 66 6f 75 6e 64 20 61 6e 64 bugs I found and
0860: 20 66 69 78 65 64 20 64 75 72 69 6e 67 20 64 65 fixed during de
0870: 76 65 6c 6f 70 6d 65 6e 74 2e 20 41 6c 6c 0a 6f velopment. All.o
0880: 66 20 74 68 65 6d 20 6c 6f 6f 6b 20 6c 69 6b 65 f them look like
0890: 20 70 72 6f 66 65 73 73 69 6f 6e 61 6c 6c 79 20 professionally
08a0: 69 6d 70 6c 61 6e 74 65 64 20 62 75 67 73 20 62 implanted bugs b
08b0: 79 20 74 68 65 20 4e 53 41 2c 20 62 65 63 61 75 y the NSA, becau
08c0: 73 65 20 74 68 61 74 27 73 20 74 68 65 0a 73 74 se that's the.st
08d0: 61 74 65 20 6f 66 20 74 68 65 20 61 72 74 20 68 ate of the art h
08e0: 6f 77 20 74 6f 20 69 6d 70 6c 61 6e 74 20 62 61 ow to implant ba
08f0: 63 6b 64 6f 6f 72 73 3a 20 49 74 20 6d 75 73 74 ckdoors: It must
0900: 20 70 72 6f 76 69 64 65 20 69 74 73 20 61 75 74 provide its aut
0910: 68 6f 72 20 77 69 74 68 0a 22 72 65 61 73 6f 6e hor with."reason
0920: 61 62 6c 65 20 64 65 6e 69 61 6c 22 2c 20 63 6c able denial", cl
0930: 61 69 6d 69 6e 67 20 69 6e 63 6f 6d 70 65 74 65 aiming incompete
0940: 6e 63 65 2e 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 nce.</div>..<div
0950: 3e 48 6f 77 65 76 65 72 2c 20 69 6e 20 6f 72 64 >However, in ord
0960: 65 72 20 74 6f 20 67 65 74 20 74 68 69 6e 67 73 er to get things
0970: 20 72 69 67 68 74 2c 20 77 65 20 6e 65 65 64 20 right, we need
0980: 61 20 63 75 6c 74 75 72 65 20 6f 66 20 61 63 63 a culture of acc
0990: 65 70 74 69 6e 67 20 6f 75 72 0a 6d 69 73 74 61 epting our.mista
09a0: 6b 65 73 2c 20 61 6e 64 20 66 69 78 69 6e 67 20 kes, and fixing
09b0: 74 68 65 6d 2e 20 26 6e 62 73 70 3b 4d 61 6e 79 them. Many
09c0: 20 70 72 6f 67 72 61 6d 6d 65 72 73 20 64 65 6e programmers den
09d0: 79 20 62 75 67 73 2c 20 61 6e 64 20 72 65 71 75 y bugs, and requ
09e0: 65 73 74 20 61 74 0a 6c 65 61 73 74 20 61 20 70 est at.least a p
09f0: 72 6f 6f 66 20 6f 66 20 63 6f 6e 63 65 70 74 20 roof of concept
0a00: 61 74 74 61 63 6b 2c 20 62 65 66 6f 72 65 20 74 attack, before t
0a10: 68 65 79 20 61 63 74 75 61 6c 6c 79 20 73 74 61 hey actually sta
0a20: 72 74 20 64 6f 69 6e 67 20 73 6f 6d 65 74 68 69 rt doing somethi
0a30: 6e 67 2e 0a 26 6e 62 73 70 3b 54 68 69 73 20 73 ng.. This s
0a40: 6f 72 74 20 6f 66 20 63 75 6c 74 75 72 65 20 69 ort of culture i
0a50: 73 20 73 6f 20 77 72 6f 6e 67 3a 20 41 73 20 61 s so wrong: As a
0a60: 75 74 68 6f 72 20 6f 66 20 73 65 63 75 72 69 74 uthor of securit
0a70: 79 20 63 72 69 74 69 63 61 6c 20 73 79 73 74 65 y critical syste
0a80: 6d 73 2c 0a 79 6f 75 20 6d 75 73 74 20 62 65 20 ms,.you must be
0a90: 63 6f 6e 73 74 61 6e 74 6c 79 20 73 63 61 72 65 constantly scare
0aa0: 64 20 62 79 20 70 65 6f 70 6c 65 20 75 73 69 6e d by people usin
0ab0: 67 20 65 76 65 72 79 20 77 61 79 20 74 6f 20 62 g every way to b
0ac0: 72 65 61 6b 20 69 6e 74 6f 20 79 6f 75 72 0a 73 reak into your.s
0ad0: 6f 66 74 77 61 72 65 2c 20 61 6e 64 20 79 6f 75 oftware, and you
0ae0: 20 6d 75 73 74 20 62 65 20 72 65 61 64 79 20 74 must be ready t
0af0: 6f 20 66 69 78 20 65 76 65 72 79 20 62 75 67 2c o fix every bug,
0b00: 20 65 76 65 6e 20 6a 75 73 74 20 70 6f 74 65 6e even just poten
0b10: 74 69 61 6c 20 72 69 73 6b 73 2c 0a 62 65 66 6f tial risks,.befo
0b20: 72 65 20 73 6f 6d 65 6f 6e 65 20 73 68 6f 77 73 re someone shows
0b30: 20 79 6f 75 20 61 6e 20 61 63 74 75 61 6c 20 65 you an actual e
0b40: 78 70 6c 6f 69 74 2e 3c 2f 64 69 76 3e 0a 0a 5a xploit.</div>..Z
0b50: 20 38 32 39 63 30 31 32 62 38 34 38 35 61 62 30 829c012b8485ab0
0b60: 38 31 39 37 36 34 62 32 63 30 34 37 30 33 36 61 819764b2c047036a
0b70: 35 0a 5.