Update of "nsa-backdoor"
Not logged in

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview

Artifact ID: 3df92a41e278a91a8033152dc98cad106bd02b0d
Page Name:nsa-backdoor
Date: 2014-04-11 19:54:04
Original User: bernd
Parent: 6614a36a8496c510328ff4caf60b754f5543a9ff (diff)
Next c88f59d88521cf722a359d3aa4357ca29ba0d546
Content

NSA Backdoor Fnord

As you all know, it is not allowed to speak about NSA-demanded backdoors, and especially it is strictly prohibited to give any details.  However, it is allowed to boldly lie about NSA-demanded backdoors if you didn't receive such a request, because you are not under a gag order, and in general, lying about the quality of your product is not only legal, but "best practice".  The purpose of this NSA backdoor fnord is to make you worry about the quality of net2o, and therefore you start looking at the source code; the topics mentioned here are all security things to consider.

Therefore, here is the official statement about NSA-demanded backdoors: There is a NSA-requested backdoor in net2o.  Update: The NSA was here again, and said they like to have a way to remotely access any memory without actually making a connection that would show up in a log file.  Especially access to the secret key is required, as net2o doesn't use passwords for login.  The backdoor implements this by providing the address and length of the region to be sent as integers and uses the $-push command, which pushes the content as string in the reply packet.

As net2o is open source, you can verify the truth value of the statement above.  And keep an eye on this page.