back doors

[nosphalot@gmail.com (nosphalot)]

All valid points I wish I had thought of.

The generic off line update could very easily detect the user once
installed and update itself to a backdoored version as needed.

On Mon, Dec 21, 2015, 4:09 PM David I. Emery <die@dieconsulting.com> wrote:

> On Mon, Dec 21, 2015 at 11:23:30PM +0000, nosphalot wrote:
> > You always have similar concerns with any closed source software (or even
> > open source you haven't audited yourself). Or am I missing a new problem
> > that occurs with auto-updates?
>
>
>         I presume the suggestion is that vendors can cooperate with LEAs
> to selectively send targets DIFFERENT and TROJANed updates because they
> know who they are via all the "telemetry" and marketing tracking they do
> and know which system is requesting updates and who it belongs to.
>
>         This is a different kind of cooperation than simply handing over
> user data... or secretly sharing the fruits of their OWN spyware
> (keystroke loggers intended to collect data to optimize search or UIs
> for example).
>
>         And because such bogus updates would be  specifically targeted
> (maybe even with court ordered search warrants), it would presumably be
> less objectionable as some form of legal process might have  determined
> that the system or software user is a "bad guy" legally subject to being
> provided with such malware.   And normal users would not be.
>
>         Obviously a defense is to determine if your system has a
> different update binary (or code images in memory), but Dan points out
> that the recent trend toward techniques such as address space
> randomization and perhaps even different binaries from different
> compilers and code optimizers (which reduces attack surfaces for
> traditional malware a lot) might also make it a lot more difficult to
> determine if the differences were just protective and the software
> images functionally equivalent if not identical at the binary level or
> whether some one of them contained backdoors or malware or trojans...
> not present in the normal release.
>
>         This all WOULD provide backdoors only for targets, not the rest
> of us... but also make the vendor at least indirectly an untrusted party
> due to the potential that what appears to be a legitimate valid update
> from him might instead be a trojan from the government (some government,
> somewhere).
>
>         Might be better than having every copy equipped with a backdoor,
> but also would of course be subject to various strategies of evasion...
> depending on whether it was possible to obtain generic off line update
> binaries (as it is now for the most part) anonymously.
>
> >
> > On Mon, Dec 21, 2015 at 3:17 PM <dan@geer.org> wrote:
> >
> > > With software auto-update in a fully personalized digital world,
> > > there is no need for back doors.
> > >
> > > Were active defense to go in the direction of diversity compilers,
> > > comparing updates would be uninformative.
> > >
> > >
> > > --dan
>
>
> --
>   Dave Emery N1PRE/AE, die@dieconsulting.com  DIE Consulting, Weston,
> Mass 02493
> "An empty zombie mind with a forlorn barely readable weatherbeaten
> 'For Rent' sign still vainly flapping outside on the weed encrusted pole -
> in
> celebration of what could have been, but wasn't and is not to be now
> either."
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20151222/3d20b687/attachment-0001.html>