If anybody from the NSA reads this, I have a serious question.<\/p>\n
Have you all scanned what Snowden stole\/liberated (whatever floats your boat) for government backdoor and\/or \u201cmaster password\u201d<\/a> references? Were there any government backdoor and\/or \u201cmaster password\u201d references stored in the systems he had access to?<\/p>\n OK, in English now\u2026 for a long time there have been rumors of backdoor and\/or \u201cmaster passwords\u201d for all computer systems. With a certain password for a certain system, an \u201cauthorized\u201d person could get full access.<\/p>\n There really are \u201cmaster passwords\u201d currently in place for PC BIOS systems, all vehicle-embedded systems, and even on all iPhones. (Seriously. It\u2019s not a secret that \u201calpine\u201d works for full SSH access on all iPhones.<\/a>)<\/p>\n To make things even more interesting, since 1984 there have been ways to put backdoor and\/or \u201cmaster passwords\u201d into compilers<\/a> so not even programmers who make applications on their own would know such a backdoor and\/or \u201cmaster password\u201d was put into the app they just created.<\/p>\n Cool, huh?<\/p>\n You do need a specialized program to access each of these systems, sometimes you also need local access to the device, and most of the Google-able backdoor and\/or \u201cmaster passwords\u201d that show up are for things like maintenance and root-level hijinks, not \u201cwatch what people are doing live\u201d kinds of things.<\/p>\n Regardless, I would bet there\u2019s just a few backdoor and\/or \u201cmaster passwords\u201d reserved for the government that are already embedded in some critical systems. I would also bet with the right password combination, a \u201cwatch what people are doing live\u201d kind of thing could be set up with no problem.<\/p>\n All theoretically, of course.<\/p>\n Snowden stole\/liberated somewhere between \u201ctoo much\u201d and \u201coh dear God\u201d levels of data from the NSA. Now all that data was classified information. Communications. Transfers. Notes. Reports. Stuff not meant to see the light of day for some reason or other (justified or not).<\/p>\n I\u2019m thinking things like this were in the pile of data\u2026<\/p>\n That last one? Clearly naming the government backdoor and\/or \u201cmaster password\u201d for a specific system and purpose?<\/p>\n If that gets out, it can be used by ANYONE. Anywhere. Anytime. You can kiss EVERYTHING that backdoor and\/or \u201cmaster password\u201d is embedded in goodbye forever.<\/p>\n Plan on everyone using that backdoor password, and by everyone I mean especially\u2026<\/p>\n As an extra bonus, there\u2019s no resetting a backdoor and\/or \u201cmaster password\u201d on most embedded systems without local \u201chands on\u201d access. No way to erase it. No way to change it. No way to block it.<\/p>\n I don\u2019t know if Snowden would or would not release something like this if he found it in his data pile, but I guarantee a hostile government with access to this information would use it without question.<\/p>\n Which brings me back around to my question for the NSA.<\/p>\n Has the NSA scanned what Snowden stole\/liberated for government backdoor and\/or \u201cmaster password\u201d references? Were there any government backdoor and\/or \u201cmaster password\u201d references stored in the systems Snowden had access to?<\/p>\n Finally, if there are backdoor and\/or \u201cmaster password\u201d references in the pile of data Snowden has, what is the worst case scenario if a hostile entity uses this password to access the system(s) it is embedded in?<\/p>\n It\u2019s going to be a terrible thing to admit to the U.S., but if there is a backdoor and\/or \u201cmaster password\u201d reference of any kind in Snowden\u2019s data pile, we need to do something about it right now.<\/p>\n The alternative would be far, FAR worse.<\/p>\n Any compromised systems for private citizens or commercial businesses would need to be updated as soon as possible.<\/p>\n Any compromised military systems would need to be taken offline IMMEDIATELY and kept out of active service until they have all been secured.<\/p>\n And NSA, going forward, if you\u2019re going to ignore that \u201cunreasonable search and something or other\u201d part of the Constitution and put in backdoor and\/or \u201cmaster passwords\u201d on some systems, please install VERY secure backdoor and\/or \u201cmaster passwords\u201d that require multi-factor authentication that can be changed or be deleted if necessary.<\/p>\n The back door needs to be more secure than the front door.<\/p>\n At the bare minimum, I suggest a DIFFERENT password for different series of devices and\/or software with something like a random key fob authentication system for each.<\/p>\n For example\u2026<\/p>\n Make a different password string<\/a> for each manufacturer\u2019s series and each manufacturer\u2019s model numbers. Tie all of that into a version of a key fob<\/a> multi-factor authentication generator<\/a> for final access.<\/p>\n After this update, to access a system\u2019s backdoor, you would not only need the \u201cmaster password\u201d embedded in the device, you would also need the randomly synced password that would be generated on the key fob to proceed.<\/p>\n Worst case – if a master backdoor password is compromised or stolen by a future Snowden, it would be useless in and of itself without the key fob generator to finish \u201copening the door\u201d and it would only be valid on a limited set of systems. If both a master backdoor password and its\u2019 correlating key fob system were compromised, you would only risk access to a limited series of systems.<\/p>\n That\u2019s the minimum recommended civil-rights violations per serving. Seriously. No more single word passwords for an entire warehouse of systems or for all software made with compiler X.<\/p>\n I know there\u2019s insanely more complex ways of implementing backdoor access, but depending on the \u201caudience\u201d using the backdoor passwords, the NSA guys need to keep it accessible by the non-tech-savant crowd and reasonably quick as well.<\/p>\n Systems from the 80s, 90s and 2000 era are still out there. Applications built and modified on top of existing systems in this time period are legion. Only the NSA knows if there\u2019s really such a thing as backdoor single-word-passwords and where they might be installed at.<\/p>\n To quote Forrest Gump, \u201cthat\u2019s all I got to say about that.\u201d<\/p>\n Now back to silly cat photos, already in progress.<\/p>\n","protected":false},"excerpt":{"rendered":" If anybody from the NSA reads this, I have a serious question. Have you all scanned what Snowden stole\/liberated (whatever floats your boat) for government backdoor and\/or \u201cmaster password\u201d references? Were there any government backdoor and\/or \u201cmaster password\u201d references stored … Continue reading \n
\n
\n