@GossiTheDog Obviously this is nothing new, as #Microsoft's #CryptoAPI is so #backdoored that it's basically #Govware.

• Whoever believed #CensorBoot & #BitLocker ever were secure needs to be banned from doing #IT, because it never has been and that was oretty obvious.

  • Cuz #CloudAct exists for quite a while, and not having exclusive #SelfCustody means it violates #KerckhoffsPrinciple.

I'll be collecting apologies once the next #ToldYaSo hits.

• My money is on @signalapp / #Signal cuz @Mer__edith won't face lifetime in jail for non-paying users - not even paid VPNs would do that!

@ann3nova sadly this is nothing new.

The entire #CryptoAPI of #Windows is #backdoored for decades and #CensorBoot merely exists to prevent #Linux adoption and #DualBoot from working!

@Xeniax OFC #CensorBoot never was about #Security and #Microsoft having #Govware - #Backdoors in their #CryptoAPI is nothing new.

• Just glad to have them admit publicly that they don't give a fuck about #Windows #security or #orivacy!

If this doesn't disqualify Windows & Microsoft in general then those who made that decision should be fired.

• Simply because there's no legitimate reason for them to have this kind of #Backdoor!

The only secure #encryption is #FLOSS with #SelfCustody of all the keys…

• And Windows is just #malware… #BitLocker having a #GoldenKey is just yet another piece of evidence after #GoldenKeyBoot...
  

#USpol #cyherfascism #CloudAct #GAFAMs

Chúc mừng lần đầu tiên đạt doanh thu 40,99€ từ dự án API dữ liệu crypto của tôi - giá 85% rẻ hơn các đối thủ! Hy vọng truyền cảm hứng cho những người đam mê công nghệ và khởi nghiệp. #CryptoAPI #SideProject #Startup #DoanhThuTrongBán #CôngNghệFinTech

https://www.reddit.com/r/SideProject/comments/1pszm9h/my_first_4099_in_revenue_i_built_a_crypto_data/

@necrosis unter #WindowsXP & #Windows7 gab's nur #CryptoAPI - #Backdoors…

@froge @mozilla_support THIS is where #NSS does indeed differenciate from most encryption, as it comes with it's own #CA infrastructure.

• This is why #Frefox, #Thunderbird & #TorBrowser are not vulnerable to the #CryptoAPI #Backdoor in #Windows!

https://web.archive.org/web/20160507122657/https://www.heise.de/ct/ausgabe/2013-17-Zweifelhafte-Updates-gefaehrden-SSL-Verschluesselung-2317589.html
https://github.com/kkarhan/windows-ca-backdoor-fix

@briankrebs That explains all the shite I've seen, incl. the #CryptoAPI #backdoor in #Windows itself...

https://github.com/kkarhan/windows-ca-backdoor-fix

@iX_Magazin #Windows ist inhärent unfixbar unsicher...

Siehe #CryptoAPI - #Backdoor!

@euroinfosec which doesn't matter when they literally #backdoor the #CryptoAPI and integrate #Govware like #Recall!

http://github.com/kkarhan/windows-ca-backdoor-fix

@cR0w too many.

• Jist like there are way too many applications suceptible to the #CryptoAPI #backdoor of #Windows.

http://github.com/kkarhan/windows-ca-backdoor-fix

So far testing by @ct_Magazin / @heiseonline (and myseof later on) revealed only few #Apps not vulnerable to this specifics #Govware:

• #Firefox (uses @Mozilla / @mozilla_support / #Mozilla #NSS & has it's own #SSL certificate storage)
• @thunderbird (Mozilla NSS)
• @torproject / #TorBrowser (Mozilla NSS; custom certificates)
• #curl (uses @bagder #WolfSSL and manages it's own certs)

Anything else that uses the CryptoAPI is, espechally *all #Chromium-Forks (aka. All Browsers except Firefox, Tor Browser, #dillo, #LynxBrowser…)

@marjolica @utf_7 @dashjackson @froge @arstechnica It'll impact any application that uses #Windows' #CryptoAPI and doesn't come with it's own #Encryption Library and #CertificateManagment.

• IDK if the "#Linux Subsystem for #Windows" (The real "#WindowsSubsystemForLinux" is #Wine!) may or may not be as #cursed as to just wrap said functions into the #CryptoAPI instead of doing it with the applications' dependencies.

Needless to say all #Chromium variants and #IE / #Edge are vulnerable to this #Backdoor which exists since at least #WindowsXP to this day!

• Thus consider said #OS inherently unsafe!

@GossiTheDog @signalapp it merely prevents #Screenshots by claiming it's #DRM'd content.

• It's a mere ask and #Microsoft could specifically close that #API and make it subject to contractual agreements (as they did with their #Antivirus API calls to disable #WindowsDefender!) if they decide this is against their wishes.

• It also doesn't prevent the #Keylogger nor works against the known #CryptoAPI #backdoor affecting all #Browsers (except #Firefox and @torproject / #TorBrowser) which can be triggered by a single #HTTPS request.

The correct solution for #Signal would be to alert all their users and specifically block #Windows in general or at least #Windows11 simply because it is a #Govware and empirically cannot be made private or secure.

But that would require them to actually give a shit, which thed don't, cuz otherwise they would've stopped demanding #PII like a #PhoneNumber and moved out of juristiction of #CloudAct.

• I mean, what's gonna prevent the #Trump-Regime from threatening @Mer__edith et. al. with lifetime in jail for not kicking the #ICC (or anyone else he and his fans dislike) from #Signal's infrastructure?

Since they are highly centralized.they certainly are capable to comply with "#Sanctions" (or whatever bs he'll claim!)...

@DeltaWye @kfh I'd say @torproject / #TorBrowser as it's #Firefox but without #tracking, #adware and #analytics!

But if you're using #Govware like #Windows, any #Browser that doesn't use the #backdoored #CryptoAPI (i.e. all #Chromium-Forks do use it!) is better...

• And yes, even the "fix" I released isn't propably permanent as any #WindowsUpdate can revert it!

@paco #Copilot & #Recall are the perfect #InfoStealer #malware combo!

• This makes the #CryptoAPI - #Backdoor look chill by comparison!

@cryptrz add to that the fact that the #CryptoAPI is #backdoored and that said #backdoor can be triggered with a simple #HTTPS request in any #Browser [except #Firefox & #TorBrowser as they use #NSS instead!] (or #PowerShell's horrible wget implementation)...

And we have sufficient proof thaf #Windows is a #Govware that noone should use and that should be banned across the globe.

http://github.com/kkarhan/windows-ca-backdoor-fix

@0x40k well, #Microsoft to this day has a #Backdoor in the #CryptoAPI that remains unfixed to this day...

• And since Microsoft doesn't acknowledge the concept of #consent in #Windows (and doesn't even fake it!) and they are both #PRISM collaborators AND subject to #CloudAct, they #CantFix & #WontFix it!

@roman78 @admin @olifantenbaer angesichts der Lücken in #CryptoAPI inklusive #Backdoors ist das digitales #FlexTape bei durchgerrostetem Rohr...

• Hinzu kommt dass #WindowsUpdate entsprechende Einstellungen resetted.https://github.com/kkarhan/windows-ca-backdoor-fix

@gborn @MichaelD @Bundesligatrainer @Ihazchaos nein, eben nicht.

Dass #Windows10 [und besonders #Windows11] nicht #DSGVO- & #BDSG-konform sein können ist evidenzierte Tatsache und ich habe noch keine*n Anwält*in gesehen die etwas anderes behaupten und dafür im Zweifelsfalle auch die #Haftung übernehmen würden.

• Wohingegen ich mir sicher bin dass @SUSE & @ubuntu mir im Zweifelsfalle sogar ne #Versicherung der #Compliance ab Werk anbieten würden, was #Microsoft aufgrund von #CloudAct inhärent nicht kann!

• Außerdem verbietet sich das Procurement von Anbietern die in "illegaler Agententätigkeit" [u.a. #PRISM] involviert sind (!!!) schon aus oberflächlicher due diligence...

Von einfach ausnutzbaren #Govware - #Backdoors in der #CryptoAPI unter #Windows hab ich noch garnicht angefangen!

• TLDR: #Windows gehört in den #Müll und notfalls auf ne #airgapped Kiste bzw. #offline VM! Ich fass' den shice nicht an!!!

#EOD

@puppygirlhornypost2 @navi yeah, but that's a common problem based off #TechIlliteracy and lack of proper explaination!

• Given the #CryptoAPI of #Windows is #backdoored for #Govware [#NSAKEY_ & #SSL-Updates I'd consider #BitLocker insecure and the least of it's problems!

Bonus points if #TPM bs prevents #DataRecovery.

• My biggest problem with #FDE/ #FullDiskEncryption is that is mandates direct access to a system to authenticate, thus one needs to manually mount stuff on servers post-boot instead.