@briankrebs That explains all the shite I've seen, incl. the #CryptoAPI #backdoor in #Windows itself...

https://github.com/kkarhan/windows-ca-backdoor-fix

@iX_Magazin #Windows ist inhärent unfixbar unsicher...

Siehe #CryptoAPI - #Backdoor!

@euroinfosec which doesn't matter when they literally #backdoor the #CryptoAPI and integrate #Govware like #Recall!

http://github.com/kkarhan/windows-ca-backdoor-fix

@marjolica @utf_7 @dashjackson @froge @arstechnica It'll impact any application that uses #Windows' #CryptoAPI and doesn't come with it's own #Encryption Library and #CertificateManagment.

• IDK if the "#Linux Subsystem for #Windows" (The real "#WindowsSubsystemForLinux" is #Wine!) may or may not be as #cursed as to just wrap said functions into the #CryptoAPI instead of doing it with the applications' dependencies.

Needless to say all #Chromium variants and #IE / #Edge are vulnerable to this #Backdoor which exists since at least #WindowsXP to this day!

• Thus consider said #OS inherently unsafe!

@GossiTheDog @signalapp it merely prevents #Screenshots by claiming it's #DRM'd content.

• It's a mere ask and #Microsoft could specifically close that #API and make it subject to contractual agreements (as they did with their #Antivirus API calls to disable #WindowsDefender!) if they decide this is against their wishes.

• It also doesn't prevent the #Keylogger nor works against the known #CryptoAPI #backdoor affecting all #Browsers (except #Firefox and @torproject / #TorBrowser) which can be triggered by a single #HTTPS request.

The correct solution for #Signal would be to alert all their users and specifically block #Windows in general or at least #Windows11 simply because it is a #Govware and empirically cannot be made private or secure.

But that would require them to actually give a shit, which thed don't, cuz otherwise they would've stopped demanding #PII like a #PhoneNumber and moved out of juristiction of #CloudAct.

• I mean, what's gonna prevent the #Trump-Regime from threatening @Mer__edith et. al. with lifetime in jail for not kicking the #ICC (or anyone else he and his fans dislike) from #Signal's infrastructure?

Since they are highly centralized.they certainly are capable to comply with "#Sanctions" (or whatever bs he'll claim!)...

@DeltaWye @kfh I'd say @torproject / #TorBrowser as it's #Firefox but without #tracking, #adware and #analytics!

But if you're using #Govware like #Windows, any #Browser that doesn't use the #backdoored #CryptoAPI (i.e. all #Chromium-Forks do use it!) is better...

• And yes, even the "fix" I released isn't propably permanent as any #WindowsUpdate can revert it!

@paco #Copilot & #Recall are the perfect #InfoStealer #malware combo!

• This makes the #CryptoAPI - #Backdoor look chill by comparison!

@cryptrz add to that the fact that the #CryptoAPI is #backdoored and that said #backdoor can be triggered with a simple #HTTPS request in any #Browser [except #Firefox & #TorBrowser as they use #NSS instead!] (or #PowerShell's horrible wget implementation)...

And we have sufficient proof thaf #Windows is a #Govware that noone should use and that should be banned across the globe.

http://github.com/kkarhan/windows-ca-backdoor-fix

@0x40k well, #Microsoft to this day has a #Backdoor in the #CryptoAPI that remains unfixed to this day...

• And since Microsoft doesn't acknowledge the concept of #consent in #Windows (and doesn't even fake it!) and they are both #PRISM collaborators AND subject to #CloudAct, they #CantFix & #WontFix it!

@roman78 @admin @olifantenbaer angesichts der Lücken in #CryptoAPI inklusive #Backdoors ist das digitales #FlexTape bei durchgerrostetem Rohr...

• Hinzu kommt dass #WindowsUpdate entsprechende Einstellungen resetted.https://github.com/kkarhan/windows-ca-backdoor-fix

@gborn @MichaelD @Bundesligatrainer @Ihazchaos nein, eben nicht.

Dass #Windows10 [und besonders #Windows11] nicht #DSGVO- & #BDSG-konform sein können ist evidenzierte Tatsache und ich habe noch keine*n Anwält*in gesehen die etwas anderes behaupten und dafür im Zweifelsfalle auch die #Haftung übernehmen würden.

• Wohingegen ich mir sicher bin dass @SUSE & @ubuntu mir im Zweifelsfalle sogar ne #Versicherung der #Compliance ab Werk anbieten würden, was #Microsoft aufgrund von #CloudAct inhärent nicht kann!

• Außerdem verbietet sich das Procurement von Anbietern die in "illegaler Agententätigkeit" [u.a. #PRISM] involviert sind (!!!) schon aus oberflächlicher due diligence...

Von einfach ausnutzbaren #Govware - #Backdoors in der #CryptoAPI unter #Windows hab ich noch garnicht angefangen!

• TLDR: #Windows gehört in den #Müll und notfalls auf ne #airgapped Kiste bzw. #offline VM! Ich fass' den shice nicht an!!!

@puppygirlhornypost2 @navi yeah, but that's a common problem based off #TechIlliteracy and lack of proper explaination!

• Given the #CryptoAPI of #Windows is #backdoored for #Govware [#NSAKEY_ & #SSL-Updates I'd consider #BitLocker insecure and the least of it's problems!

Bonus points if #TPM bs prevents #DataRecovery.

• My biggest problem with #FDE/ #FullDiskEncryption is that is mandates direct access to a system to authenticate, thus one needs to manually mount stuff on servers post-boot instead.

@tokyo_0 #TrueCrypt is #abandonware with serious security issues.

• DO NOT USE TRUECRYPT FFS!!!

Use #VeraCrypt or even better: migrate machines to #Linux and use #LUKS / #dmcrypt instead, as it's the best option at hand.

• If you need to shuttle data to #Windows and #macOS machines and using #SFTP / #SSHFS to mount a secure storage over the network isn't an option, than you're stuck with VeraCrypt, as #Windows' #CryptoAPI is evidently #backdoored to the point that every #Browser except #Firefox is susceptible to #SSL hijacking with background updates...

https://github.com/kkarhan/windows-ca-backdoor-fix

@rysiek #Microsoft blaming the #EU for #CrowdStrike when the most affected customers are #Airlines from the #USA that don't eben service Airports in #Europe at all is the biggest insult to the intellect of everyone since they denied #_NSAKEY and their #CryptoAPI #backdoor:

https://github.com/kkarhan/windows-ca-backdoor-fix

@malwaretech thanks for adding another legendary #ITsec #fuckup by #Microsoft to the long list of *"#WontFix" #Exploits that prevent me from even touching #Windows at all...

If a literal #Govware #Backdoor in the #CryptoAPI wasn't worse enough already...

@bojkotiMalbona @diebarschlampe @lmorchard @vkc nodds in agreement

I hate the #GAFAM-driven #Enshittification and the #Microsoft tech stack.

• I can accept it when someone needs something specific, but every single time I asked people who claimed they need i.e. #Excel they refused to tell me what they use it for or what function they need #LibreOffice doesn't offer them.

I get hired and paid to prevent #LockIn effects and to enshure #ITsec is up to code, but that necessitates not surrendering to #PRISM-Collaborators and #Govware integrators...

• As shitty as #IBM & #RedHat are, #RHEL at least doesn't come with a #backdoored #CryptoAPI that they refuse to acknowledge or fix - unlike #Windows!https://github.com/kkarhan/windows-ca-backdoor-fix

@happygeek Morpheus Voice "What if I told you it *never*was safe to begin with?

Cuz #Microsoft not only is a #PRISM collaborator but also knowingly leaves #Govware #Backdoors open and refuses to fix known issues.

• Like the #CryptoAPI #backdoor that is > 11 years old now...

And the only "fix" isn't even persistent but easy to backroll by #WindowsUpdate or it's subsystem...

It doesn't even require elevated privilegues on the machine to exploit, just malformed / hijacked #DNS as Microsoft doesn't check it's #SSL #Certificate updates for #integrity or #signatures at all...