Jump to content



Photo
drive encryption

  • Please log in to reply
66 replies to this topic

#31 Andre S.

Andre S.

    Asik

  • Tech Issues Solved: 14
  • Joined: 26-October 05

Posted 02 June 2014 - 03:38

heartbleed, cough.

Your point?




#32 mastercoms

mastercoms

    Expert Microsoft Fanboy & C# Coder

  • Tech Issues Solved: 3
  • Joined: 21-May 13
  • Location: Marietta, Georgia
  • OS: W10 + Fedora 21
  • Phone: Lumia 928 WP8.1U1 Black

Posted 02 June 2014 - 03:47

heartbleed, cough.

Again, just because something is open source, doesn't mean it has no vulnerabilities and it doesn't mean it has more vulnerabilities.

Open source software just means:

1. There are more eyes that can review vulnerabilities

2. The software is more transparent, meaning the developers can't hide anything

Additionally, OpenSSL has been known to have many vulnerabilities in the past, I really think that people who use OpenSSL are at fault, there are many more secure open source alternatives. I wouldn't trust OpenSSL in the light of 7 major vulnerabilities in about 10 years, and when Steve Marquess, a former military consultant in Maryland started the OpenSSL Software Foundation for donations and consultancy contracts and garnered sponsorship from the United States Department of Homeland Security and the United States Department of Defense. [Source] (which has a lot more interesting things). OpenSSL is known as an atrocity in the open source community, and is a horrible example in this regard.

And you're just mentioning one vulnerability, which only affected 1.0.1 to 1.0.1f of OpenSSL, which wasn't even the latest version at the time. A fixed version of OpenSSL was released on the same day Heartbleed was publicly disclosed.



#33 T3X4S

T3X4S

    Neowinian

  • Tech Issues Solved: 3
  • Joined: 28-October 13

Posted 02 June 2014 - 03:48

So you are setting this up under the premise if someone steals your stuff - you want to make them not have access to your music ??  What ???

If someone steals your external - chances are they will wipe it and move on

If it gets stolen, they already have the thing thats valuable to them. --  your music is only valuable to you.  Unless, of course, this would be thief just happens to have the same taste in music as you do.

 

I'll tell you the same thing I tell people who ask me if "hackers will attack them" ---   nobody cares about your stuff.



 



#34 mastercoms

mastercoms

    Expert Microsoft Fanboy & C# Coder

  • Tech Issues Solved: 3
  • Joined: 21-May 13
  • Location: Marietta, Georgia
  • OS: W10 + Fedora 21
  • Phone: Lumia 928 WP8.1U1 Black

Posted 02 June 2014 - 03:54

So you are setting this up under the premise if someone steals your stuff - you want to make them not have access to your music ??  What ???

If someone steals your external - chances are they will wipe it and move on

If it gets stolen, they already have the thing thats valuable to them. --  your music is only valuable to you.  Unless, of course, this would be thief just happens to have the same taste in music as you do.

 

I'll tell you the same thing I tell people who ask me if "hackers will attack them" ---   nobody cares about your stuff.

+1 You really only need encryption if you know hackers/the government are specifically looking for you or will look for you in future. Just because Snowden leaked stuff about the NSA doesn't mean you have encrypt everything you have.



#35 vcfan

vcfan

    Doing the Humpty Dance

  • Tech Issues Solved: 3
  • Joined: 12-June 11

Posted 02 June 2014 - 03:57

Your point?

 

i just found it ironic that you're wary about closed source software being backdoored by the NSA when recently we've learned that the NSA has been exploiting for years a hole in open source software that they may have planted in plain sight.



#36 mastercoms

mastercoms

    Expert Microsoft Fanboy & C# Coder

  • Tech Issues Solved: 3
  • Joined: 21-May 13
  • Location: Marietta, Georgia
  • OS: W10 + Fedora 21
  • Phone: Lumia 928 WP8.1U1 Black

Posted 02 June 2014 - 04:01

i just found it ironic that you're wary about closed source software being backdoored by the NSA when recently we've learned that the NSA has been exploiting for years a hole in open source software that they may have planted in plain sight.

I just found it ironic that the difference between backdoors in open source software and closed source software is that in OSS, backdoors are eventually found and fixed, while in CSS, backdoors can be hidden from the public, never disclosed.



#37 OP losanglo

losanglo

    Neowinian

  • Joined: 19-April 14

Posted 02 June 2014 - 04:05

Microsoft only has 2 consumer SKUs now, Windows 8.1, and Windows 8.1 Pro.

Oops, was looking at my Windows 7 machine :/

 

I'm using Windows 8.1 (not Pro) on the laptop in question.



#38 Andre S.

Andre S.

    Asik

  • Tech Issues Solved: 14
  • Joined: 26-October 05

Posted 02 June 2014 - 04:08

i just found it ironic that you're wary about closed source software being backdoored by the NSA when recently we've learned that the NSA has been exploiting for years a hole in open source software that they may have planted in plain sight.

Are you seriously suggesting that Robin Seggelman was secretly working for the NSA when he introduced the bug and that Dr Stephen Henson who reviewed his change and overlooked the flaw was an accomplice?



#39 vcfan

vcfan

    Doing the Humpty Dance

  • Tech Issues Solved: 3
  • Joined: 12-June 11

Posted 02 June 2014 - 04:12

Again, just because something is open source, doesn't mean it has no vulnerabilities and it doesn't mean it has more vulnerabilities.
Open source software just means:
1. There are more eyes that can review vulnerabilities
2. The software is more transparent, meaning the developers can't hide anything

 
you can read closed source software like a book with IDA or windbg. even heavily obfuscated code like in packers,which run code in their own unknown custom VM has been unraveled and made back to be read by any junior reverser.
 
 

I just found it ironic that the difference between backdoors in open source software and closed source software is that in OSS, backdoors are eventually found and fixed, while in CSS, backdoors can be hidden from the public, never disclosed.

 
holes in closed source software are disclosed and fixed all the time

#40 Andre S.

Andre S.

    Asik

  • Tech Issues Solved: 14
  • Joined: 26-October 05

Posted 02 June 2014 - 04:29

 you can read closed source software like a book with IDA or windbg. even heavily obfuscated code like in packers,which run code in their own unknown custom VM has been unraveled and made back to be read by any junior reverser.

I think that you're widely exaggerating. Such tools only do a very mechanical translation that can be very far from the structure of the original code. They're also incapable of dealing with more advanced C++ features like templates as these are erased during compilation. Optimization passes also lose a lot of information about the original structure which cannot be guessed at. On a codebase the size of an advanced cryptographic tool, you would end up with several millions of lines of meaningless identifiers and you'd still have an absolutely daunting reverse-engineering task to make any sense out of it. This makes independent code review practically infeasible, not to mention usually illegal.



#41 mastercoms

mastercoms

    Expert Microsoft Fanboy & C# Coder

  • Tech Issues Solved: 3
  • Joined: 21-May 13
  • Location: Marietta, Georgia
  • OS: W10 + Fedora 21
  • Phone: Lumia 928 WP8.1U1 Black

Posted 02 June 2014 - 04:39

holes in closed source software are disclosed and fixed all the time

Not the ones that are purposely put in.

It's always better to hide backdoors in closed source software.



#42 vcfan

vcfan

    Doing the Humpty Dance

  • Tech Issues Solved: 3
  • Joined: 12-June 11

Posted 02 June 2014 - 04:54

Are you seriously suggesting that Robin Seggelman was secretly working for the NSA when he introduced the bug and that Dr Stephen Henson who reviewed his change and overlooked the flaw was an accomplice?


no,what im suggesting is that they could have done it,and it would have passed review,and we'd be told the software is safe because its open source.

#43 Raa

Raa

    Resident president

  • Tech Issues Solved: 7
  • Joined: 03-April 02
  • Location: NSW, Australia

Posted 02 June 2014 - 05:00

Ok, apparently only 7 ultimate has Bitlocker. Still helpful to know what OS you're running.

Win 7 Enterprise also has Bitlocker. Not that it will help in this situation i'd say...



#44 mastercoms

mastercoms

    Expert Microsoft Fanboy & C# Coder

  • Tech Issues Solved: 3
  • Joined: 21-May 13
  • Location: Marietta, Georgia
  • OS: W10 + Fedora 21
  • Phone: Lumia 928 WP8.1U1 Black

Posted 02 June 2014 - 05:01

no,what im suggesting is that they could have done it,and it would have passed review,and we'd be told the software is safe because its open source.

No software is ever guaranteed to be safe, open source or not, because it's made by humans.

It's just easier to hide a backdoor in a program where source code is not available, since machine code is not human readable, therefore, backdoors cannot be easily found by the community of users of the software.



#45 Andre S.

Andre S.

    Asik

  • Tech Issues Solved: 14
  • Joined: 26-October 05

Posted 02 June 2014 - 05:09

no,what im suggesting is that they could have done it,and it would have passed review,and we'd be told the software is safe because its open source.

The software is not safe because it's open-source; it's safe because there can be independent and public scrutiny that it is indeed safe, that there are no backdoors, etc. The mere fact that it's open-source is no guarantee of safety, but it's a prerequisite for independent and public verification.