|
BigBro84
Posts: 7
|
|
« on: October 19, 2009, 08:54:54 am » |
|
I have something to say for all security aware people in this forum.
In december 2008 my home was raided by latvian security police (former latvian KGB). In my protests about my computer containing sensitive passwords, one operative told that my computer have uTorrent installed, so they have all my passwords beforehand. I assume that the uTorrent have some sort of backdoor. Not to mention that my uTorrent was downloaded from official homepage and MD5 checksums correctly compared to official ones.
After that in another conversation with security police operative he denied all talks about backdoor and even told me that he does not even remember telling it.
So You have been warned! Maybe someone with good disassembling skills could take closer look at uTorrent.
|
|
|
|
|
|
ntldr
Administrator
Posts: 1060
|
|
« Reply #1 on: October 19, 2009, 10:38:06 pm » |
|
Hm, this is interesting. Please post you uTorrent version and md5 checksumm.
|
|
|
|
|
|
BigBro84
Posts: 7
|
|
« Reply #2 on: October 20, 2009, 02:00:47 am » |
|
uTorrent 1.8.1 and before I have upgraded uTorrent versions 1.7.7; 1.7.6; 1.6.1 and 1.5
When I got my computer back, I checked uTorrent 1.8.1 checksums, and they matched original ones. There is always possibility that contents of my hard drive was altered when my computer was taken. But it's very unlikely that I have downloaded some special crafted backdoored version.
Currently my old hard drives contents is inacessible due to damaged SCSI cable.
|
|
|
|
|
|
alkoro
Posts: 85
|
|
« Reply #3 on: October 20, 2009, 02:44:17 am » |
|
one operative told that my computer have uTorrent installed, so they have all my passwords
Operatives is so operatives : ) its can be standard practice of intimidation and fraud. though, utorrent contain many vulnerabilities, who knows... |
|
|
|
|
|
BigBro84
Posts: 7
|
|
« Reply #4 on: October 20, 2009, 11:05:02 am » |
|
its can be standard practice of intimidation and fraud. though, utorrent contain many vulnerabilities, who knows...
They have no need to say such fraud in that situation. The chekist that told it later denied not only that it have a backdoor, but he denied even saying that. I guess it's top secret. Just imagine the worlds most popular bittorrent client caught to secretly cooperate with spying agencies. Millions of users are potentially compromised. Maybe something to do with uTorrent being brought by BitTorrent Inc or maybe developers got blackmailed by goverment agents because it's generally a piracy tool. And what if uTorrent is not the only such software? The community must reevaluate the security of closed source software even if it's freeware. If You don't believe what I'm saying, that's OK. If only few users who need to keep they data secret listen to me, then I have done my duty. Encryption software forum is right place for such people. For my personal usage I have found even better alternative to uTorrent. I will not say it's name, otherwise you will just think that I'm spreading FUD about uTorrent behalf of other project. |
|
|
|
|
|
defeind
Posts: 6
|
|
« Reply #5 on: October 22, 2009, 10:44:45 am » |
|
|
|
|
|
|
|
alkoro
Posts: 85
|
|
« Reply #6 on: October 22, 2009, 08:49:53 pm » |
|
better?
Interesting. I have some questions about this device: Who gives guarantee, that device have not backdoors ? How to get real proofs about it, I mean. How to bootup OS from disk with this device? ...how to input password/key at POST-procedure. not better nor worse, just another crypto decision. |
|
|
|
|
|
defeind
Posts: 6
|
|
« Reply #7 on: October 23, 2009, 01:32:42 am » |
|
i spend ntldr one module, if interested ;)
he makes any firmwares ? :)
|
|
|
|
|
|
aleksvolgin
Posts: 48
|
|
« Reply #8 on: October 23, 2009, 02:52:40 am » |
|
- бесполезная железка ИМХО, ещё один аппаратный крипт контроллер, коих десятки на рынке. Плюсов по сравнению с другими не вижу, разве что цена менее квадратная, чем у других. С программным продуктом интереснее, т.к. он позволяет скрывать сам факт шифрования, с железкой такой трюк не пройдёт. |
|
|
|
|
|
BigBro84
Posts: 7
|
|
« Reply #9 on: October 23, 2009, 05:12:11 am » |
|
Why this conversation have gone offtopic from uTorrent bittorrent client to hardware encryption device?
|
|
|
|
|
|
defeind
Posts: 6
|
|
« Reply #10 on: October 23, 2009, 02:27:42 pm » |
|
utorent bat/agent.r logged passwords in background with software encryption, utorent agent can not logging passwords with this hardware encryption, offtopic ? :) @aleksvolgin not enova x-wall crap or so:) xirguard have flexible field programmable gate array (fpga) i have opened if interested  http://www.abload.de/image.php?img=xirgjcm7.jpg |
|
|
|
|
|
defeind
Posts: 6
|
|
« Reply #11 on: October 23, 2009, 06:37:54 pm » |
|
@alkoro xirguard have bios like this     you can set and manipulate ata-commands r/w , cyphermachine for profs,cypher rounds (128 - 3328bit),cypher id`s for groups of moduls and bios compatiblity settings you can see ata errors read/write (crap sata cable) open source software available from website to decrypt you hard drive (for hardware failure) software works with same cypher method to encrypt/decrypt data you knowing better, same or secure :) hardware ? |
|
|
|
|
|
defeind
Posts: 6
|
|
« Reply #12 on: October 23, 2009, 07:04:16 pm » |
|
i like and use diskcryptor ! not wrong understand me :)
xirguard only interested me
i only used opportunity from thread
ntldr have interesting, i give him this module
offtopic off :)
|
|
|
|
|
|