Author Topic: "Back-Doors" in most Software!  (Read 1457 times)

0 Members and 1 Guest are viewing this topic.

Offline GlennSprigg

  • Super Contributor
  • ***
  • Posts: 1212
  • Country: au
  • Medically retired Tech. Old School / re-learning !
"Back-Doors" in most Software!
« on: May 30, 2021, 12:18:54 pm »
I'm reminded of a very old, but REAL example of internal banking fraud, where a programmer set something up to deduct just 1-Cent
from accounts, during all personal transactions made by all bank members, and placed them in the highest alphabetical named account
without actually having to code in that name. Was only found out, when some innocent person opened an account which was higher
alphabetically, and started getting money piled in!  Who would miss 1-Cent!  Coders can do anything really, but better checks are in place now.

Anyway... When Pub 'Pokie' machines were first introduced here in Australia, decades ago, I remember first-hand observing certain gangs of
people, under one persons control, and a notebook, would repeatedly send people to certain machines, who would always come back shortly
with quite a bit of cash to hand over to him, before being sent off to other machines. They would make it look like they were 'loosing' for a
while... What they were doing though, is finally hitting a complex sequence of buttons, a certain amount of times, that would always result in
a substantial payout. The Machines are basically a computer!, and there was hidden coding, to achieve  those results! (Not mech machines!).

Also, when I was a Tech, and not working FOR, but with, specialist Elevator Techs at times, they often showed me 'tricks' of their Trade!! 
Now this didn't make any money as such, but allowed them to do certain 'sneaky things'. I won't say what various companies/brands did this,
and will not divulge the 'true' codes... However, it involved doing things 'like' hitting the 'door-close' button 20 times in 20 seconds, and then
hitting the Floor that you want.  It would cancel ALL other calls, (from 4 to 30 floors or what ever!), and take you express to what you want!   8)
The POINT being, here, that as most things are computer controlled now, programmers can do almost anything!!
Diagonal of 1x1 square = Root-2. Ok.
Diagonal of 1x1x1 cube = Root-3 !!!  Beautiful !!
 

Offline dave j

  • Regular Contributor
  • *
  • Posts: 91
  • Country: gb
Re: "Back-Doors" in most Software!
« Reply #1 on: May 30, 2021, 12:57:37 pm »
The button controlled traffic lights/pedestrian crossings in the UK, at least the bit of it I'm in, used to have double click to change immediately. Sadly someone's removed that feature now.
I'm not David L Jones. Apparently I actually do have to point this out.
 
The following users thanked this post: GlennSprigg

Offline Rerouter

  • Super Contributor
  • ***
  • Posts: 4681
  • Country: au
  • Question Everything... Except This Statement
Re: "Back-Doors" in most Software!
« Reply #2 on: May 31, 2021, 08:21:06 am »
If you know enough about most systems, you usually end up finding all the left over debug, commisioning self test, and maintainance things, sometimes it gives you more access, but a lot of the time your still in walled garden land in that it was an intentional function of the program that atleast maintainance was intended to access, and usually does not let you over-ride or setup new functions in the program,

Its like in a lot of cars, if you turn to ignition while holding down the trip meter button you can get into a diagnostic menu, usually just for the cluster, but sometimes able to trigger self test modes for various modules in the car,

In certain radios holding the right keys when turned to accesory following a battery disconnection brings up a factory test mode,

Phones can be booted into diagnostic menus by holding the right button combination,
 
The following users thanked this post: GlennSprigg

Online mikerj

  • Super Contributor
  • ***
  • Posts: 2811
  • Country: gb
Re: "Back-Doors" in most Software!
« Reply #3 on: June 02, 2021, 10:18:11 pm »
I'm reminded of a very old, but REAL example of internal banking fraud, where a programmer set something up to deduct just 1-Cent
from accounts, during all personal transactions made by all bank members, and placed them in the highest alphabetical named account
without actually having to code in that name. Was only found out, when some innocent person opened an account which was higher
alphabetically, and started getting money piled in!  Who would miss 1-Cent!  Coders can do anything really, but better checks are in place now.

That's the plot of Superman 3
 

Offline R-star

  • Newbie
  • Posts: 3
  • Country: us
Re: "Back-Doors" in most Software!
« Reply #4 on: June 08, 2021, 02:54:15 am »
These days, the backdoors are by law, everywhere.

Lets take VPN companies, these are not technically "backdoors", but they illustrate the situation better.
When you are shopping for VPN, many of them will promise to "keep no logs". This is a lie. All of them, in most of the world, will keep those logs and gladly relay them to the authorities in both cases, if you are a true predator and equally the same if you are simply a dissident ready to put a face on a major government figure who is a true predator and is involved in high crimes.
These companies are legally allowed to lie to us. Just the same as Cops.

Funny story, but once I was in a "hot" cafe. You know, where you buy coffee and the waitresses are all 20 yo cuties in their birth suits.
I was new in that particular one, and the girls didn't know me. So, two of the cuties sat down with me and tried to figure out if I am a cop being there to close the establishment or not. I tried to explain, that one may not prove that he is "not something". If I was a cop, I could show them my ID. But since I wasn't, there was nothing I could do, or show, well, at least while remaining a gentleman. So, they demanded me to swear I am not a cop. Lol. This got to teach you something about life! The girls believed the old street story designed for the stupid, that the cop may not lie if asked. Of course he can, it is his job. And the judge will laughter at you for believing that story.

Anyway, these VPN companies are instructed to lie to us. They are specifically excluded from prosecution if ever sued for this. 9 eyes, 14 eyes, look it up. More over, if authorities came to them and installed any additional equipment to record or filter their traffic, these companies are prevented from uttering a single word about it. By law. That's what we had the 9-11 for.

So, back to the backdoors. They are everywhere, by law.

Windows:
Why do you think you constantly receiving the "security updates"? These packages are the backdoor / surveillance components and patches. Some a new "holes" that need to be put to use, others are patches and fixes for the existing backdoors that have stopped working because people and software authors constantly change the playing field. This is precisely why these packages are not open source.

Motherboard:
Say you don't even use windows. It's OK. There are plenty of chips onboard, that provide backdoors, to the OS you are running, to your encrypted key storage, to sensors and surveillance units such as camera and microphone. It is on such a low level, that even the engineers that work with those chips refer to these software (firmware) components as "proprietary blobs" that are "simply there".
There is no way to disconnect or to switch off any of this. The companies that design these hardware components, are all required by law to do it on the "OK principle": If you ever get any choice it is between pressing the OK button or not pressing it, the result is the same. Most of the time, if you somehow omit the driver or otherwise make the surveillance component disabled, then the computer wont work at all, by design. The driver running these things is shared with some other important component, and you either get both working or none.

Echo, Alexa, IoT, Suri... nothing to explain here.

Take browsers. Same thing, why the incessant race to the new version? :) Of course, it is the security. It is all for your benefit.
This is why you have less and less choice about those updates. If you do not, the company will make sure you will quickly become incompatible and unable to use it. And how you become incompatible? They tell us it is because the new code doesn't support your old stuff. Yes, in some cases. But in absolute majority of cases, the resource will simple refuse to serve you properly based on your version, or there is more and more often a bit in the data that you receive, that you are flagged as incompatible, so your own software that used to work with the same data before, now will not, or will work purposefully slow.

An experiment. Build a computer, and completely break the updates. This is the one computer that will never ever be hacked into, for years and years, while many other online-updated-hourly would be compromised.

Same thing with phones. If you root and install a custom ROM (while you still be spied on thru backdoors), this will be the one phone never hacked, even though you are the root and your bootlocker is not checking the signatures. It is exactly opposite to what they try to make us to believe.

Single autonomous talented hackers simply won't be after you, and the government hacking departments are relying on their established tools and backdoors, and are nothing to do with talent, they can't really do anything with a custom combination, especially if you are way behind the times (this is why they urge us to always be up to date) - because youngsters hate old hardware and rather die than learn something from their father days. They'll have a thousand and one way to ghost remote into Windows 10 in a minute, yet, they will fail to even find a control panel in Windows 98 with a mouse in hand.

Apple is all a spyware by design and there is no question about it. You're not even allowed to check. You are encouraged to believe. From time to time they will publicly "refuse" to hand down the information or the access to someone's phone, while they have already done so behind the closed doors. But it makes us think that Apple must be more powerful than the government. Right.

Androids? Same issue, the proprietary blobs of code that no one knows exactly what it contains. The backdoors are on a low level too.
Google spies on you? True! This is the only reason they created all of their services. But, lets say, that you remove Google (de-googled it).
Lets say you have wiped it clean, rooted, never even installed anything google, and loaded up something like Lineage OS, which is an open source project. But those binary blobs on the one level above bare metal, those things will remain.
For instance, if you go to HTC website to get a S-OFF on your phone and obtain an ability to modify your system partition with persistent changes, it will still not apply that unlock to guess what, right, the radio. Because if it did, you could possibly load the radio version that does not cooperate with the government spoofed signal that lets them monitor everything you do by pretending to be a real commercial cell tower. Their excuse? Not that it is important, just hilarious: because if they unlocked the radio you could wrongly flash it and bootloop or brick your phone! HAHAHAHAHA! As if there is no way you could do that already? But just the principle, the idea suggested if offensive to anyone who thinks, - are we supposed to believe that they care about us? Give me a break!

Backdoors? Yeah.

Only one thing remains. Turn it off, remove all power sources (this is why they started to design phones with non-removable batteries, you think it is off, but it really isn't). So, once the power is removed, still, place the damn thing in a metal box. Now, it is dark for good. Mr Faraday took care of it.

And if you want to "properly" dispose of a phone, don't just throw it out of a car, like some movie star, you have to burn it hot enough to melt every chip inside. Smashing it with a hammer does nothing anymore. Terminator style, lol, I mean fe2o3 + al. Once it is gone liquid, it is gone for good.

If you need a burner, don't use your own phone, always someone else's and never twice, have your own dark when you do so, don't use any actual devices sold as "burners". Code your talk, so you never actually say what you want to convey, the other side must know the meaning. Burners are mostly tracked by the connections (calls) you make, they compile a database and calculate who everyone is. So, if you never use your phone and neither does your party, you are somewhat safe, as long as you don't repeat or start talking in a straight language.
 
The following users thanked this post: MrMobodies

Online TimFox

  • Super Contributor
  • ***
  • Posts: 3343
  • Country: us
  • Retired, now restoring antique test equipment
Re: "Back-Doors" in most Software!
« Reply #5 on: June 08, 2021, 03:03:36 am »
If I remember correctly, the old bank fraud did not deduct a penny;  rather, since there are rounding errors in fractional percentage transactions, the programmer re-directed the fractional cents to his account.  It added up.
 
The following users thanked this post: GlennSprigg

Offline Bassman59

  • Super Contributor
  • ***
  • Posts: 2084
  • Country: us
  • Yes, I do this for a living
Re: "Back-Doors" in most Software!
« Reply #6 on: June 08, 2021, 03:13:57 am »
If I remember correctly, the old bank fraud did not deduct a penny;  rather, since there are rounding errors in fractional percentage transactions, the programmer re-directed the fractional cents to his account.  It added up.

Uh, this was what the guys in "Office Space" did.
 

Offline CatalinaWOW

  • Super Contributor
  • ***
  • Posts: 4205
  • Country: us
Re: "Back-Doors" in most Software!
« Reply #7 on: June 08, 2021, 05:20:09 am »
If I remember correctly, the old bank fraud did not deduct a penny;  rather, since there are rounding errors in fractional percentage transactions, the programmer re-directed the fractional cents to his account.  It added up.

There are no rounding errors in properly coded financial transactions.  But there is lots of lazy code out there, and fortunately, most of the time the rounding errors add to approximately zero.  The idea of collecting the rounding errors and setting them aside (essentially putting a thumb on the scale and rounding down always) has occurred to many programmers and at least one has been caught.  Obviously we don't know how many have gotten away with it. 
 

Offline ejeffrey

  • Super Contributor
  • ***
  • Posts: 2610
  • Country: us
Re: "Back-Doors" in most Software!
« Reply #8 on: June 11, 2021, 04:58:16 pm »
If I remember correctly, the old bank fraud did not deduct a penny;  rather, since there are rounding errors in fractional percentage transactions, the programmer re-directed the fractional cents to his account.  It added up.

There are no rounding errors in properly coded financial transactions.  But there is lots of lazy code out there, and fortunately, most of the time the rounding errors add to approximately zero.  The idea of collecting the rounding errors and setting them aside (essentially putting a thumb on the scale and rounding down always) has occurred to many programmers and at least one has been caught.  Obviously we don't know how many have gotten away with it.

They aren't errors but their is certainly rounding.  If you pay 2.961% interest on a $15,215 loan and make monthly payments you will need rounding.  They key is that the rounding should be done in calculating the amount of the transaction which is then always in whole pennies (or whatever the smallest value is).  You never have a fractional penny balance so all of your calculations can be done with finite precision.
 

Offline CatalinaWOW

  • Super Contributor
  • ***
  • Posts: 4205
  • Country: us
Re: "Back-Doors" in most Software!
« Reply #9 on: June 11, 2021, 07:20:03 pm »
If I remember correctly, the old bank fraud did not deduct a penny;  rather, since there are rounding errors in fractional percentage transactions, the programmer re-directed the fractional cents to his account.  It added up.

There are no rounding errors in properly coded financial transactions.  But there is lots of lazy code out there, and fortunately, most of the time the rounding errors add to approximately zero.  The idea of collecting the rounding errors and setting them aside (essentially putting a thumb on the scale and rounding down always) has occurred to many programmers and at least one has been caught.  Obviously we don't know how many have gotten away with it.

They aren't errors but their is certainly rounding.  If you pay 2.961% interest on a $15,215 loan and make monthly payments you will need rounding.  They key is that the rounding should be done in calculating the amount of the transaction which is then always in whole pennies (or whatever the smallest value is).  You never have a fractional penny balance so all of your calculations can be done with finite precision.

I may not have said it properly, but we are in total agreement.  One place where many programs fail is in generating the final payment, which may require rounding up to achieve a zero balance.
 

Offline MrMobodies

  • Super Contributor
  • ***
  • Posts: 1082
  • Country: gb
Re: "Back-Doors" in most Software!
« Reply #10 on: June 11, 2021, 07:43:09 pm »
These days, the backdoors are by law, everywhere.

So, back to the backdoors. They are everywhere, by law.

Windows:
Why do you think you constantly receiving the "security updates"? These packages are the backdoor / surveillance components and patches. Some a new "holes" that need to be put to use, others are patches and fixes for the existing backdoors that have stopped working because people and software authors constantly change the playing field. This is precisely why these packages are not open source.

Take browsers. Same thing, why the incessant race to the new version? :) Of course, it is the security. It is all for your benefit.
This is why you have less and less choice about those updates. If you do not, the company will make sure you will quickly become incompatible and unable to use it. And how you become incompatible? They tell us it is because the new code doesn't support your old stuff. Yes, in some cases. But in absolute majority of cases, the resource will simple refuse to serve you properly based on your version, or there is more and more often a bit in the data that you receive, that you are flagged as incompatible, so your own software that used to work with the same data before, now will not, or will work purposefully slow.


I'd thought of the same thing years ago where I thought when the backdoors intentionally put in are discovered by many others they close it in an update and make another one.

I remember some acticles about governments try to sue companies locally or internationally over messaging services years ago I always assumed they were safe up to that point until they either gave up or the give in but then I believe they had many other ways they could track someone.

https://en.wikipedia.org/wiki/FBI%E2%80%93Apple_encryption_dispute

https://www.dailymail.co.uk/indiahome/indianews/article-2126277/No-secrets-Blackberry-Security-services-intercept-data-government-gets-way-messenger-service.html

I was told many years ago that the forwarding traffic on certain ISP'S including DOCSIS (Virginmedia) was replicated to other cables that go off to the GHCQ to monitor for criminal activity but mostly terrorism and I'd imagine they'd pretty much do the same thing with delisted mobile phone masts.

I found ways around the Windows 10 updates involving the removing it from the task schedulder (by creating empty folders with the same names and setting permission to deny for "system" account) in the registery but only for "Trustinstaller account" and setting in regedit, services uscore, type id from 32 to 16 so the startup type can be changed without the "access denies" or "incorrect parameter" message.

With the browsers, I just launch individual version to different profiles but it is for different reasons. The UI for me seems to become worse where the dimming crazy is hurting my eyes, joke: no wonder there is a dark mode and suggestions.

I think, Vivaldi this is good, but I think they track me too, someone has to make revenue somewhere?

On mobiles, I don't like the browsers at all that I have come across so far.
I find the behaviour spammy and horrible.
Firefox58 , Vivaldi 3?, Chrome:


Nowhere to turn off these "suggestions" and logos things off at the bottom dare click one by accident. Can't remove the stars in those bookmarked items, it will just take you to the site if I accidentally click one of them.  I think they are non removable for a purpose, they maybe sponsored and they get revenue for every time I accidentally click on of those things


Leaving the current page alone and allowing me to type in the url with no dimming overlays, suggestions or anything over the contents doesn't seem to be in their "vocabulary". I don't think I am in control over these mobiles browsers, I an believe they see that, they're not content with the tracking data they get and have spam me with annoying stuff involving their partners or sponsors. I think I'd just abandon the phone browsers for now.

I don't buy phones but a few were given to me and I rooted some already as one of them had this Microsoft Swiftkey thing, where I could uninstall or turn off the suggestions and spelling check that I don't need. I think it was some modified version of Microsoft Swiftkey (options were missing to disable stuff) that Sony put on and in the settings I see it mentioned about collects words I type and send it Microsoft which I was not happy about so I installed Lineage (some Android 11 release) which still does not pretty annoying UI stuff.

Also there was thing about the NSA secretly installing backdoors in Cisco gear. 

https://www.infoworld.com/article/2608141/snowden--the-nsa-planted-backdoors-in-cisco-products.html

Quote
TECH'S BOTTOM LINE
By Bill Snyder, InfoWorld | 15 MAY 2014 14:00 BST

Snowden: The NSA planted backdoors in Cisco products
'No Place to Hide,' the new book by Glenn Greenwald, says the NSA eavesdrops on 20 billion communications a day -- and planted bugs in Cisco equipment headed overseas


Much has been made of industrial espionage by China, and the U.S. government has repeatedly warned businesses not to trust technologies purchased from that country. Maybe the Chinese and other governments are the ones that should be issuing warnings.

"The NSA routinely receives -- or intercepts -- routers, servers, and other computer network devices being exported from the U.S. before they are delivered to the international customers," Greenwald writes. "The agency then implants backdoor surveillance tools, repackages the devices with a factory seal, and sends them on. The NSA thus gains access to entire networks and all their users."

Routers, switches, and servers made by Cisco are booby-trapped with surveillance equipment that intercepts traffic handled by those devices and copies it to the NSA's network, the book states. Greenwald notes that there is no evidence that Cisco or other companies were aware of the program.

"We've stated previously that Cisco does not work with any government to weaken our products for exploitation," a Cisco spokesman told the Wall Street Journal. "We would, of course, be deeply concerned with anything that could damage the integrity of our products or our customers' networks."

Apart from any concerns you might have about privacy, this kind of publicity is very bad for U.S. business. Why would you buy a product that handles sensitive corporate or government data if you thought the device was bugged?

Can't trust the Chinese, can't trust anybody and nowhere to hide but then I don't believe I have anything to hide.

Quote
.
When you are shopping for VPN, many of them will promise to "keep no logs". This is a lie. All of them, in most of the world, will keep those logs and gladly relay them to the authorities
These companies are legally allowed to lie to us. Just the same as Cops.

The VPN  thing, I bet in court that helps the prosecuters use the fact that the defence was using a VPN under the intent to do the things they were accused of doing under the belief they were not being watched.
« Last Edit: June 11, 2021, 08:44:22 pm by MrMobodies »
 

Offline RichC

  • Contributor
  • Posts: 14
  • Country: gb
Re: "Back-Doors" in most Software!
« Reply #11 on: June 12, 2021, 07:06:14 am »
Given GCHQ put a tap on the transatlantic data cables I think delisted phone masts are the least of your problems.
 
The following users thanked this post: MrMobodies

Online SiliconWizard

  • Super Contributor
  • ***
  • Posts: 7314
  • Country: fr
Re: "Back-Doors" in most Software!
« Reply #12 on: June 12, 2021, 05:37:15 pm »
Given GCHQ put a tap on the transatlantic data cables I think delisted phone masts are the least of your problems.

Yeah.
https://www.theguardian.com/uk/2013/jun/21/gchq-cables-secret-world-communications-nsa
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf