Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
toad.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon server operated by David Troy, a tech pioneer and investigative journalist addressing threats to democracy. Thoughtful participation and discussion welcome.

Administered by:

Server stats:

332
active users

toad.social: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

#backdoor

3 posts3 participants2 posts today
Replied to cryptrz :opensource:
Public *
Kevin Karhan :verified:

@cryptrz add to that the fact that the #CryptoAPI is #backdoored and that said #backdoor can be triggered with a simple #HTTPS request in any #Browser [except #Firefox & #TorBrowser as they use #NSS instead!] (or #PowerShell's horrible wget implementation)...

And we have sufficient proof thaf #Windows is a #Govware that noone should use and that should be banned across the globe.

github.com/kkarhan/windows-ca-

Fixes a critical backdoor in Windows' CryptoAPI, which allows to unconsenting Update of CA Certificates in the background. See https://www.heise.de/ct/ausgabe/2013-17-Zweifelhafte-Updates-gefae...
GitHubGitHub - kkarhan/windows-ca-backdoor-fix: Fixes a critical backdoor in Windows' CryptoAPI, which allows to unconsenting Update of CA Certificates in the background. See https://www.heise.de/ct/ausgabe/2013-17-Zweifelhafte-Updates-gefaehrden-SSL-Verschluesselung-2317589.htmlFixes a critical backdoor in Windows' CryptoAPI, which allows to unconsenting Update of CA Certificates in the background. See https://www.heise.de/ct/ausgabe/2013-17-Zweifelhafte-Updates-gefae...
Public
cryptrz :opensource:

#Windows #RDP lets you log in using revoked passwords. #Microsoft is OK with that.

Researchers say the behavior amounts to a persistent #backdoor.

In response, Microsoft said the behavior is a “a design decision (...) As such, Microsoft said the behavior doesn’t meet the definition of a #security #vulnerability, and company engineers have no plans to change it.

arstechnica.com/security/2025/

RDP
Public
#cryptohagen

#Telegram founder and CEO Pavel Durov has taken a page out of #Signal book and says he'll pull the app out of France if officials demand an encryption #backdoor
t.me/durov/410 (on Telegram)

TelegramDu Rove's Channel😲 Last month, France nearly banned encryption. A law requiring messaging apps to implement a backdoor for police access to private messages was passed by the Senate. Luckily, it was shot down by the National Assembly. Yet 3 days ago the Paris Police Prefect advocated for it again. 🤦‍♂️ The members of the National Assembly were wise to reject a law that would have made France the first country in the world to strip its citizens of their right to privacy. Even countries that many Europeans view as lacking in freedoms have never banned encryption. Why? Because it’s technically impossible to guarantee that only the police can access a backdoor. Once introduced, a backdoor can be exploited by other parties — from foreign agents to hackers. As a result, the private messages of all law abiding citizens can get compromised. Aimed at preventing drug trafficking, the law wouldn’t have helped fight crime anyway. Even if mainstream encrypted apps had been weakened by a backdoor, criminals could still communicate securely…
Replied in thread
Public
Kevin Karhan :verified:

@adisonverlice it's not just re: #Governments (tho #Project2025 explicitly endorses unsactioned comms to twart attempts at #FIOA or any #accountability for that matter), but individuals or any organization:

And if #EncroChat got pwned, who's gonna guarantee @signalapp won't if it's actually secure or isn't an #InsideJob like #ANØM.

After all, both #Signal's Organization and key people like @Mer__edith are known to the authorities by more than just their legal name.

  • What's gonna prevent #Trump from doing a "bag&drag" on her or getting his goons to put a gun on,the developers' heads and force them to,#d0x all users and #backdoor everything (if they didn't already got forced to have some "#LafwulInterception" gear in a closet like #Room641A...

After all, Signal can't pull the 5th and refuse to comply!

Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”
Continued thread
Public
Nonilex

While NPR was unable to recover the code for that project, the name itself suggests that Wick could have been designing a #backdoor, or "Bdoor," to extract files from #NLRB's internal case management system, known as NxGen, acc/to several #cybersecurity experts who reviewed Berulis' conclusions.

…NxGen is an internal system that was designed specifically for the NLRB in-house, acc/to several of the engineers who created the tool….

#criminal#law#Trump
Public *
#cryptohagen

Apple has filed an appeal against a UK gov 🇬🇧 order to create a #backdoor in its cloud #encryption to help law enforcement investigations

After the hearing about a mandated back door happened behind closed doors, Apple very nearly immediately filed an appeal, with the backing of most of the world's governments, privacy advocates, and journalism organizations

That appeal has been heard, and at some point, the results of the hearing will be made clear
appleinsider.com/articles/25/0

AppleInsiderUK iCloud backdoor mandate hearing must be made public — eventually | AppleInsiderAfter a legal challenge by Apple, the hearing about blowing open Apple's iCloud encryption in the UK for the sake of national security won't be kept secret, but it's not clear when the details will be made public.
Public
OTX Bot

Lotus Blossom espionage group targets multiple industries with different versions of Sagerunex and hacking tools

The Lotus Blossom espionage group has been conducting cyber espionage campaigns targeting government, manufacturing, telecommunications, and media sectors in the Philippines, Vietnam, Hong Kong, and Taiwan. The group employs various versions of the Sagerunex backdoor, including new variants that use cloud services like Dropbox, Twitter, and Zimbra for command and control. Lotus Blossom utilizes multiple hacking tools and techniques to maintain long-term persistence in compromised networks. The attacks involve multi-stage operations, including reconnaissance, lateral movement, and data exfiltration. The group has been active since at least 2012 and continues to evolve its tactics and malware to evade detection.

Pulse ID: 67f038f22c3d7acc43c35cb7
Pulse Link: otx.alienvault.com/pulse/67f03
Pulse Author: AlienVault
Created: 2025-04-04 19:54:26

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#BackDoor#Cloud#CyberSecurity
ExploreLive feeds
About