this post was submitted on 17 May 2026
980 points (99.4% liked)

Technology

84796 readers
4289 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
980
A security researcher says Microsoft secretly built a backdoor into BitLocker, releases an exploit to prove it (www.techspot.com)
submitted 2 days ago by Itwasntme223@discuss.online to c/technology@lemmy.world
148 comments fedilink hide all child comments
top 50 comments
sorted by: hot top controversial new old
[–] Mwa@thelemmy.club 42 points 1 day ago (1 children)

AFAIK Microsoft gave the keys for Bitlocker to goverments before,So Classic Microsoft.

[–] vandsjov@feddit.dk 11 points 1 day ago

That is true. When people have saved them to their Microsoft account, then Microsoft has access to them.

[–] Aceticon@lemmy.dbzer0.com 76 points 1 day ago* (last edited 1 day ago) (2 children)

If you're running Windows, always assume that if the US Authorities or Microsoft itself want to spy on you as an individual or on do a little industrial espionage on your company (which US agencies also do), they'll just use a backdoor already present or at worse push an update to your machines(s) to create said backdoor.

Treat any and all software made by US companies as a foreign agent.

All the shit that the US Government and companies say about China, is pure Projection - the result of a mental process of "what would we do if we were the ones making those devices". (And, yeah, China probably does that shit too)

If it ain't Open Source, you got it as a binary or it can self-update, that software is somebody else's agent and you're trusting their ethics and goodwill when you have it running in your system outside a sandbox.

[–] dread@lemmy.world 15 points 1 day ago

What's unfortunate is a significant number of people don't like hearing this and instead choose to project onto other countries. Most of our governments aren't our friends, regardless if you're American or not.

[–] ShankShill@sh.itjust.works 12 points 1 day ago (4 children)

I was pumped to finally get decent Internet in the US, until I saw my ISP's router appears as a device on the LAN. Luckily I'm savvy enough to put the whole local network behind a firewall on a different subnet, since there's no other way of fixing this.

[–] jjlinux@lemmy.zip 14 points 1 day ago* (last edited 1 day ago) (8 children)

It's not just US ISPs, this is worldwide behavior. Good on you to put a firewall between your network and your ISP's gateway.

I don't know if you went further than that, but in my case, once I had my OPNSense deployed, I went ahead and disabled all the radios of the ISP's ONT gateway, changed it's DNS server to Mullvad, and only left 1 LAN IP address to the OPNSense.

If you are aware of more things that can be done to give the ISP modem even less room to move around inside, I would appreciate you sharing it as well.

I wish more people would take the time to learn a bit about securing their home networks. What I do is that I offer my knowledge for free to neighbors, friends and family. Some actually want it and act on it, but the sad truth is that the vast majority still has this 'I have nothing to hide' mentality, and I'm not explaining how much marketing BS that is to them for the 100th time.

load more comments (8 replies)
load more comments (3 replies)
[–] jjlinux@lemmy.zip 54 points 1 day ago (2 children)

Microsoft is a malware developer, plain and simple.

[–] Itwasntme223@discuss.online 2 points 15 hours ago (1 children)

They assumed they could get away with anything cause they had so much of a marketshare, imo.

[–] jjlinux@lemmy.zip 2 points 12 hours ago

They all assume that, you're absolutely right. Its up to us to teach them how wrong they might be.

[–] Mwa@thelemmy.club 16 points 1 day ago

ig "Proprietary software is often malware" is kinda not a exaggeration.

[–] SabinStargem@lemmy.today 61 points 2 days ago (39 children)

Yet another reason to switch to Linux.

load more comments (39 replies)
[–] an0nym0us_dr0ne@europe.pub 29 points 1 day ago (1 children)

No Shit Sherlock. Not as if it would be required by US law to have a backdoor or anything…

No no, PatriotACT, CloudACT and stuff like PRISM just do not exist…

[–] Regrettable_incident@lemmy.world 9 points 1 day ago

Yeah, the NSA proved that when their exploits leaked. Eternal blue and I'm sure they have a much more stuff we can only guess at.

[–] melfie@lemmy.zip 70 points 2 days ago (1 children)

I guess anyone who uses ShitLocker is shit out of LUKS.

load more comments (1 replies)
[–] Deebster@infosec.pub 62 points 2 days ago (4 children)

This Chaotic Eclipse/Nightmare Eclipse is the same one whose opening post read:

I never wanted to reopen a blog and a new github account to drop code...

But someone violated our agreement and left me homeless with nothing. They knew this will happen and they still stabbed me in the back anyways, this is their decision not mine.

I'm guessing there's plenty more to come.

Kinda funny that they're targeting Microsoft and yet using GitHub to share the PoCs.

[–] raspberriesareyummy@lemmy.world 11 points 1 day ago

Kinda funny that they’re targeting Microsoft and yet using GitHub to share the PoCs.

This is the part I don't get either. Although - maybe it is because it protects other platforms from legal action by microSLOP? Also, it adds to the Streisand effect should microSLOP remove the proof of concept from its own platform.

load more comments (3 replies)
[–] Miller@lemmy.world 188 points 2 days ago (2 children)

You mean that thing everyone knew about since the authorities derailed open-source TrueCrypt and forced them to message their users that they should migrate to BitLocker?

[–] WesternInfidels@feddit.online 103 points 2 days ago* (last edited 2 days ago) (5 children)

There's an open-source successor to TrueCrypt called VeraCrypt. For that matter, as far as I know, one can still download the last version of TrueCrypt. It hasn't been disappeared.

It's true that the TrueCrypt developers retired and said that commercial packages like BitLocker were finally good enough and available enough that they didn't feel compelled to maintain TrueCrypt. I remember that. I think it's plausible that Microsoft has (or has provided to someone) back-door access to BitLocker, but I don't remember any hint that the TrueCrypt developers had been coerced; have you got something you can link to?

load more comments (5 replies)
load more comments (1 replies)
[–] DeathsEmbrace@lemmy.world 100 points 2 days ago (1 children)

The entire Microsoft, Apple and Google ecosystem is USA backdoors. That's why I call it American spyware.

[–] 1984@lemmy.today 15 points 1 day ago (1 children)

And they tell us to worry about China. :)

[–] msage@programming.dev 12 points 1 day ago

It's called misdirection, every magician and thief knows about it :D

[–] Dalraz@lemmy.ca 111 points 2 days ago (10 children)

Seems like every week there is another reason why I'm thankful I switched to Linux a few years ago.

load more comments (10 replies)
[–] Cantaloupe@lemmy.fedioasis.cc 26 points 2 days ago

Yeah, Copy Fail, Dirty Frag and Fragnesia are bad but holy fuck.

[–] hperrin@lemmy.ca 52 points 2 days ago (2 children)

Of course they did. They have no interest in protecting your privacy and every interest in making you think they do. I would’ve been way more surprised to learn there wasn’t a backdoor.

load more comments (2 replies)
[–] sturmblast@lemmy.world 31 points 2 days ago (1 children)

Bitlocker is TEMU encryption

[–] muusemuuse@sh.itjust.works 27 points 2 days ago (1 children)

It really isn’t. The encryption itself still hasn’t been defeated. The implementation is the problem. Microsoft just can’t get out of their own way. If they ignored all the business majors, nobody would be able to stop them.

load more comments (1 replies)
[–] lechekaflan@lemmy.world 30 points 2 days ago

Install Linux, Problem Solved.

More than ever.

[–] Carmakazi@piefed.social 87 points 2 days ago

Tech megacorps are the fifth estate of their home countries, trusting your data to Microsoft or Google is essentially the same as handing it directly to the FBI and CIA.

[–] bitteroldcoot@piefed.social 75 points 2 days ago (8 children)

Good.

We always knew it was there. They sold their soul to the NSA decades ago.

https://www.smithsonianmag.com/smart-news/how-the-nsa-stopped-trying-to-prevent-the-spread-of-encryption-and-decided-to-just-break-it-instead-4569969/

load more comments (8 replies)
load more comments
view more: next ›