@0x40k well, #Microsoft to this day has a #Backdoor in the #CryptoAPI that remains unfixed to this day...

• And since Microsoft doesn't acknowledge the concept of #consent in #Windows (and doesn't even fake it!) and they are both #PRISM collaborators AND subject to #CloudAct, they #CantFix & #WontFix it!

@roman78 @admin @olifantenbaer angesichts der Lücken in #CryptoAPI inklusive #Backdoors ist das digitales #FlexTape bei durchgerrostetem Rohr...

• Hinzu kommt dass #WindowsUpdate entsprechende Einstellungen resetted.https://github.com/kkarhan/windows-ca-backdoor-fix

@gborn @MichaelD @Bundesligatrainer @Ihazchaos nein, eben nicht.

Dass #Windows10 [und besonders #Windows11] nicht #DSGVO- & #BDSG-konform sein können ist evidenzierte Tatsache und ich habe noch keine*n Anwält*in gesehen die etwas anderes behaupten und dafür im Zweifelsfalle auch die #Haftung übernehmen würden.

• Wohingegen ich mir sicher bin dass @SUSE & @ubuntu mir im Zweifelsfalle sogar ne #Versicherung der #Compliance ab Werk anbieten würden, was #Microsoft aufgrund von #CloudAct inhärent nicht kann!

• Außerdem verbietet sich das Procurement von Anbietern die in "illegaler Agententätigkeit" [u.a. #PRISM] involviert sind (!!!) schon aus oberflächlicher due diligence...

Von einfach ausnutzbaren #Govware - #Backdoors in der #CryptoAPI unter #Windows hab ich noch garnicht angefangen!

• TLDR: #Windows gehört in den #Müll und notfalls auf ne #airgapped Kiste bzw. #offline VM! Ich fass' den shice nicht an!!!

@puppygirlhornypost2 @navi yeah, but that's a common problem based off #TechIlliteracy and lack of proper explaination!

• Given the #CryptoAPI of #Windows is #backdoored for #Govware [#NSAKEY_ & #SSL-Updates I'd consider #BitLocker insecure and the least of it's problems!

Bonus points if #TPM bs prevents #DataRecovery.

• My biggest problem with #FDE/ #FullDiskEncryption is that is mandates direct access to a system to authenticate, thus one needs to manually mount stuff on servers post-boot instead.

@rysiek #Microsoft blaming the #EU for #CrowdStrike when the most affected customers are #Airlines from the #USA that don't eben service Airports in #Europe at all is the biggest insult to the intellect of everyone since they denied #_NSAKEY and their #CryptoAPI #backdoor:

https://github.com/kkarhan/windows-ca-backdoor-fix

@malwaretech thanks for adding another legendary #ITsec #fuckup by #Microsoft to the long list of *"#WontFix" #Exploits that prevent me from even touching #Windows at all...

If a literal #Govware #Backdoor in the #CryptoAPI wasn't worse enough already...

@bojkotiMalbona @diebarschlampe @lmorchard @vkc nodds in agreement

I hate the #GAFAM-driven #Enshittification and the #Microsoft tech stack.

• I can accept it when someone needs something specific, but every single time I asked people who claimed they need i.e. #Excel they refused to tell me what they use it for or what function they need #LibreOffice doesn't offer them.

I get hired and paid to prevent #LockIn effects and to enshure #ITsec is up to code, but that necessitates not surrendering to #PRISM-Collaborators and #Govware integrators...

• As shitty as #IBM & #RedHat are, #RHEL at least doesn't come with a #backdoored #CryptoAPI that they refuse to acknowledge or fix - unlike #Windows!https://github.com/kkarhan/windows-ca-backdoor-fix

@happygeek Morpheus Voice "What if I told you it *never*was safe to begin with?

Cuz #Microsoft not only is a #PRISM collaborator but also knowingly leaves #Govware #Backdoors open and refuses to fix known issues.

• Like the #CryptoAPI #backdoor that is > 11 years old now...

And the only "fix" isn't even persistent but easy to backroll by #WindowsUpdate or it's subsystem...

It doesn't even require elevated privilegues on the machine to exploit, just malformed / hijacked #DNS as Microsoft doesn't check it's #SSL #Certificate updates for #integrity or #signatures at all...

And if you think #BanJS is too radical then ask the people of @torproject why they banned #JavaScript in it...

• It think #JS is a 'net negative' to the world and deserves to be banned right after #Windows amd espechally #WindowsServer, because those are just vile #Govware that should be outlawed since #PRISM & #EthernalBlue and the #CryptoAPI #backdoor got public!

I mean, how long will y'all just accept being abused, lied and being gaslit by #Microsoft in specific amd #GAFAMs in general???

@GossiTheDog OFC there is - Microsoft still keeps their own #CryptoAPI #backdoored to this day...

Not shure if a fix even works anymore amd since I'm 100% #Windows-free I'd rather drink a bottle of vinegar or snort a line of soda than ever touching that cursed #Govware ever again in my life...

@md @bkastl außer es ist halt #Govware von #Microsoft wie #Windows...

Da ist das Betriebssystem unfixbar kaputt...

Egal ob #CryptoAPI oder #Recall oder #CensorBoot aka. "Secure Boot"...

Und die #CDU hat alle kompetenten Leute vergrault...

@chompie1337 I guess yu should just put it up on #GitHub and taunt #Microsoft with the communications unredacted and in full lenght as part of the documentation.

• After all, they can't he assed to fix the #CryptoAPI #backdoor since #WindowsXP anyway...

@Quinnypig the sheer fact that #Microsoft and #Windows11 ain't banned across the #EU to this day is an indictment to the #TechIlliteracy of politicans in the @EUCommission & @europarl_en despite

• #PRISM
• #GoldenKeyBoot (aka. #CensorBoot got owned!)
• #CryptoAPI #backdoors they refuse to acknowledge or fix at all!
• #CloudAct
• Unwillingness to comply with #GDPR out if the box

and now

• #Recall aka. the worst disguised #Govware / #Spyware in existance that allows anyone to simply extract credentials without the need to install a #Keylogger, #ScreenRecorder and/or commit #ProvilegueEscalatiom successfully at all...

And since @GossiTheDog managed to get it running on a system w/o "#AI" acceleration aka. "#NPU" it's safe to assume that it'll be perfectly possible to retroactively shove it down everyones' throats without recourse!

• Actually there are options for recourse besides "#ThoughtsAndPrayers" that regulators like @bsi would actually take this seriously:

Like: Stop using #Windows and get some help migrating away from it to a good #Linux distro!

@evacide I don't believe a single.sillable of that shite - not since they did even worse shite in the past, like backdooring the #CryptoAPI of #Windows...

@fradie_new wer so todeslost ist, der darf auch keine Webseiten nutzen die irgendeine #FLOSS'te #SSL-Bibliothek nutzt...

• Viel erfolg, denn effektiv nutzen alle #OpenSSL oder andere #OpenSource-lizensierten Varianten!

Wenn überhaupt ist #CCSS gämzlich zu misstrauen...
Vorallem in Sachen #Sicherheit...

• Siehe #Windows #CryptoAPI als #Govware-#Backdoor in Windows!

@arrrg I tend to disagee...

Shure you can make the argument towards #TechIlliterates that they don't know better, but it's our failure as #TechLiterates to not just #preach and #demand #RepairableTech, but oftentimes people don't follow up their demands with actual purchase decisions.

• OFC if one only has like $100 and they can only get an unrepairable & barely working shitPhone 4 SE from 2016 that's not to blame them, because #UseLonger & #ReUse is better than #Recycle or #BuyANewOne...

In #capitalism, the #users and #consumers do have #choices and they can decide to #unionize and collectively #refuse to buy or use garbage.

• The fact that #Microsoft is not being flooded with lawsuits for literally including #Govware #Backdoors in their #CryptoAPI - [not to mention their latest #Spyware named #Recall in their #Malware-OS called #Windows11 ] is inexcuseable leniency at best.

#WhatYouAllowIsWhatWillContinue applies to everything and this we need to demand and force change by all means necessary to do so.

• And that starts with choosing #RepairableDesign because every sold #Fairphone and every sold @frameworkcomputer / #FrameworkLaptop is a signal that #consumers and #businesses want #RightToRepair!

OFC please do go ahead and choose #UnauthorizedRepair to keep your gear up and running as long as feasible anyway - just like I'll not toss out my still working #X230Tablet for a #Framework13 unless I literally have no other choice...

@starfrost it is and it won't be deactivateabe or uninstallable.

Jist like the #Backdoor in the #CryptoAPI gets reenabled with every #WindowsUpdate!

https://github.com/kkarhan/windows-ca-backdoor-fix