@briankrebs That explains all the shite I've seen, incl. the #CryptoAPI #backdoor in #Windows itself...

https://github.com/kkarhan/windows-ca-backdoor-fix

@iX_Magazin #Windows ist inhärent unfixbar unsicher...

Siehe #CryptoAPI - #Backdoor!

@euroinfosec which doesn't matter when they literally #backdoor the #CryptoAPI and integrate #Govware like #Recall!

http://github.com/kkarhan/windows-ca-backdoor-fix

@marjolica @utf_7 @dashjackson @froge @arstechnica It'll impact any application that uses #Windows' #CryptoAPI and doesn't come with it's own #Encryption Library and #CertificateManagment.

• IDK if the "#Linux Subsystem for #Windows" (The real "#WindowsSubsystemForLinux" is #Wine!) may or may not be as #cursed as to just wrap said functions into the #CryptoAPI instead of doing it with the applications' dependencies.

Needless to say all #Chromium variants and #IE / #Edge are vulnerable to this #Backdoor which exists since at least #WindowsXP to this day!

• Thus consider said #OS inherently unsafe!

@GossiTheDog @signalapp it merely prevents #Screenshots by claiming it's #DRM'd content.

• It's a mere ask and #Microsoft could specifically close that #API and make it subject to contractual agreements (as they did with their #Antivirus API calls to disable #WindowsDefender!) if they decide this is against their wishes.

• It also doesn't prevent the #Keylogger nor works against the known #CryptoAPI #backdoor affecting all #Browsers (except #Firefox and @torproject / #TorBrowser) which can be triggered by a single #HTTPS request.

The correct solution for #Signal would be to alert all their users and specifically block #Windows in general or at least #Windows11 simply because it is a #Govware and empirically cannot be made private or secure.

But that would require them to actually give a shit, which thed don't, cuz otherwise they would've stopped demanding #PII like a #PhoneNumber and moved out of juristiction of #CloudAct.

• I mean, what's gonna prevent the #Trump-Regime from threatening @Mer__edith et. al. with lifetime in jail for not kicking the #ICC (or anyone else he and his fans dislike) from #Signal's infrastructure?

Since they are highly centralized.they certainly are capable to comply with "#Sanctions" (or whatever bs he'll claim!)...

@DeltaWye @kfh I'd say @torproject / #TorBrowser as it's #Firefox but without #tracking, #adware and #analytics!

But if you're using #Govware like #Windows, any #Browser that doesn't use the #backdoored #CryptoAPI (i.e. all #Chromium-Forks do use it!) is better...

• And yes, even the "fix" I released isn't propably permanent as any #WindowsUpdate can revert it!

@paco #Copilot & #Recall are the perfect #InfoStealer #malware combo!

• This makes the #CryptoAPI - #Backdoor look chill by comparison!

@0x40k well, #Microsoft to this day has a #Backdoor in the #CryptoAPI that remains unfixed to this day...

• And since Microsoft doesn't acknowledge the concept of #consent in #Windows (and doesn't even fake it!) and they are both #PRISM collaborators AND subject to #CloudAct, they #CantFix & #WontFix it!

@roman78 @admin @olifantenbaer angesichts der Lücken in #CryptoAPI inklusive #Backdoors ist das digitales #FlexTape bei durchgerrostetem Rohr...

• Hinzu kommt dass #WindowsUpdate entsprechende Einstellungen resetted.https://github.com/kkarhan/windows-ca-backdoor-fix