this post was submitted on 17 May 2026
978 points (99.5% liked)

Technology

84783 readers
4887 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
978
A security researcher says Microsoft secretly built a backdoor into BitLocker, releases an exploit to prove it (www.techspot.com)
submitted 2 days ago by Itwasntme223@discuss.online to c/technology@lemmy.world
147 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] freeman@sh.itjust.works 1 points 7 hours ago (1 children)

Were they the developers of the ssh package? Microsoft is the developer of the vulnerable bitlocker package and the ones who chose to ship it.

I am employed, most employers are obviously not as corrupt as the biggest corporations on the planet, they simply can't afford to.

I agree we can't know. We can know for FOSS software. You are treating uknownable as being less than the known bugs in Foss software. That's dishonest, lad.

[–] Alaknar@sopuli.xyz 1 points 7 hours ago (1 children)

Microsoft is the developer of the vulnerable bitlocker package and the ones who chose to ship it.

... one guy claims.

Another possibility is that they have two separate builds fro BitLocker, and the one used in WinRE is vulnerable which they missed.

We don't have enough information to clearly state that they did this on purpose.

We can know for FOSS software. You are treating uknownable as being less than the known bugs in Foss software. That’s dishonest, lad.

Again, read up about the XZ Utils vulnerability. We technically can know, but we don't know, which was a statement by the guy responsible for package. It's not dishonest, it's a statement of fact.

[–] freeman@sh.itjust.works 1 points 6 hours ago (1 children)

If you actually read his github you would know that there is a different version of the responsible component between the recovery environment and an installation. Only the RE has the issue.

I've read the XZ vulnerability. The very same thing can happen in a closed source corporate project. There are many arrests of foreign intelligence agents that worked in big tech amd/government. It would of course be easier to cover up. As would vulnerabilities discovered by ai, since they can limit who can check their code.

[–] Alaknar@sopuli.xyz 1 points 4 hours ago

If you actually read his github you would know that there is a different version of the responsible component between the recovery environment and an installation. Only the RE has the issue.

I know. It was mentioned in the article. It's precisely why I said:

Another possibility is that they have two separate builds fro BitLocker, and the one used in WinRE is vulnerable which they missed.