this post was submitted on 17 May 2026
792 points (99.4% liked)

Technology

84733 readers
4037 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
792
A security researcher says Microsoft secretly built a backdoor into BitLocker, releases an exploit to prove it (www.techspot.com)
submitted 22 hours ago by Itwasntme223@discuss.online to c/technology@lemmy.world
100 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Aceticon@lemmy.dbzer0.com 42 points 4 hours ago* (last edited 4 hours ago) (1 children)

If you're running Windows, always assume that if the US Authorities or Microsoft itself want to spy on you as an individual or on do a little industrial espionage on your company (which US agencies also do), they'll just use a backdoor already present or at worse push an update to your machines(s) to create said backdoor.

Treat any and all software made by US companies as a foreign agent.

All the shit that the US Government and companies say about China, is pure Projection - the result of a mental process of "what would we do if we were the ones making those devices". (And, yeah, China probably does that shit too)

If it ain't Open Source, you got it as a binary or can self-update that software is somebody else's agent and you're trusting their ethics and goodwill when you have it running in your system outside a sandbox.

[–] ShankShill@sh.itjust.works 6 points 3 hours ago (2 children)

I was pumped to finally get decent Internet in the US, until I saw my ISP's router appears as a device on the LAN. Luckily I'm savvy enough to put the whole local network behind a firewall on a different subnet, since there's no other way of fixing this.

[–] lightnsfw@reddthat.com 1 points 7 minutes ago

Same. My housemates called the ISP for support once when they couldn't wait literally 15 minutes for me to check out why their Internet was down (router just needed a restart) and the first thing out of the ISP dudes mouth was "with the way your network is configured I can't see anything on your side" (which yeah, that's the fucking point) he was in the middle of walking them through resetting the ISP router back to defaults when I arrived and put a stop to it. Why the fact that he was able to connect to their endpoint wasn't sufficient to indicate to them that the Internet connection was not the issue I do not know.

[–] jjlinux@lemmy.zip 7 points 2 hours ago* (last edited 2 hours ago) (2 children)

It's not just US ISPs, this is worldwide behavior. Good on you to put a firewall between your network and your ISP's gateway.

I don't know if you went further than that, but in my case, once I had my OPNSense deployed, I went ahead and disabled all the radios of the ISP's ONT gateway, changed it's DNS server to Mullvad, and only left 1 LAN IP address to the OPNSense.

If you are aware of more things that can be done to give the ISP modem even less room to move around inside, I would appreciate you sharing it as well.

I wish more people would take the time to learn a bit about securing their home networks. What I do is that I offer my knowledge for free to neighbors, friends and family. Some actually want it and act on it, but the sad truth is that the vast majority still has this 'I have nothing to hide' mentality, and I'm not explaining how much marketing BS that is to them for the 100th time.

[–] Hathaway@lemmy.zip 2 points 1 hour ago* (last edited 1 hour ago) (1 children)

As someone with a basic background in IT, nothing advanced, but enough to be the “family tech guy”, I just bought my router(mesh network) what can I do? Where do I start? I think I may have messed up with my brand choice, being EERO, as they seem to have things locked into their proprietary app. I was sorta desperate for a quick fix at the time, didn’t do the due diligence I should have.

Edit: preemptive thank you if you take the time to reply. As I am not “friends or family to you”. I do appreciate the expertise!

[–] oozynozh@sh.itjust.works 1 points 40 minutes ago

i'm sure that's a fine setup for the average home user but devices that use proprietary firmware like that aren't conducive to a security-first design where you hold all the keys. because it's designed to be secure, even from you, it always has an asterisk on it (network is secure* according to eero). that and you have no way of verifying what data it's phoning home (and a lot of devices soft brick themselves if you cut their connection to the cloud).

the most useful advice i can generally offer is to add a proper network security device running pfSense or OpenWRT to seize some control over internet access and DNS resolution and to implement VLAN segmentation to keep trusted devices secure from trusted* and untrusted devices.

[–] AlfredoJohn@sh.itjust.works 1 points 59 minutes ago

Just adding if you have any resources about how to go about this i would more than appreciate any nuggets you can share. I have a some networking background from college but its been about a decade since I used any of it so any help to point me in the right direction of hardening my network like this would be extremely appreciated. Thanks!