Untrustworthy Computing.

Story: NSA helps 'securing' Windows VistaTotal Replies: 6
Author Content
salparadise

Jan 11, 2007
5:56 AM EDT
So the National Spying Association (oops) spent time with its fingers inside Vista?

And this is supposed to make me feel safer?

DarrenR114

Jan 11, 2007
6:05 AM EDT
Quoting: So the National Spying Association (oops) spent time with its fingers inside Vista?

And this is supposed to make me feel safer?
Gotta make sure those backdoor password keys aren't labeled so obvious somehow, you know. Look at the uproar over the last time they were openly named with "NSA" and "KEY".
number6x

Jan 11, 2007
6:41 AM EDT
They gave us SE Linux last decade.

That was nice.
henke54

Jan 11, 2007
6:44 AM EDT
http://ubuntuforums.org/showthread.php?t=328393 http://news.com.com/2100-1001-255541.html
Bob_Robertson

Jan 11, 2007
7:11 AM EDT
Ah, but SE Linux was open for all to see. This is closed, and indeed there has been a pattern of leaving fingerprints on dirty little secrets in closed source code.

number6x

Jan 11, 2007
7:13 AM EDT
Many government agencies have been using Linux since the mid nineties.

The National Laboratories, Like Fermi, Sandia, Los Alamos, etc were among the earliest adopters. The varied scientific research at these labs often demanded optimizations and customizations to software that would have been cost or time prohibitive with proprietary software. It would be impossible with off-the-shelf proprietary stuff.

The NSA also uses software extensively. They are also charged with helping to secure the nation's infrastructure, and software is becoming a part of that infrastructure. http://www.nsa.gov/selinux/info/faq.cfm

Fermi Lab took Red Hat and customized their own internal distro. This started being used at labs and universities around the world and grew into Fermi Linux: http://www-oss.fnal.gov/projects/fermilinux/

Fermi Linux led to Scientific Linux: http://www.scientificlinux.org/

The NSA FAQ does not say so, but my guess is that the fact that many of The USA's national labs, and probably many of its defense researchers were using Red Hat and Red Hat based distros, led to an SE Linux that was most compatible with Red Hat, with the least tweaking.

Red Hat was one of the first large distros to incorporate SE Linux in its code. Now many have support (see the Ubuntu link in the post above)

SE Linux is a strange beast, but once you get used to the rules it is nice to have. I remember many hours spent adapting the Bastille hardening scripts for whatever flavor of Linux a client wanted to run in the past.

(I always forget to change the rule on checking the MBR on my multi-boot machines, and usually have a distro or two bark at me when I install something and overwrite the MBR.)
swbrown

Jan 11, 2007
10:53 AM EDT
We're:

1) Using the NSA's SELinux.

2) Using the NSA's official encryption algorithm (AES).

3) Using the NSA's official hash algorithms (SHA1/2).

The software might be Open Source and reviewable, but what about the hardware that runs it? Imagine this:

The AES algorithm could be chosen specifically because it's easy to detect it running by Intel and AMD in the processor - an invariant signature when compiled. The NSA publishing compilable reference code could further this - they could assume everyone's using the reference code and test what is produced by various compilers to know its signature. So Intel and AMD could capture the key going into an AES routine without you knowing. Now, just have them tack the 256 bit key to the next disk write and have the disk append it in the invisible, untouchable extra storage used to replace bad blocks, and/or have the on-board ethernet report it in some way you'd not be able to really notice (like slightly regulating the time between packets) and presto, you're bugged, even if the software looks 100% clean.

As the author of 'wipe' says, "People should better think of their computing devices as facilities lended by the DHS."

[1] http://security.nnov.ru/docs1116.html

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!