Linked by Thom Holwerda on Tue 9th Jan 2007 20:56 UTC, submitted by John Mills
Windows When Microsoft introduces its long-awaited Windows Vista operating system this month, it will have an unlikely partner to thank for making its flagship product safe and secure for millions of computer users across the world: the National Security Agency. For the first time, the giant software maker is acknowledging the help of the secretive agency, better known for eavesdropping on foreign officials and, more recently, U.S. citizens as part of the Bush administration's effort to combat terrorism. The agency said it has helped in the development of the security of Microsoft's new operating system to protect it from worms, Trojan horses and other insidious computer attackers.
Order by: Score:
Now...
by orestes on Tue 9th Jan 2007 21:09 UTC
orestes
Member since:
2005-07-06

If only they could find a way to prevent users from doing stupid things, say... disabling half the new security measures because they find them annoying.

Reply Score: 3

A good thing?
by starnix on Tue 9th Jan 2007 21:09 UTC
starnix
Member since:
2006-05-12

How the f--k is this a good thing?

Reply Score: 5

Windows Nicknames
by starnix on Tue 9th Jan 2007 21:13 UTC
starnix
Member since:
2006-05-12

Windows XP = WinXP
Windows 2000 = Win2k
Windows Vista = Backdoor Betty

Reply Score: 5

backdoor
by raxrat on Tue 9th Jan 2007 21:15 UTC
raxrat
Member since:
2006-01-05

What I take from that is backdoor access to Windows Vista computers by the NSA, "better known for eavesdropping on foreign officials and, more recently, U.S. citizens as part of the Bush administration's effort to combat terrorism." Enjoy!

Reply Score: 5

RE: backdoor
by n4cer on Tue 9th Jan 2007 21:26 UTC in reply to "backdoor"
n4cer Member since:
2005-07-06

So that must mean that there are also backdoors in every Linux distro that uses the SELinux enhancements, right? Or MacOS X and Suse since both Apple and Novell were also mentioned in the article.

Reply Score: 1

RE[2]: backdoor
by linux-it on Tue 9th Jan 2007 21:36 UTC in reply to "RE: backdoor"
linux-it Member since:
2006-07-13

for selinux: it's open source, so you can check out yourself.

apparmor -- not clear to me if it's open source.
there are at least a few src rpm's available.

Edited 2007-01-09 21:38

Reply Score: 5

RE[3]: backdoor
by n4cer on Tue 9th Jan 2007 22:08 UTC in reply to "RE[2]: backdoor"
n4cer Member since:
2005-07-06

for selinux: it's open source, so you can check out yourself.

apparmor -- not clear to me if it's open source.
there are at least a few src rpm's available.


And for Vista (and other versions of Windows), there are large numbers of outside parties with access to its source.

There's still the issue of whether anyone checks the source closely enough and/or with the mindset to find a beckdoor, and it still leaves MacOS and and mixed-source Linux or other OSes in question.

Reply Score: 1

RE[4]: backdoor
by segedunum on Tue 9th Jan 2007 22:28 UTC in reply to "RE[3]: backdoor"
segedunum Member since:
2005-07-06

And for Vista (and other versions of Windows), there are large numbers of outside parties with access to its source.

Doesn't mean a thing. They can't do anything with that source, can't work out exactly what it does and certainly can't compile, or recompile, it into anything useful to confirm any suspicions, theories or fixes.

There's still the issue of whether anyone checks the source closely enough and/or with the mindset to find a beckdoor

It happens every single day in the open source world, and they can do it not just because they have the source, but that they can do things with it.

and it still leaves MacOS and and mixed-source Linux or other OSes in question.

You missed one out there. Windows.

Reply Score: 4

RE[5]: backdoor
by n4cer on Tue 9th Jan 2007 23:17 UTC in reply to "RE[4]: backdoor"
n4cer Member since:
2005-07-06

Doesn't mean a thing. They can't do anything with that source, can't work out exactly what it does and certainly can't compile, or recompile, it into anything useful to confirm any suspicions, theories or fixes.

It depends on their license. Some organizations have this right. They just can't distribute it.

It happens every single day in the open source world, and they can do it not just because they have the source, but that they can do things with it.


There's a difference between using code to develop new solutions with it and actually reviewing the code for malicious intent.

You missed one out there. Windows.

I didn't miss it. As I said, plenty of outsiders have source access. You think China and the UK haven't looked at the code for US backdoors? The chatter around the WMF exploit and BitLocker were proof of people just itching to claim they've found a backdoor in Windows.

Reply Score: 2

RE[2]: backdoor
by segedunum on Tue 9th Jan 2007 22:25 UTC in reply to "RE: backdoor"
segedunum Member since:
2005-07-06

So that must mean that there are also backdoors in every Linux distro that uses the SELinux enhancements, right?

You simply cannot understand, can you?

A Linux distribution, and SELinux, is open sourced with its code on the table. There can't be backdoors. In proprietary software, who knows?

Reply Score: 5

RE[3]: backdoor
by n4cer on Tue 9th Jan 2007 23:07 UTC in reply to "RE[2]: backdoor"
n4cer Member since:
2005-07-06

You simply cannot understand, can you?
A Linux distribution, and SELinux, is open sourced with its code on the table. There can't be backdoors. In proprietary software, who knows?


Never heard of hiding in plain view?
If no one actually checks for backdoors in the code, the availability of the source means nothing.

Reply Score: 1

RE[4]: backdoor
by Robert Escue on Tue 9th Jan 2007 23:49 UTC in reply to "RE[3]: backdoor"
Robert Escue Member since:
2005-07-08
RE[4]: backdoor
by hal2k1 on Wed 10th Jan 2007 01:28 UTC in reply to "RE[3]: backdoor"
hal2k1 Member since:
2005-11-11

//Never heard of hiding in plain view? //

There actually was one attempt made to put a backdoor in open source code. It was in the C compiler, I believe. It never got past review.

//If no one actually checks for backdoors in the code, the availability of the source means nothing.//

Not quite true. If the code is open source, people (other than the author) are able to include it, or not, at their whim. For closed-source Vista, you have no choice, you have to have whatever the vendor of the software puts in it, even if significant parts of the code's functionality are likely to be not in your best interest *cough* DRM *cough* WGA *cough* NSA backdoors.

Now relate all this to the specific case of Linux. Thousands of people every day do indeed check for backdoors and other code not in the best interests of the end user. It is called a meritocracy. So your comment does not apply to Linux at all, as there are people who actively audit it, check it and test it.

Windows fans just don't seem to get these open-source concepts such as: freedom, meritocracy, co-operative, collaboration and openness. They just don't seem to grok them at all.

Hey, n4cer, perhaps if you tried to put an "end user" hat on, and looked at things from an end-users viewpoint (ie, the owner of the machine on which the software is to run), and then read and thought about something like this:
http://fsfeurope.org/documents/rms-fs-2006-03-09.en.html

... then the sense of those words might actually begin to filter through to you.

I can but live in hope.

Edited 2007-01-10 01:42

Reply Score: 5

RE[5]: backdoor
by hal2k1 on Wed 10th Jan 2007 02:01 UTC in reply to "RE[4]: backdoor"
hal2k1 Member since:
2005-11-11

{{ //Never heard of hiding in plain view? //

There actually was one attempt made to put a backdoor in open source code. It was in the C compiler, I believe. It never got past review. }}

Actually, this appears to have happened more times than I thought.

http://www.securityfocus.com/news/7388

A story about a discussion of "ease of hiding backdoors" in open source, and its implications in respect of security applications of open source code, can be found here:
http://blogs.windriver.com/parkinson/open_source/index.html

Reply Score: 4

RE[5]: backdoor
by n4cer on Wed 10th Jan 2007 02:45 UTC in reply to "RE[4]: backdoor"
n4cer Member since:
2005-07-06

Not quite true. If the code is open source, people (other than the author) are able to include it, or not, at their whim.

I was talking specifically about its worth in the context of security, i.e., if you don't check it for backdoors, the mere fact that it's open is not an assurance that the code is clean.

Windows fans just don't seem to get these open-source concepts such as: freedom, meritocracy, co-operative, collaboration and openness. They just don't seem to grok them at all.

I get it just fine. Open source software doesn't begin and end with Linux. There's plenty available in the Windows world as well, some of it available on both platforms. Windows is not the only OS I've used. It is the one I prefer to use.

Hey, n4cer, perhaps if you tried to put an "end user" hat on, and looked at things from an end-users viewpoint (ie, the owner of the machine on which the software is to run), and then read and thought about something like this:

Thanks, but I'd prefer to skip the RMS/FSF skreed. It's repeated here daily. If I want freedom, I'll use BSD (the license -- I'll try any OS). As a dev and a user, I currently have more freedom using Windows than what I'd have if the FSF had their way.

Edited 2007-01-10 02:55

Reply Score: 3

RE[6]: backdoor
by hal2k1 on Wed 10th Jan 2007 03:24 UTC in reply to "RE[5]: backdoor"
hal2k1 Member since:
2005-11-11

//I was talking specifically about its worth in the context of security, i.e., if you don't check it for backdoors, the mere fact that it's open is not an assurance that the code is clean.//

True enough, but my point was that this comment doesn't apply to Linux, because Linux is checked for backdoors.

//I get it just fine. ... Windows is not the only OS I've used. It is the one I prefer to use.//

You prefer to use the unsecure, known malware vulnerable, known spyware, know rights-removing, closed_so_it_cannot_be_audited, known attempts to lock you in and expensive OS? The one with known timebombs in it, that could trigger and make it stop working for you? The one where you could get audited for using? WTF?

//Thanks, but I'd prefer to skip the RMS/FSF skreed. It's repeated here daily. If I want freedom, I'll use BSD (the license -- I'll try any OS). //

There isn't anything wrong with BSD, but it doesn't have the momentum behind it that Linux does. Linux works on far more hardware than BSD does, Linux has far more drivers, and there is far more help available online for Linux.

//As a dev and a user, I currently have more freedom using Windows than what I'd have if the FSF had their way.//

That is pure crazy talk. You think you are more free using the very one that removes your rights and does everything it can to lock you in? Are you sure that you know what is best for you when looking at this as an end user?

Sheesh! I did say that Windows fans just don't understand freedom, meritocracy, co-operative, collaboration and openness ... I just never expected to be proven correct on that so quickly and so conclusively.

Edited 2007-01-10 03:26

Reply Score: 5

RE[7]: backdoor
by n4cer on Wed 10th Jan 2007 04:25 UTC in reply to "RE[6]: backdoor"
n4cer Member since:
2005-07-06

You prefer to use the unsecure, known malware vulnerable, known spyware, know rights-removing, closed_so_it_cannot_be_audited, known attempts to lock you in and expensive OS? The one with known timebombs in it, that could trigger and make it stop working for you? The one where you could get audited for using? WTF?

You know as well as I do that that's overblown, all OSes have security issues, and, if you use common sense, you can avoid those issues. I've never had any of my systems compromised. I've never been locked out of my OS, and you're only subject to audits if you're a volume customer.

There isn't anything wrong with BSD, but it doesn't have the momentum behind it that Linux does. Linux works on far more hardware than BSD does, Linux has far more drivers, and there is far more help available online for Linux.

Yeah, help usually amounting to RTFM ;-).
Seriously though, you have your preference I have mine. Please just be satisfied that, yes, people actually choose Windows or (insert your proprietary or non-GPL OS here).

That is pure crazy talk. You think you are more free using the very one that removes your rights and does everything it can to lock you in? Are you sure that you know what is best for you when looking at this as an end user?

I don't see Microsoft telling me what software I can and can't use on Windows, but there are fights about this WRT Linux frequently. I'm not locked in. I have more rights in many cases. If I feel like moving, I can freely do so. I choose not to, and I choose to take advantage of the services Windows provides. It's crazy talk to not simply respect my decision to use a particular platform whether or not it fits your preference.

Sheesh! I did say that Windows fans just don't understand freedom, meritocracy, co-operative, collaboration and openness ... I just never expected to be proven correct on that so quickly and so conclusively.

As I said before, I understand it well. I just don't confuse it with religion.

Reply Score: 1

RE[6]: backdoor
by archiesteel on Wed 10th Jan 2007 04:02 UTC in reply to "RE[5]: backdoor"
archiesteel Member since:
2005-07-02

I was talking specifically about its worth in the context of security, i.e., if you don't check it for backdoors, the mere fact that it's open is not an assurance that the code is clean.

However, the risk of getting caught (and therefore losing all credibility as a programmer for open-source projects) will discourage most from trying.

You can bet there are enough paranoid hackers out there that have checked and double-checked all of the SELinux code to make sure there's no backdoor...

Thanks, but I'd prefer to skip the RMS/FSF skreed.

So if you're pro-end user, you subscribe to the RMS/FSF creed? ("Skreed" is not a real word, btw.) Or do you think that it is impossible for RMS to make a good point?

As a dev and a user, I currently have more freedom using Windows than what I'd have if the FSF had their way.

No, you don't. The FSF has never advocated outlawing closed-source software, so even they "had their way" you could still use whatever you wanted. Using strawmen arguments such as these completely ruins your credibility.

They already have their way, which is to try to convince people to use FOSS for its merits, both technical and philosophical.

Now, if MS and Hollywood had *their* way, however, FOSS would be illegal. Yup, n4cer, in case you hadn't noticed, you're cheerleading for those who seek to prevent what people can do with the equipment that is theirs, and who wish to curtail their Fair Use rights.

Reply Score: 4

RE[7]: backdoor
by n4cer on Wed 10th Jan 2007 04:42 UTC in reply to "RE[6]: backdoor"
n4cer Member since:
2005-07-06

However, the risk of getting caught (and therefore losing all credibility as a programmer for open-source projects) will discourage most from trying.

Do you really think someone with such malicious intent is really concerned with their rep with the people they intend to attack?

So if you're pro-end user, you subscribe to the RMS/FSF creed? ("Skreed" is not a real word, btw.) Or do you think that it is impossible for RMS to make a good point?

I don't think he's incapable of making a good point. I just disagree with a lot of his rhetoric. The GPL is controlled freedom, i.e., you're free to pick among the choices they provide you but never step outside of the box. Do you believe it's impossible to disagree with him?

No, you don't. The FSF has never advocated outlawing closed-source software, so even they "had their way" you could still use whatever you wanted. Using strawmen arguments such as these completely ruins your credibility.

You could use what you want in the way they want you to use it. That's not true freedom as they proclaim it to be. BTW, you must've missed their anti-Vista campaign. If they really had no problem w/ proprietary software, they'd be content to just promote their wares.

They already have their way, which is to try to convince people to use FOSS for its merits, both technical and philosophical.

And FUD-filled. I guess that falls under philosophical. ;-)

Now, if MS and Hollywood had *their* way, however, FOSS would be illegal. Yup, n4cer, in case you hadn't noticed, you're cheerleading for those who seek to prevent what people can do with the equipment that is theirs, and who wish to curtail their Fair Use rights.

And you're cheerleading for those who would seek to bring all software development under their control whether or not users and developers actually want to be. Under your definition of Fair Use, I'd be able to take some GPL code and proprietarize it just because I felt like it.

Reply Score: 0

RE[4]: backdoor
by looncraz on Wed 10th Jan 2007 06:16 UTC in reply to "RE[3]: backdoor"
looncraz Member since:
2005-07-24

Given the open source model, someone was/is in charge of every little piece of the system. Each piece is usually designed with a particular purpose.

In addition, those projects are often scrutinized or rewritten even, by other developers seeking to find their contribution to the movement.

In this manner, given all openly developed software on a system, the potential for the operating system itself to have a back-hole is nearly completely diminished.

This is not to say that there may not be one or two intentional exploits that may provide some access, but eventually someone will point out the 'security flaw' and it will have to be fixed to keep appearances, if nothing else.

I must agree though, that given a non-living source set, open-source itself would not provide the same confidence of safety.

That is, if Windows were open-sourced today, and contained hundreds or maybe even just a few back doors, it wouldn't matter unless they were searched for, found, and removed. Because, after all, without removal, it is, naturally, still there.

--The loon

Reply Score: 1

RE[2]: backdoor
by unoengborg on Wed 10th Jan 2007 00:39 UTC in reply to "RE: backdoor"
unoengborg Member since:
2005-07-06

So that must mean that there are also backdoors in every Linux distro that uses the SELinux enhancements, right? Or MacOS X and Suse since both Apple and Novell were also mentioned in the article.

If there are any backdoors in SELinux, they would be a lot harder to hide, as SELinux is open source, and much development is going on outside of NSA and also outside the US.

In reality the problem is not about who developed the security system, but if it is open for all to see.

NSA or perhaps similar agencies from other countries can easily pay and/or coerce somebody at a closed source, company such as Microsoft, to enter whatever backdoors they want. In an open source product it will be a lot harder to isolate the people who is going to discover it.

Sure, many governments will have access to the source code, but that really doesn't make them much safer. How many of them will actually distribute windows from sources they have compiled themselves. If they don't how will they know that the DVD they insall from actually is the result of a compile from the source they have reviewed.

Even if they did, that wouldn't necessarily be enough as Microsoft DRM technology also depend on hardware. If you have the budget of NSA or their likes in many other countries, there is nothing that prevents you from setting up a factory that creates and distributes DRM chips, that together with some minor hard to catch flaw in the software opens the backdoor.

With Linux/SELinux a government or somebody else who values security could create their own secure distro based on whats available as open source.

Reply Score: 5

RE[3]: backdoor
by h3rman on Wed 10th Jan 2007 01:03 UTC in reply to "RE[2]: backdoor"
h3rman Member since:
2006-08-09

>>So that must mean that there are also backdoors in every Linux distro that uses the SELinux enhancements, right? Or MacOS X and Suse since both Apple and Novell were also mentioned in the article.

>If there are any backdoors in SELinux, they would be a lot harder to hide, as SELinux is open source, and much development is going on outside of NSA and also outside the US.


+1.
However, this still means FLOSS people have to inspect every line of code carefully. I do have some confidence when even Debian is adding SELinux to its distribution, but since 9/11 and all the red flags, the patsies, the war games, the coverup and the brainwashing that's been going on, it is actually very hard* to trust anything that comes out of US intelligence.

I will now actively try to (mildly, of course) advise people against using Microsoft Windows Vista.
It is very telling that US intelligence and military themselves do not use Microsoft Windows for their own (critical) computers, but Unices, among which, open source Unices. (!)

*read: stupid

Reply Score: 5

RE[4]: backdoor
by Robert Escue on Wed 10th Jan 2007 01:26 UTC in reply to "RE[3]: backdoor"
Robert Escue Member since:
2005-07-08

Are you absolutely sure about the US military not using Windows for critical computers? As a Government Contractor that works for a large Joint Command, and a retired Navy man (15 years of working for Naval Intelligence) I can tell you that the military uses Windows in all environments, including Top Secret. Yes, UNIX and Linux are used, but not to the degree a lot of people think they are. The prime contractor for the command I work for is a one-trick pony, they only know Microsoft products.

There are a lot of Windows fans in Government (not limited to the military)and this is despite the security history of Microsoft products.

Reply Score: 4

RE[5]: backdoor
by looncraz on Wed 10th Jan 2007 06:34 UTC in reply to "RE[4]: backdoor"
looncraz Member since:
2005-07-24

The government had little choice. It was believed they needed to run the software the people did because, well, many reasons that are all mostly valid, but on bad premises ( one company, one product, rather than many company, many products, few standard sets ).

Microsoft controls the government now, on the user-interaction side of things, and likely on much of the more critical items simply because the workers ONLY know Microsoft products. Since that is what was always taught to them, of course.

However, in a Smart Computing magazine from a while back was described ( and pictured ) a basic security model implementation for secure crisis centers using a Linux-powered server to provide security and NAT translation for a large number of Windows-powered Laptops which would be brought out of a secured location in time of need and connected to the Linux box, which could remain at the location because of its low value, and universal software.

I would imagine the government uses a large variety of OSes, most likely most completely built from the ground-up. The computers that run those, rather specialized. However, most generic computing tasks would likely be performed ( at the user-interaction level only ) on Windows PCs for familiarity purposes.

Bit of a mess, really.

--The loon

Reply Score: 1

RE[6]: backdoor
by Robert Escue on Wed 10th Jan 2007 13:16 UTC in reply to "RE[5]: backdoor"
Robert Escue Member since:
2005-07-08

Actually, they had a number of choices available to them. In the mid-1990's I started to see the transition to Microsoft products, it was first the word processor. The standard within the US Navy was WordPerfect, then around 1993 it was ordered that Word would be the standard, I remember having a fit once I heard that because Word at time sucked (it still does).

Then came the transition to Windows NT as a server OS, replacing SunOS, Solaris, DEC Unix, SCO Unix, Novell NetWare and in one case OS/390. It was not for technical merit (unless you consider the "security features" that were taken almost word for word from the defunct TCSEC), it was primarily driven by cost. It was cheaper to deploy a PC using Windows than it was to deploy a SPARC running Solaris and WABI so that the Solaris user could use Office on the SPARC.

I could go on and on but the point is the US Government bought what Microsoft was selling hook, line and sinker. And we have been dealing with the fallout of that decision ever since.

Reply Score: 3

RE[2]: backdoor
by raxrat on Wed 10th Jan 2007 01:05 UTC in reply to "RE: backdoor"
raxrat Member since:
2006-01-05

"So that must mean that there are also backdoors in every Linux distro that uses the SELinux enhancements, right? Or MacOS X and Suse since both Apple and Novell were also mentioned in the article."


Come on, you really think the terrorist's budget is large enough to afford Apple hardware? $400 Dell w/ Windows is more likely. Besides, the marketshare numbers you guys are always pushing on us would suggest that if you have access to Windows, you can spy on like 90+% of the computers out there.

Reply Score: 2

RE: backdoor
by Coxy on Wed 10th Jan 2007 07:15 UTC in reply to "backdoor"
Coxy Member since:
2006-07-01

I'm sure that there have been backdoors in Windows for years, for use by US agencies. This is hardly a surprise, why do you think MS was never made to reveal the source for windows?

Reply Score: 1

So...
by suryad on Tue 9th Jan 2007 21:48 UTC
suryad
Member since:
2005-07-09

wouldnt this mean that if Vista gets hacked or gets trojans and spyware that MS + NSA have a lot of bad programmers on their staff?

Reply Score: 2

v Mmmm backdoor Betty
by sigzero on Tue 9th Jan 2007 21:52 UTC
what it means......
by resonate on Tue 9th Jan 2007 21:54 UTC
resonate
Member since:
2006-01-19

is tighter control of user actions. forget privacy from now on...
dont count me in, im not going there...

Reply Score: 4

Question:
by rcsteiner on Tue 9th Jan 2007 22:38 UTC
rcsteiner
Member since:
2005-07-12

How much experience does the NSA have in operating systems design?

Most of the OSes I've seen certified for use with secure government systems were actually developed by independent corporations, not by the government.

Reply Score: 4

Pretty much, actually
by haugland on Wed 10th Jan 2007 13:39 UTC in reply to "Question:"
haugland Member since:
2005-07-07

The NSA does have experience in operating systems design.

http://www.nsa.gov/selinux/

Reply Score: 1

backdoor
by just-w on Tue 9th Jan 2007 22:47 UTC
just-w
Member since:
2006-10-16

Having the NSA involved screams "backdoor" to me. With all the (illegal) spying they've been doing lately, most recently wanting to be able to read our (snail) mail without a warrant...what are the chances they consulted with MS without wanting a way to access people's computers (again, without a warrant)?

Edited 2007-01-09 22:49

Reply Score: 5

RE: backdoor
by tomcat on Wed 10th Jan 2007 21:27 UTC in reply to "backdoor"
tomcat Member since:
2006-01-06

Even if a backdoor exists, it will be discovered. People watch the traffic that flows across their networks. Eventually, just as security through obscurity doesn't work, so too will any backdoors be found.

Reply Score: 1

The Tin Foil Store Called
by jayson.knight on Tue 9th Jan 2007 22:56 UTC
jayson.knight
Member since:
2005-07-06

And they want all their hats back.

Seriously people, calm down.

That being said, seeing as the branch of the gov't that deals with computer related crimes is the FBI, wouldn't it have made more sense to bring them in instead of the NSA?

Reply Score: 0

RE: The Tin Foil Store Called
by n4cer on Tue 9th Jan 2007 23:24 UTC in reply to "The Tin Foil Store Called"
n4cer Member since:
2005-07-06

That being said, seeing as the branch of the gov't that deals with computer related crimes is the FBI, wouldn't it have made more sense to bring them in instead of the NSA?

NSA does crypto and security research, and also handles Common Criteria evaluations (among other things). I think they're qualified.

Reply Score: 4

RE: The Tin Foil Store Called
by proftv on Wed 10th Jan 2007 00:15 UTC in reply to "The Tin Foil Store Called"
proftv Member since:
2006-01-01

It's every citizen's patriotic duty to distrust the government. Privacy is an important right. No tin foil hats required.

I know this clinches it for me. I'm sticking with Ubuntu Linux, at least the code is there so people can try to uncover any back doors.

Reply Score: 5

RE: The Tin Foil Store Called
by SReilly on Wed 10th Jan 2007 01:22 UTC in reply to "The Tin Foil Store Called"
SReilly Member since:
2006-12-28

"That being said, seeing as the branch of the gov't that deals with computer related crimes is the FBI, wouldn't it have made more sense to bring them in instead of the NSA?"

Actually, last I heard it's the secret service.

There's a whole online book about it. It's called "The Hacker Crackdown : Law and Disorder on the Electronic Frontier." By Bruce Sterling.

Dude, next tine you shout your mouth off, try reading up on what your shouting first.

Reply Score: 1

RE: The Tin Foil Store Called
by oomingmak on Wed 10th Jan 2007 11:21 UTC in reply to "The Tin Foil Store Called"
oomingmak Member since:
2006-09-22

"seeing as the branch of the gov't that deals with computer related crimes is the FBI, wouldn't it have made more sense to bring them in instead of the NSA?"

That rather depends on what it is you are trying to achieve.

Reply Score: 1

RE: The Tin Foil Store Called
by Phloptical on Thu 11th Jan 2007 04:12 UTC in reply to "The Tin Foil Store Called"
Phloptical Member since:
2006-10-10

The FBI is too busy drinking coffee and collecting money from south american drug-lords to so any actual investigative work. They were more worried about where the next shipment of pot was coming from than to actually do any follow-ups on all their leads leading up to 9-11.

If Vista had been named Windows-420, the FBI would have been all over it. That's the only thing they're good for.

Reply Score: 1

AIF
by acobar on Tue 9th Jan 2007 23:10 UTC
acobar
Member since:
2005-11-15

Advanced Information Filtering. They must be working on a very good one if they expect all information they can gather, once Vista gets used abroad, to be useful (just think about the amount of the information!). "Finding a needle in a haystack" will pale and loose its meaning on face of it.

Reply Score: 1

Dont trust microsoft.
by Iron on Tue 9th Jan 2007 23:27 UTC
Iron
Member since:
2006-12-15

I highly doubt the NSA came to help them with secureing there OS.It's more like they allowed the NSA to add there own code to be able to gain access to any pc anytime.
The NSA has been monitoring copper phone lines since the 50s I believe,from what I read elsewhere,they will do the same with the internet...or,us boxen attached to the net.Who knows.

Reply Score: 5

v hehe
by broken_symlink on Wed 10th Jan 2007 01:23 UTC
RE: hehe
by matthekc on Wed 10th Jan 2007 23:00 UTC in reply to "hehe"
matthekc Member since:
2006-10-28

"there is a picture of bill gates using hp's new all in one in the article. that thing looks so ugly."-broken_symlink

bill or the hp?

Edited 2007-01-10 23:10

Reply Score: 0

double standard
by Gooberslot on Wed 10th Jan 2007 02:30 UTC
Gooberslot
Member since:
2006-08-02

Wasn't it MS who threw a fit when the NSA released SELinux but now they turn around and ask for help.

Also, like lots of other people here have already said: NSA + closed source + known illegal spying = alarm bells.

Reply Score: 5

Damitol
by Sphinx on Wed 10th Jan 2007 02:49 UTC
Sphinx
Member since:
2005-07-09

Microsoft introduces its long-awaited Windows Vista operating system this month, it will have an unlikely partner to thank for making its flagship product safe and secure for millions of computer users across the world: the National Security Agency

Sleep tight America.

Reply Score: 5

backdoor
by just-w on Wed 10th Jan 2007 02:59 UTC
just-w
Member since:
2006-10-16

And they want all their hats back.

1) wire taps without warrants
2) tracking phone call patterns
3) trying to get the power to read (snail) mail
4) FBI viewing library checkout records of suspected terrorists

it's been all over the news....this administration has no respect for people's privacy. if it's paranoia, most of the country seems to be suffering from it..

Reply Score: 3

A warm fuzzy feeling...
by StychoKiller on Wed 10th Jan 2007 05:29 UTC
StychoKiller
Member since:
2005-09-20

Installing a lock on a paper mache door that even a safe cracker would have trouble with won't make an OS secure, especially if most criminals find that the user has left the door open or can be tricked into opening it.
Once you've earned a reputation for producing crappy code, it's a looonnngg uphill struggle to get people to believe that you've seen the error of your ways.

Skreed is not a word btw. Curiously, screed is and it describes the action taken to level out concrete using a straightedge, like a 2"X4" piece of lumber.

Reply Score: 2

homeland security
by netpython on Wed 10th Jan 2007 06:04 UTC
netpython
Member since:
2005-07-06

So now Vista is part of homeland security?

Reply Score: 3

RE: homeland security
by jimcooncat on Wed 10th Jan 2007 21:54 UTC in reply to "homeland security"
jimcooncat Member since:
2006-07-24

Well, yeah! Homeland Security has been publishing "Cyber Security Alerts" for quite a while now. And it seems they promote all the Microsoft Updates. To be fair, they cover Apple, Mozilla, and Oracle as well.

http://www.us-cert.gov/cas/techalerts/

But the French seem to have better coverage, including Linux:

http://www.frsirt.com/english/security-advisories/

LMAO:
Microsoft Office Grammar Checker Client-Side Code Execution Vulnerability (MS07-001)
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-09

Reply Score: 1

Daft
by rajan r on Wed 10th Jan 2007 09:36 UTC
rajan r
Member since:
2005-07-27

To those suggesting a spyware backdoor due to NSA consultation and involvement in Vista:

1) Microsoft have licensed out its code regularly to universities and certain foreign governments, as well as other organizations, under a shared-source license. If there is a backdoor, we would hear of it soon.

2) You don't need the source code to find backdoors - an application or a library communication over the network, for example, can be isolated and monitored (though, there is a possibility NSA have affixed specialized hardware unto PCs that communicate through some NSA-specific wireless network whose spectrum is undetectable and, more than that, causes brain tumours to those not wearing tinfoil hats...)

3) And if spying is NSA's goal, perhaps they would focus on network hubs rather than individual computers - spying on ISP records, for one, has a whole lot more efficacy than spying on millions of individual computers.

4) And if spying is their goal in this case, wouldn't they try to keep their relationship with Microsoft secret? Foreign terrorists, governments and paranoid geeks would after all ditch Windows in suspicion. Hell, why not just avoid the relationship - is it beyond the NSA to hire spy-programmers and placing them in Microsoft?

5) It is not as if NSA have other goals in mind here - the amount of threats to the Windows platform hurt national security too. While they can do all they can to secure government networks, just some idiot general can plug in their infected Windows laptop into, say, the Pentagon network and spread a slew of viruses within. In other words, NSA has a vested interest in seeing Windows secure by virtue of the fact Windows is the most widely used operating system in the government sector. It, after all, takes one idiot and one new, undetectable, virus to infect a whole network.

Reply Score: 2

Southpark
by stabilep on Wed 10th Jan 2007 14:34 UTC
stabilep
Member since:
2006-04-02

This thread reminds me of the Southpark episode about the Truth behing 9/11...

"George W. Bush: Quite simple to pull off really, all I had to do was have explosives planted in the base of the towers, then on 9/11 we pretended like 4 planes were being hijacked when really we just rerouted them to Pennsylvania then flew 2 military jets into the World Trade Centers filled with more explosives then shot all the witnesses of flight 93 with an F15 after blowing up the Pentagon with a cruise missle. It was only the world's most intricate and flawlessly executed plan, ever, ever.
Kyle: [ever more incredulous, cocks his head left and lower] ...Really??
Stan: Why?!
Bush: [smiling, he begins to pace] Oldest reason in the world. Money. The towers fell and the American sheeple all waved their flags. [walks by Dick Cheney, who's got a crossbow and is dressed to hunt] Finally we could invade Iraq, [finishes off with sinister glee] and get the oil which made us all richer than before.
Rumsfeld: [rubs his hands together greedily] Beauutiful money, hahahaha!
Kyle: [cocks his head right and even lower. He's not buying it] ...Really??"

....

"Mr. Hardly: That all the 9/11 conspiracy Web sites are run by the government. The 9/11 conspiracy... is a government conspiracy.
Stan: Aw Jesus...
Kyle: Why would the government want people to believe they caused 9/11?
Mr. Hardly: For a government to have power, they must appear to have complete control. What better way to make people fear them than to convince them they are capable of the most elaborate plan on earth?
Bush: [off-screen] That's quite enough, Hardly! [the camera shows him entering with his staff] Don't believe what he says, boys; we caused 9/11. [brings forth a manila folder] It's all right here in these secret documents, [hugs the folder tight] but you'll never get them. [turns around as he yawns, dropping the folder to the floor behind him. No one picks them up]
Kyle: I knew it! You didn't plan 9/11 and you really didn't shoot that guy!
Bush: Boys, you don't understand. People need to think we are all-powerful. That we control the world. If they know we weren't in charge of 9/11 then... we appear to control nothing.
Kyle: Well why don't you just tell people the truth?!
Bush: We do that too. And most people believe the truth. But one fourth of the population is retarded. If they wanna believe we control everything with intricate plans, why not let them?"

Reply Score: 0

Black Helicopters
by linuxh8r on Wed 10th Jan 2007 15:41 UTC
linuxh8r
Member since:
2006-01-09

I've read a lot of talk back comments here suggesting NSA paid Microsoft to put backdoors in Windows Vista.

If linux is so secure and NSA wants backdoors in the OS, then why would the NSA ever use linux? After all it is so secure they could never penatrate it.

Didn't NSA develop the SELinux specification? Why should we trust it?

Maybe the NSA shouldn't use linux, after all, they can't break into it.

Why stop with backdoors. NSA should pay MS to put in rootkits, viruses and other forms of malware. NSA has a large budget, they can afford it.

Heck, MS should create a special NSA edition of Windows specifically designed to be unlocked by and only by the NSA.

Does this sound as ridiculous to you as it does to most sane people? I would think so.

Reply Score: 0

RE: Black Helicopters
by Xaero_Vincent on Wed 10th Jan 2007 17:06 UTC in reply to "Black Helicopters"
Xaero_Vincent Member since:
2006-08-18

Yeah, and less than 1% of distribution actually have SELinux installed by default.

My distribution has AppArmor and it's a godsend to use in comparision to headaches you get from SELinux.

Reply Score: 2

Asta La Vista
by Xaero_Vincent on Wed 10th Jan 2007 17:00 UTC
Xaero_Vincent
Member since:
2006-08-18

Giving the source to security companies isn't such a great idea. If these companies get desperate, they'll develop their own backdoor trojains and viruses that only their security products can detect/remove.

Microsoft recieving help from NSA is probably a marketing stunt. I bet the NSA secretly imbedded spyware into one of the Windows subsystems, which gives them the ability to monitor people who watch child pr0n, host illegal warez, support terrorist activity and the global drug trade.

Reply Score: 2

RE: Asta La Vista
by tomcat on Wed 10th Jan 2007 21:29 UTC in reply to "Asta La Vista"
tomcat Member since:
2006-01-06

Giving the source to security companies isn't such a great idea. If these companies get desperate, they'll develop their own backdoor trojains and viruses that only their security products can detect/remove.

I disagree. Security thru obscurity never works; therefore, it dosn't matter if the security companies have the source code or not.

Microsoft recieving help from NSA is probably a marketing stunt. I bet the NSA secretly imbedded spyware into one of the Windows subsystems, which gives them the ability to monitor people who watch child pr0n, host illegal warez, support terrorist activity and the global drug trade.

And you think that this kind of spy traffic would go unnoticed on people's networks? You think that network pros would be duped by this traffic?

Reply Score: 1

Backdoor + Desktop Indexing
by acobar on Wed 10th Jan 2007 18:43 UTC
acobar
Member since:
2005-11-15

At first I thought it would be irrelevant, as the amount of information they could get is really huge but perhaps, coupled with desktop indexing provided by Microsoft, it can be turned on an efficient method to really track and filter information. Maybe, they postponed WinFS to tune a little bit more the entire scheme. If true it gives a whole new meaning for the next Windows code name (Blackcomb).

Humm, nanh, looks too paranoid.

Reply Score: 1

walterbyrd
Member since:
2005-12-31

Imagine an actual profession designing security for a microsoft product.

Who designed security for XP and Win2K? Clowns and giant insects?

Reply Score: 1