Linked by Thom Holwerda on Thu 11th Jul 2013 21:35 UTC
Microsoft Documents released by Snowden show the extent to which Microsoft helped the NSA and other security agencies in the US. "Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal; The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail; The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide; [...] Skype, which was bought by Microsoft in October 2011, worked with intelligence agencies last year to allow Prism to collect video of conversations as well as audio; Material collected through Prism is routinely shared with the FBI and CIA, with one NSA document describing the program as a 'team sport'." Wow. Just wow.
Permalink for comment 566906
To read all comments associated with this story, please click here.
RE: Now we know what happend.
by Kebabbert on Fri 12th Jul 2013 13:03 UTC in reply to "Now we know what happend."
Kebabbert
Member since:
2007-07-27

It's one of the reasons I migrated to Linux over a decade ago. Don't do Windows people, it's bad for you.

I would not count on Linux being much safer. There are very subtle attempts to introduce back doors into Linux:
http://www.theregister.co.uk/2003/11/07/linux_kernel_backdoor_block...

"That's the kind of pub talk that you end up having," says BindView security researcher Mark 'Simple Nomad' Loveless. "If you were the NSA, how would you backdoor someone's software? You'd put in the changes subtly. Very subtly."
"Whoever did this knew what they were doing," says Larry McVoy, founder of San Francisco-based BitMover, which hosts the Linux kernel development site that was compromised. "They had to find some flags that could be passed to the system without causing an error, and yet are not normally passed together... There isn't any way that somebody could casually come in, not know about Unix, not know the Linux kernel code, and make this change. Not a chance."


The problem with Linux is the extremely high code turn over. Most code is replaced within... 6(?) months. There is no way you can keep up and audit all changes. HP spends millions of USD to keep up with the device drivers, because Linux upgrades frequently breaks the drivers. HP has a very hard time to update only the HP drivers. Now imagine how hard it would be to scan new code for back doors? That is impossible. Especially when the back doors are as difficult to spot as in the link above. There are probably many more back doors that are not spotted.

OpenBSD seems to be much rigorous with the code review and audit. NSA probably hates OpenBSD because it is focused on security and being safe. Linux has a chaotic development process and all code is not reviewed nor understood, which makes Linux a haven for NSA and other malicious users. I would avoid the very complex SELinux additions from NSA, to make Linux "safer". God nows how many backdoors there are in SELinux.

http://www.forbes.com/2005/06/16/linux-bsd-unix-cz_dl_0616theo.html
"Lok Technologies , a San Jose, Calif.-based maker of networking gear, started out using Linux in its equipment but switched to OpenBSD four years ago after company founder Simon Lok, who holds a doctorate in computer science, took a close look at the Linux source code.
“You know what I found? Right in the kernel, in the heart of the operating system, I found a developer’s comment that said, ‘Does this belong here?’ “Lok says. “What kind of confidence does that inspire? Right then I knew it was time to switch.”

This proves that Linux developers does not review all code, nor understand what the code does. It is wildly chaotic with lots of contributions from everywhere, including from NSA.

http://www.kerneltrap.org/Linux/Active_Merge_Windows
"The [linux source code] tree breaks every day, and it's becomming an extremely non-fun environment to work in.
We need to slow down the merging, we need to review things more, we need people to test their f--king changes!"


From a security view point, Linux should be avoided. OpenBSD is built for safety and every line of code is reviewed and understood.

Edited 2013-07-12 13:04 UTC

Reply Parent Score: 6