Linked by Thom Holwerda on Thu 11th Jul 2013 21:35 UTC
Microsoft Documents released by Snowden show the extent to which Microsoft helped the NSA and other security agencies in the US. "Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal; The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail; The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide; [...] Skype, which was bought by Microsoft in October 2011, worked with intelligence agencies last year to allow Prism to collect video of conversations as well as audio; Material collected through Prism is routinely shared with the FBI and CIA, with one NSA document describing the program as a 'team sport'." Wow. Just wow.
Thread beginning with comment 566837
To read all comments associated with this story, please click here.
Now we know what happend.
by cmost on Fri 12th Jul 2013 00:12 UTC
cmost
Member since:
2006-07-16

Back in the late 90s early 2000s, Microsoft was tried for antitrust practices and a judge ordered it split into two companies: a software company and an operating system company. Then, suddenly a new judge was assigned and all that went away. Shortly thereafter, Bill Gates retired. I find that funny really since back in the late 80s the government wanted a back door in Windows that would allow it unfettered access to user data for the purposes of national security. Bill Gates staunchly refused then, but when Microsoft's back was against a wall I think he agreed but left because he opposed it on other grounds. I think the government leveraged the penalty of splitting Microsoft in exchange for the back door it wanted. It's one of the reasons I migrated to Linux over a decade ago. Don't do Windows people, it's bad for you.

Reply Score: 8

RE: Now we know what happend.
by Kebabbert on Fri 12th Jul 2013 13:03 in reply to "Now we know what happend."
Kebabbert Member since:
2007-07-27

It's one of the reasons I migrated to Linux over a decade ago. Don't do Windows people, it's bad for you.

I would not count on Linux being much safer. There are very subtle attempts to introduce back doors into Linux:
http://www.theregister.co.uk/2003/11/07/linux_kernel_backdoor_block...

"That's the kind of pub talk that you end up having," says BindView security researcher Mark 'Simple Nomad' Loveless. "If you were the NSA, how would you backdoor someone's software? You'd put in the changes subtly. Very subtly."
"Whoever did this knew what they were doing," says Larry McVoy, founder of San Francisco-based BitMover, which hosts the Linux kernel development site that was compromised. "They had to find some flags that could be passed to the system without causing an error, and yet are not normally passed together... There isn't any way that somebody could casually come in, not know about Unix, not know the Linux kernel code, and make this change. Not a chance."


The problem with Linux is the extremely high code turn over. Most code is replaced within... 6(?) months. There is no way you can keep up and audit all changes. HP spends millions of USD to keep up with the device drivers, because Linux upgrades frequently breaks the drivers. HP has a very hard time to update only the HP drivers. Now imagine how hard it would be to scan new code for back doors? That is impossible. Especially when the back doors are as difficult to spot as in the link above. There are probably many more back doors that are not spotted.

OpenBSD seems to be much rigorous with the code review and audit. NSA probably hates OpenBSD because it is focused on security and being safe. Linux has a chaotic development process and all code is not reviewed nor understood, which makes Linux a haven for NSA and other malicious users. I would avoid the very complex SELinux additions from NSA, to make Linux "safer". God nows how many backdoors there are in SELinux.

http://www.forbes.com/2005/06/16/linux-bsd-unix-cz_dl_0616theo.html
"Lok Technologies , a San Jose, Calif.-based maker of networking gear, started out using Linux in its equipment but switched to OpenBSD four years ago after company founder Simon Lok, who holds a doctorate in computer science, took a close look at the Linux source code.
“You know what I found? Right in the kernel, in the heart of the operating system, I found a developer’s comment that said, ‘Does this belong here?’ “Lok says. “What kind of confidence does that inspire? Right then I knew it was time to switch.”

This proves that Linux developers does not review all code, nor understand what the code does. It is wildly chaotic with lots of contributions from everywhere, including from NSA.

http://www.kerneltrap.org/Linux/Active_Merge_Windows
"The [linux source code] tree breaks every day, and it's becomming an extremely non-fun environment to work in.
We need to slow down the merging, we need to review things more, we need people to test their f--king changes!"


From a security view point, Linux should be avoided. OpenBSD is built for safety and every line of code is reviewed and understood.

Edited 2013-07-12 13:04 UTC

Reply Parent Score: 6

RE[2]: Now we know what happend.
by shmerl on Fri 12th Jul 2013 14:49 in reply to "RE: Now we know what happend."
shmerl Member since:
2010-06-08

This isn't about attempts. It's about ability to review and find them. Which is simply close to impossible with Windows and its closed development. Really a classic issue about open vs closed source.

Edited 2013-07-12 14:50 UTC

Reply Parent Score: 1

Valhalla Member since:
2006-01-24


There is no way you can keep up and audit all changes

Only code that is actually a candidate to make it into the kernel needs to be audited, are you saying code gets merged into a mainline release without being audited? Show me some proof.

HP spends millions of USD to keep up with the device drivers, because Linux upgrades frequently breaks the drivers.

Citation needed.


OpenBSD seems to be much rigorous with the code review and audit.

No argument here, OpenBSD is the most security oriented operating system I can think of, of course it leads to drawbacks like being very slowly developed.

Also OpenBSD's focus on security above (pretty much) all else doesn't mean that Linux has 'bad' security in any way.

Linux has a chaotic development process and all code is not reviewed nor understood, which makes Linux a haven for NSA and other malicious users.

Bullshit, how is Linux development chaotic?

People/companies submit code, code is audited by the maintainer/maintainers of the specific subsystem the code belongs to, then if it passes their audit it's put in staging where it will go through testing and more eyeballs as at this stage it's actually a candidate for mainline.

Then when the subsystem maintainer feels the code is mature enough he/she waits for the merge window to open and then sends a pull request to Linus.

Linus then has the final say on whether or not it will make it into the merge window, if it does it will go through further testing during the merge window, and if it passes it will finally make it into a mainline release.

How is this a chaotic development process?


“You know what I found? Right in the kernel, in the heart of the operating system, I found a developer’s comment that said, ‘Does this belong here?’ “Lok says. “What kind of confidence does that inspire? Right then I knew it was time to switch.”

This proves that Linux developers does not review all code, nor understand what the code does.

A 2005 quote from some 'Lok' about a comment he found in the Linux source code, without any context whatsoever as to what the comment even related to is something you claim to be proof of Linux developers not reviewing or understanding the code? Your trolling seems to know no bounds.

Now that you seem to have given up championing Solaris you've instead embarked on a anti-Linux crusade, I guess I shouldn't be surprised.

Du borde hitta något konstruktivare att tillbringa din tid med, istället för att hata och attackera Linux, varför inte fokusera på att lyfta fram egenskaper hos de operativsystem du gillar? Har aldrig förstått mig på din typ av beteende.

It is wildly chaotic with lots of contributions from everywhere, including from NSA.

How is getting code contributions chaotic?

These contributions, if they make it into the kernel mainline release at all, only make it in once they've been audited and tested.


http://www.kerneltrap.org/Linux/Active_Merge_Windows
"The [linux source code] tree breaks every day, and it's becomming an extremely non-fun environment to work in.
We need to slow down the merging, we need to review things more, we need people to test their f--king changes!"

You dig up a 5 year old e-mail where a developer states that they need to slow down the amount of merging during the merge window or make the merge window longer as proof of what exactly?

That five years ago they had a dialogue about the amount of code which should be merged during a merge window?

Reply Parent Score: 5