Linked by Thom Holwerda on Mon 30th Dec 2013 15:49 UTC
Legal

The German newspaper Der Spiegel has unveiled a whole bunch of stuff about the NSA and its tools that defy belief. Their tools and actions go way beyond what we already knew; we're not just talking passive information gathering through cables and such, but way, way more.

For instance, the NSA can divert shipments of purchased computers and equipment to their own secret workshops, where malware and spying hardware is added to these products before they are then shipped onward to the buyers. They also intercept Windows crash reports as they are sent from users' computers to Microsoft's servers. Worse yet, they can reportedly add special hardware to drones that can wirelessly infect computers from up to 8 kilometres away.

We've only seen the tip of the iceberg here. The fact that no heads are rolling in Washington over this illustrates just how corrupt and undemocratic the US government has become.

Thread beginning with comment 579618
To read all comments associated with this story, please click here.
Say no to binary blobs
by crystall on Mon 30th Dec 2013 17:33 UTC
crystall
Member since:
2007-02-06

Refusal by certain Linux distros to ship binary blobs has been usually met with scorn about excessive paranoia in the past. As it turns out the motivations behind that refusal have been more than vindicated by this leak.

It turns out that not only you cannot trust binary blobs obtained/download from vendors but you cannot trust baked-in firmware either. Just to put this into perspective pretty much every component today ships with some sort of firmware: BIOS/UEFI, hard-drives, SSDs, wireless cards, graphics cards, etc... You name it.

Reply Score: 9

RE: Say no to binary blobs
by Kochise on Mon 30th Dec 2013 17:36 in reply to "Say no to binary blobs"
Kochise Member since:
2006-03-03

There is open-source software that were trojaned, NSA modified well-known open-source cryptographic algorithms, etc and no one noticed. Considering the quality of said open-source and the reluctance of paranoid coders like you to review code, there is still chance to get hammered while using your beloved Linux.

Kochise

Reply Parent Score: 2

RE[2]: Say no to binary blobs
by WereCatf on Mon 30th Dec 2013 17:56 in reply to "RE: Say no to binary blobs"
WereCatf Member since:
2006-02-15

There is open-source software that were trojaned, NSA modified well-known open-source cryptographic algorithms, etc and no one noticed.


What software are you talking about? If you're talking about the Dual_EC_DRBG then you're completely on the wrong foot here, Dual_EC_DRBG was available, but it was not the default and had to be specifically chosen as the RNG in use. And it was already known to be faulty, no one just had removed it. Besides, NSA didn't trojan it into any software, it was added because of standards.

Edited 2013-12-30 18:01 UTC

Reply Parent Score: 6

RE[2]: Say no to binary blobs
by saso on Mon 30th Dec 2013 17:59 in reply to "RE: Say no to binary blobs"
saso Member since:
2007-04-18

There is open-source software that were trojaned, NSA modified well-known open-source cryptographic algorithms, etc

Citations please.

Reply Parent Score: 4

RE[2]: Say no to binary blobs
by ilovebeer on Tue 31st Dec 2013 22:04 in reply to "RE: Say no to binary blobs"
ilovebeer Member since:
2011-08-08

Anyone who thinks Linux offers real security or immunity from exploitation is nothing more than a victim waiting to happen. These guys have it all rigged whether it's software, hardware, firmware, whatever. The only way people can truly protect themselves is by inventing a time machine and going back to live when steam power was the hottest ticket in town, or prior.

Reply Parent Score: 4