[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How NSA access was built into Windows



On Tue, 2007-01-16 at 09:15 -0600, Steve Siegfried wrote:
> On January 14'th, Claude Jones kicked off this thread with a question
> about the NSA'a involvement (if any) in SELinux.
> 
> I'm a subscriber to Bruce Schneier's CRYPTO-GRAM newsletter (currently
> in its 10'th year of publication), the January 15'th edition of which
> contained:
>    CGNL> 
>    CGNL> ** *** ***** ******* *********** *************
>    CGNL> 
>    CGNL>       NSA Helps Microsoft with Windows Vista
>    CGNL> 
>    CGNL> 
>    CGNL> 
>    CGNL> The NSA "helped" Microsoft with Windows Vista.  They're not disclosing 
>    CGNL> what they did, of course, but Microsoft insiders have told me that it 
>    CGNL> was nothing more than assisting with assurance testing.
>    CGNL> 
>    CGNL> But I am suspicious.
>    CGNL> 
>    CGNL> It's called the "equities issue."  Basically, the NSA has two roles: 
>    CGNL> eavesdrop on their stuff, and protect our stuff.  When both sides use 
>    CGNL> the same stuff -- Windows Vista, for example -- the agency has to decide 
>    CGNL> whether to exploit vulnerabilities to eavesdrop on their stuff or close 
>    CGNL> the same vulnerabilities to protect our stuff.  In its partnership with 
>    CGNL> Microsoft, it could have decided to go either way: to deliberately 
>    CGNL> introduce vulnerabilities that it could exploit, or deliberately harden 
>    CGNL> the OS to protect its own interests.
>    CGNL> 
>    CGNL> A few years ago I was ready to believe the NSA recognized we're all 
>    CGNL> safer with more secure general-purpose computers and networks, but in 
>    CGNL> the post-9/11 take-the-gloves-off eavesdrop-on-everybody environment, I 
>    CGNL> simply don't trust the NSA to do the right thing.
>    CGNL> 
>    CGNL> http://www.washingtonpost.com/wp-dyn/content/article/2007/01/08/AR2007010801352.html 
>    CGNL> or http://tinyurl.com/ycgv9f
>    CGNL> 
>    CGNL> Another opinion:
>    CGNL> http://www.computerworld.com/blogs/node/4330
>    CGNL> 
>    CGNL> 
>    CGNL> ** *** ***** ******* *********** *************
>    CGNL> 
> 
> I should point out that Mr. Schneier is founder and CTO of BT Counterpane,
> a well respected computer security company, invented the Blowfish and
> Twofish algorithms and is often the "go-to guy" for media on computer
> security issues.
> 
> Now here's the fun part: If you read the two articles Schneier points to,
> you'll also find this nugget in the first (from the Washington Post's
> online site):
> 
>   WP> 
>   WP> Other software makers have turned to government agencies for security
>   WP> advice, including Apple, which makes the Mac OS X operating system. "We
>   WP> work with a number of U.S. government agencies on Mac OS X security and
>   WP> collaborated with the NSA on the Mac OS X security configuration guide,"
>   WP> said Apple spokesman Anuj Nayar in an e-mail.
>   WP> 
>   WP> Novell, which sells a Linux-based operating system, also works with
>   WP> government agencies on software security issues, spokesman Bruce Lowry
>   WP> said in an e-mail, "but we're not in a position to go into specifics of
>   WP> the who, what, when types of questions."
>   WP> 
>   WP> The NSA declined to comment on its security work with other software
>   WP> firms, but Sager said Microsoft is the only one "with this kind of
>   WP> relationship at this point where there's an acknowledgment publicly."
>   WP> 
> 
> So it would seem that MS is farther in cahoots with the NSA than most, but
> also that Linux (via Novell) isn't exempt from NSA "oversight", either.
> 
> Just trying to inject some facts'idly,
> 
> -S
> 

Thank you Steve, that was an enlightening post.  It also fits in well
with the big picture.


LX


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]