Slashdot Mirror

Wow, two days ago. You're practically psychic.

Jon Callas: NSA Exploit Isn't Crypto, It's SMTP: 30 August 2013

Domain ID:D50853670-LRMS
Domain Name:DARKMAIL.INFO
Created On:17-Oct-2013 17:36:20 UTC
Last Updated On:17-Oct-2013 17:37:29 UTC
Expiration Date:17-Oct-2014 17:36:20 UTC
Sponsoring Registrar:Network Solutions, LLC (R122-LRMS)
Status:CLIENT TRANSFER PROHIBITED
Status:TRANSFER PROHIBITED
Registrant ID:27619050-NSI
Registrant Name:Merrymeet
Registrant Organization:
Registrant Street1:2134 Ardis Drive
Registrant Street2:
Registrant Street3:
Registrant City:San Jose
Registrant State/Province:CA
Registrant Postal Code:95125
Registrant Country:US
Registrant Phone:+1.4084486801
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:jon@MERRYMEET.COM

Lavabit Appeal EFF Amicus Brief http://cryptome.org/2013/10/lavabit-eff-amicus-13-1024.pdf, Lavabit Appeal ACLU Amicus Brief http://cryptome.org/2013/10/lavabit-aclu-amicus-13-1024.pdf & Lavabit Appeal Empeopled Amicus Brief http://cryptome.org/2013/10/lavabit-empeopled-amicus-13-1024.pdf might offer some insight into the legal advice sought and deployed via http://cryptome.org/.

Lavabit Appeal EFF Amicus Brief http://cryptome.org/2013/10/lavabit-eff-amicus-13-1024.pdf, Lavabit Appeal ACLU Amicus Brief http://cryptome.org/2013/10/lavabit-aclu-amicus-13-1024.pdf & Lavabit Appeal Empeopled Amicus Brief http://cryptome.org/2013/10/lavabit-empeopled-amicus-13-1024.pdf might offer some insight into the legal advice sought and deployed via http://cryptome.org/.

Lavabit Appeal EFF Amicus Brief http://cryptome.org/2013/10/lavabit-eff-amicus-13-1024.pdf, Lavabit Appeal ACLU Amicus Brief http://cryptome.org/2013/10/lavabit-aclu-amicus-13-1024.pdf & Lavabit Appeal Empeopled Amicus Brief http://cryptome.org/2013/10/lavabit-empeopled-amicus-13-1024.pdf might offer some insight into the legal advice sought and deployed via http://cryptome.org/.

Lavabit Appeal EFF Amicus Brief http://cryptome.org/2013/10/lavabit-eff-amicus-13-1024.pdf, Lavabit Appeal ACLU Amicus Brief http://cryptome.org/2013/10/lavabit-aclu-amicus-13-1024.pdf & Lavabit Appeal Empeopled Amicus Brief http://cryptome.org/2013/10/lavabit-empeopled-amicus-13-1024.pdf might offer some insight into the legal advice sought and deployed via http://cryptome.org/.

The EU knew in 2001 "on the existence of a global system for the interception of private and commercial communications (ECHELON interception system)" via http://cryptome.org/echelon-ep-fin.htm

For European companies, the NSA reading their data equals their competitors reading their data. This has been known here since at least the early 90s, when Echolon data was used for commercial advantage of US companies.

That isn't really true.

Why We Spy on Our Allies - By R. James Woolsey, former Director of CIA

Really? You're going to take that yay-America propaganda as trustworthy?

For European companies, the NSA reading their data equals their competitors reading their data. This has been known here since at least the early 90s, when Echolon data was used for commercial advantage of US companies.

That isn't really true.

Why We Spy on Our Allies - By R. James Woolsey, former Director of CIA

LOL AC. Really, read how the press and govs go over the docs sometime.
http://cryptome.org/2013/10/questioning-snowden-truth.htm
Its been pre sorted before release.
The authorities in the UK and US make a very public fuss but the printing presses and website still publish.

The information is out, people around the world can match up the files and talk about the release process.
http://cryptome.org/2013/10/nsa-tor-disinfo.htm
What can the USA do after the fact?
http://en.wikipedia.org/wiki/Jerzy_Popie%C5%82uszko
http://en.wikipedia.org/wiki/Georgi_Markov
Now we might be seeing the start of part two of a big NSA/CIA game.

Was the file cleaned at the CIA? At some contractor level between the CIA and NSA or later?
The CIA has a long history of Soviet and other "friendly" nations penetrating the totality of its work. The idea that some person was "passed" to another US secure position without comment is generationally telling. Its not the 1980's anymore.
The US staff vetting is only a "bit" broken, privatized and rushed over the past 10 years? Nothing the Russians other nations can work around?
This would point to the NSA and CIA keeping its contractor staff so distant from quality gov databases it becomes a real risk.
The contractors arranged have a political 'clearance' so internally fixed that the CIA, FBI? and NSA contractor staff doing vetting seem unaware of file changes?
Clear the brand, boss, education and the staff are by default all 'good'- the US is now the UK all over again?
Or the CIA and its tame friends in the press are playing long term with limited hangout and the NSA was the tool used.
http://cryptome.org/2013/10/nsa-tor-disinfo.htm
Contractor considerations, a CIA set up or a different layer of contractor clearances?
The US is left to ponder rogue contractors running private clearances, rogue agencies or a brilliant grand plan in the making, the NSA out in the cold.

He did not sell them, the fun part is who is helping 'review' aspects in some parts of the world before publication :)
http://cryptome.org/2013/10/questioning-snowden-truth.htm
You get differences
http://cryptome.org/2013/10/nsa-ego-differ/nsa-ego-differ.htm
Or the Tor is not unsafe message vs:
http://cryptome.org/2013/10/packet-stain/packet-staining.htm
The "others put their lives on the line for your security" is a nice talking point but most states do put effort into their revolutionaries, freedom fighters, mercenaries and faith based teams.
Handlers always knew what signals intelligence offers and the "junk" equipment offered on the world market and work with what they have.
Why would the internet, banking, web 2.0 be any different?

He did not sell them, the fun part is who is helping 'review' aspects in some parts of the world before publication :)
http://cryptome.org/2013/10/questioning-snowden-truth.htm
You get differences
http://cryptome.org/2013/10/nsa-ego-differ/nsa-ego-differ.htm
Or the Tor is not unsafe message vs:
http://cryptome.org/2013/10/packet-stain/packet-staining.htm
The "others put their lives on the line for your security" is a nice talking point but most states do put effort into their revolutionaries, freedom fighters, mercenaries and faith based teams.
Handlers always knew what signals intelligence offers and the "junk" equipment offered on the world market and work with what they have.
Why would the internet, banking, web 2.0 be any different?

He did not sell them, the fun part is who is helping 'review' aspects in some parts of the world before publication :)
http://cryptome.org/2013/10/questioning-snowden-truth.htm
You get differences
http://cryptome.org/2013/10/nsa-ego-differ/nsa-ego-differ.htm
Or the Tor is not unsafe message vs:
http://cryptome.org/2013/10/packet-stain/packet-staining.htm
The "others put their lives on the line for your security" is a nice talking point but most states do put effort into their revolutionaries, freedom fighters, mercenaries and faith based teams.
Handlers always knew what signals intelligence offers and the "junk" equipment offered on the world market and work with what they have.
Why would the internet, banking, web 2.0 be any different?

unethical to continue releasing the data?
http://cryptome.org/2013/10/26-years-snowden.htm
The data exists outside Russia. No new data is been released from Russia.
Other interesting comments
http://cryptome.org/2013/10/nsa-link-removed.htm
http://cryptome.org/2013/10/nsa-tor-disinfo.htm and http://cryptome.org/2013/10/questioning-snowden-truth.htm

unethical to continue releasing the data?
http://cryptome.org/2013/10/26-years-snowden.htm
The data exists outside Russia. No new data is been released from Russia.
Other interesting comments
http://cryptome.org/2013/10/nsa-link-removed.htm
http://cryptome.org/2013/10/nsa-tor-disinfo.htm and http://cryptome.org/2013/10/questioning-snowden-truth.htm

unethical to continue releasing the data?
http://cryptome.org/2013/10/26-years-snowden.htm
The data exists outside Russia. No new data is been released from Russia.
Other interesting comments
http://cryptome.org/2013/10/nsa-link-removed.htm
http://cryptome.org/2013/10/nsa-tor-disinfo.htm and http://cryptome.org/2013/10/questioning-snowden-truth.htm

unethical to continue releasing the data?
http://cryptome.org/2013/10/26-years-snowden.htm
The data exists outside Russia. No new data is been released from Russia.
Other interesting comments
http://cryptome.org/2013/10/nsa-link-removed.htm
http://cryptome.org/2013/10/nsa-tor-disinfo.htm and http://cryptome.org/2013/10/questioning-snowden-truth.htm

Different departments
http://cryptome.org/2013/10/packet-stain/packet-staining.htm

Re worried about the next Edward Snowden... if you read http://cryptome.org/2013/10/questioning-snowden-truth.htm the US gov seems to be doing a great job with the press.
This was a good read too http://cryptome.org/2013/10/gchq-mullenize.pdf so expect http://cryptome.org/2013/10/packet-stain/packet-staining.htm for the domestic US networks. Thats a lot of power and cooling for just a human life of 'data' storage.

Re worried about the next Edward Snowden... if you read http://cryptome.org/2013/10/questioning-snowden-truth.htm the US gov seems to be doing a great job with the press.
This was a good read too http://cryptome.org/2013/10/gchq-mullenize.pdf so expect http://cryptome.org/2013/10/packet-stain/packet-staining.htm for the domestic US networks. Thats a lot of power and cooling for just a human life of 'data' storage.

Re worried about the next Edward Snowden... if you read http://cryptome.org/2013/10/questioning-snowden-truth.htm the US gov seems to be doing a great job with the press.
This was a good read too http://cryptome.org/2013/10/gchq-mullenize.pdf so expect http://cryptome.org/2013/10/packet-stain/packet-staining.htm for the domestic US networks. Thats a lot of power and cooling for just a human life of 'data' storage.

Can't speak directly about the japanese systems since they have some more modern stuff, but in the US they are *old*. We haven't started building a new plant since 1974 or a new reactor since 1977 (though they did start some new reactors at existing plants earlier this year).

The control rooms at these places are filled with tons of manual buttons and switches. Many of them look like this. I have no doubt that they are reliable and have failsafes, but a physical switch doesn't have a "are you sure" dialog or stop to ask for an admin password. Sure, switches might have those little covers you have to lift up to press a button, and the most important switches could be controlled with a key, but if somebody wants to push a button, it is getting pushed.

We hear a lot about how much reactor design has come along in the 35 years it has been since we last built one (just think about how long ago that was)...but don't forget that along with efficiency and physical safety, there have been a LOT of improvements in monitoring and control (only a fraction of which have been able to be integrated into the old plants).

Some more views Tem
http://cryptome.org/2013/10/nsa-tor-disinfo.htm
http://cryptome.org/2013/10/nsa-ego-differ/nsa-ego-differ.htm

Some more views Tem
http://cryptome.org/2013/10/nsa-tor-disinfo.htm
http://cryptome.org/2013/10/nsa-ego-differ/nsa-ego-differ.htm

The term limited hangout http://en.wikipedia.org/wiki/Limited_hangout, there was also this early on http://gawker.com/naomi-wolf-is-a-snowden-truther-513470303
http://cryptome.org/2013/10/questioning-snowden-truth.htm

Hi Mike,
http://cryptome.org/2013/10/questioning-snowden-truth.htm
21 points on the capabilities, govs been governments consulted, the terms "selected" "withholding"

Maybe the NSA will roll out an "Ad-sense" program? If you see something, say something is moot tho since all is seen and heard so DHS may need a better tag line. hmm seems like they already are rolling it out? http://cryptome.org/2013/09/nsa-syanpse.htm like a geocities, myspace maltego.

Why not start with a trip over to http://cryptome.org/ then look at http://cryptome.org/2013/09/senate-pk.htm http://cryptome.org/2013/09/nsa-pk.htm http://cryptome.org/2013/09/fbi-doj-pk.htm http://cryptome.org/2013/09/house-pk.htm http://cryptome.org/2013/09/uscourts-pk.htm and http://cryptome.org/2013/09/twitter-pk.htm and now seed both email content an headers with this publicly available information. Might well cause some names and addresses to be linked other names and addresses (be they two or three jumps away) that may raise a few eyebrows.

Why not start with a trip over to http://cryptome.org/ then look at http://cryptome.org/2013/09/senate-pk.htm http://cryptome.org/2013/09/nsa-pk.htm http://cryptome.org/2013/09/fbi-doj-pk.htm http://cryptome.org/2013/09/house-pk.htm http://cryptome.org/2013/09/uscourts-pk.htm and http://cryptome.org/2013/09/twitter-pk.htm and now seed both email content an headers with this publicly available information. Might well cause some names and addresses to be linked other names and addresses (be they two or three jumps away) that may raise a few eyebrows.

Why not start with a trip over to http://cryptome.org/ then look at http://cryptome.org/2013/09/senate-pk.htm http://cryptome.org/2013/09/nsa-pk.htm http://cryptome.org/2013/09/fbi-doj-pk.htm http://cryptome.org/2013/09/house-pk.htm http://cryptome.org/2013/09/uscourts-pk.htm and http://cryptome.org/2013/09/twitter-pk.htm and now seed both email content an headers with this publicly available information. Might well cause some names and addresses to be linked other names and addresses (be they two or three jumps away) that may raise a few eyebrows.

Why not start with a trip over to http://cryptome.org/ then look at http://cryptome.org/2013/09/senate-pk.htm http://cryptome.org/2013/09/nsa-pk.htm http://cryptome.org/2013/09/fbi-doj-pk.htm http://cryptome.org/2013/09/house-pk.htm http://cryptome.org/2013/09/uscourts-pk.htm and http://cryptome.org/2013/09/twitter-pk.htm and now seed both email content an headers with this publicly available information. Might well cause some names and addresses to be linked other names and addresses (be they two or three jumps away) that may raise a few eyebrows.

Why not start with a trip over to http://cryptome.org/ then look at http://cryptome.org/2013/09/senate-pk.htm http://cryptome.org/2013/09/nsa-pk.htm http://cryptome.org/2013/09/fbi-doj-pk.htm http://cryptome.org/2013/09/house-pk.htm http://cryptome.org/2013/09/uscourts-pk.htm and http://cryptome.org/2013/09/twitter-pk.htm and now seed both email content an headers with this publicly available information. Might well cause some names and addresses to be linked other names and addresses (be they two or three jumps away) that may raise a few eyebrows.

Why not start with a trip over to http://cryptome.org/ then look at http://cryptome.org/2013/09/senate-pk.htm http://cryptome.org/2013/09/nsa-pk.htm http://cryptome.org/2013/09/fbi-doj-pk.htm http://cryptome.org/2013/09/house-pk.htm http://cryptome.org/2013/09/uscourts-pk.htm and http://cryptome.org/2013/09/twitter-pk.htm and now seed both email content an headers with this publicly available information. Might well cause some names and addresses to be linked other names and addresses (be they two or three jumps away) that may raise a few eyebrows.

Why not start with a trip over to http://cryptome.org/ then look at http://cryptome.org/2013/09/senate-pk.htm http://cryptome.org/2013/09/nsa-pk.htm http://cryptome.org/2013/09/fbi-doj-pk.htm http://cryptome.org/2013/09/house-pk.htm http://cryptome.org/2013/09/uscourts-pk.htm and http://cryptome.org/2013/09/twitter-pk.htm and now seed both email content an headers with this publicly available information. Might well cause some names and addresses to be linked other names and addresses (be they two or three jumps away) that may raise a few eyebrows.

Stealthy GPU-based Keylogger

http://cryptome.org/2013/09/gpu-keylogger.pdf

++

In Response To Slashdot Article: Former Pentagon Analyst: China Has Backdoors To 80% of Telecoms

How many rootkits does the US[2] use officially or unofficially?

How much of the free but proprietary software in the US spies on you?

Which software would that be?

Visit any of the top freeware sites in the US, count the number of thousands or millions of downloads of free but proprietary software, much of it works, again on a proprietary Operating System, with files stored or in transit.

How many free but proprietary programs have you downloaded and scanned entire hard drives, flash drives, and other media? Do you realize you are giving these types of proprietary programs complete access to all of your computerâ(TM)s files on the basis of faith alone?

If you are an atheist, the comparison is that you believe in code you cannot see to detect and contain malware on the basis of faith! So you do believe in something invisible to you, donâ(TM)t you?

Iâ(TM)m now going to touch on a subject most anti-malware, commercial or free, developers will DELETE on most of their forums or mailing lists:

APT malware infecting and remaining in BIOS, on PCI and AGP devices, in firmware, your router (many routers are forced to place backdoors in their firmware for their government) your NIC, and many other devices.

Where are the commercial or free anti-malware organizations and individualâ(TM)s products which hash and compare in the cloud and scan for malware for these vectors? If you post on mailing lists or forums of most anti-malware organizations about this threat, one of the following actions will apply: your post will be deleted and/or moved to a hard to find or âdeleted/junk postsâ(TM) forum section, someone or a team of individuals will mock you in various forms âtin foil hatâ(TM), âconspiracy nutâ(TM), and my favorite, âwhere is the proof of these infections?â(TM) One only needs to search Google for these threats and they will open your malware world view to a much larger arena of malware on devices not scanned/supported by the scanners from these freeware sites. This point assumed youâ(TM)re using the proprietary Microsoft Windows OS. Now, letâ(TM)s move on to Linux.

The rootkit scanners for Linux are few and poor. If youâ(TM)re lucky, youâ(TM)ll know how to use chkrootkit (but you can use strings and other tools for analysis) and show the strings of binaries on your installation, but the results are dependent on your capability of deciphering the output and performing further analysis with various tools or in an environment such as Remnux Linux. None of these free scanners scan the earlier mentioned areas of your PC, either! Nor do they detect many of the hundreds of trojans and rootkits easily available on popular websites and the dark/deep web.

Compromised defenders of Linux will look down their nose at you (unless they are into reverse engineering malware/bad binaries, Google for this and Linux and begin a valuable education!) and respond with a similar tone, if they donâ(TM)t call you a noob or point to verifying/downloading packages in a signed repo/original/secure source or checking hashes, they will jump to conspiracy type labels, ignore you, lock and/or shuffle the thread, or otherwise lead you astray from learning how to examine bad binaries. The world of Linux is funny in this way, and Iâ(TM)ve been a part of it for many years. The majority of Linux users, like the Windows users, will go out of their way to lead you and say anything other than pointing you to information readily available on detailed binary file analysis.

Donâ(TM)t let them get you down, the information is plenty and out there, some from some well known publishers of Linux/Unix books. Search, learn, and share the information on detecting

Stealthy GPU-based Keylogger

http://cryptome.org/2013/09/gpu-keylogger.pdf

++

In Response To Slashdot Article: Former Pentagon Analyst: China Has Backdoors To 80% of Telecoms

How many rootkits does the US[2] use officially or unofficially?

How much of the free but proprietary software in the US spies on you?

Which software would that be?

Visit any of the top freeware sites in the US, count the number of thousands or millions of downloads of free but proprietary software, much of it works, again on a proprietary Operating System, with files stored or in transit.

How many free but proprietary programs have you downloaded and scanned entire hard drives, flash drives, and other media? Do you realize you are giving these types of proprietary programs complete access to all of your computerâ(TM)s files on the basis of faith alone?

If you are an atheist, the comparison is that you believe in code you cannot see to detect and contain malware on the basis of faith! So you do believe in something invisible to you, donâ(TM)t you?

Iâ(TM)m now going to touch on a subject most anti-malware, commercial or free, developers will DELETE on most of their forums or mailing lists:

APT malware infecting and remaining in BIOS, on PCI and AGP devices, in firmware, your router (many routers are forced to place backdoors in their firmware for their government) your NIC, and many other devices.

Where are the commercial or free anti-malware organizations and individualâ(TM)s products which hash and compare in the cloud and scan for malware for these vectors? If you post on mailing lists or forums of most anti-malware organizations about this threat, one of the following actions will apply: your post will be deleted and/or moved to a hard to find or âdeleted/junk postsâ(TM) forum section, someone or a team of individuals will mock you in various forms âtin foil hatâ(TM), âconspiracy nutâ(TM), and my favorite, âwhere is the proof of these infections?â(TM) One only needs to search Google for these threats and they will open your malware world view to a much larger arena of malware on devices not scanned/supported by the scanners from these freeware sites. This point assumed youâ(TM)re using the proprietary Microsoft Windows OS. Now, letâ(TM)s move on to Linux.

The rootkit scanners for Linux are few and poor. If youâ(TM)re lucky, youâ(TM)ll know how to use chkrootkit (but you can use strings and other tools for analysis) and show the strings of binaries on your installation, but the results are dependent on your capability of deciphering the output and performing further analysis with various tools or in an environment such as Remnux Linux. None of these free scanners scan the earlier mentioned areas of your PC, either! Nor do they detect many of the hundreds of trojans and rootkits easily available on popular websites and the dark/deep web.

Compromised defenders of Linux will look down their nose at you (unless they are into reverse engineering malware/bad binaries, Google for this and Linux and begin a valuable education!) and respond with a similar tone, if they donâ(TM)t call you a noob or point to verifying/downloading packages in a signed repo/original/secure source or checking hashes, they will jump to conspiracy type labels, ignore you, lock and/or shuffle the thread, or otherwise lead you astray from learning how to examine bad binaries. The world of Linux is funny in this way, and Iâ(TM)ve been a part of it for many years. The majority of Linux users, like the Windows users, will go out of their way to lead you and say anything other than pointing you to information readily available on detailed binary file analysis.

Donâ(TM)t let them get you down, the information is plenty and out there, some from some well known publishers of Linux/Unix books. Search, learn, and share the informatio

European, Russian, Iranian, and Chinese intelligence agencies are also known to spy, including on internet based communications, email and the rest. If you want to avoid that you need to think about only using Elbonian hosting and labor. Otherwise you're kidding yourself that you're going "spy free" by going outside the US.

You're also confused about the spying that the US government does. It isn't to seal trade secrets. I can understand the confusion on the point though, given certain European practices.

Don't worry, USS JImmy Carter is on the job https://en.wikipedia.org/wiki/USS_Jimmy_Carter_(SSN-23) , http://defensetech.org/2005/02/21/jimmy-carter-super-spy/ & http://cryptome.org/eyeball/mmp/jimmy-carter.htm but things may well have moved on a fair bit since then.

The only "civil liberty" it attacks is the ability to fraudulently sign in for someone else.

This, good sir, is actually complete and utter bullshit.

Two counterexamples: Brazilian doctors faked fingers and Australian kids need only gummi bears, but reallly, these weaknesses have been known for a long time.

I could go on, but biometrics just aren't very suitable for use outside of criminal investigation. What happens if someone gets a paper cut? While on shift? And so on. It's really not their fault they haven't figured every last objection yet, it's that the company is being a jerkass with other people's biometrics. Just like how an abusive boss has no expectation of loyal subordinates, any and all fraud incurred is their just desserts.

This is how unions get a bad name. Bio-metrics are used for time card validation on many places and it is neither "draconian" nor "an attack on civil liberties".

You are blaming the complainer, and you claim that because "everybody is doing it" it must therefore be just and righteous.

Well, in a word, no. You are wrong, they are wrong, you could've figured it out if you'd really thought about it for a short minute --I did--, and you simply don't want to admit the glaring obvious. Neither do they, because there's good money to be swindled out of the gullible, or they are the gullible. What's your angle?

According to the original paper at http://cryptome.org/gummy.htm, the gelatin fakes worked quite well as a thin layer over a live finger to defeat the thermal sensors or capacitive sensors designed to detect live fingers. So it's better than older phone apps which did not try to detect "live fingers", but it's vulnerable to precisely the same technology that beat the world's best fingerprint sensors better than 80% of the time, using photocopies of police fingerprint records laid on gelatin, in 2002.

Things are of a different flavor than suggested by that excerpt. The Campbell report is addressed specifically in Woolsey's piece.

Why We Spy on Our Allies

Why, then, have we spied on you? The answer is quite apparent from the Campbell report -- in the discussion of the only two cases in which European companies have allegedly been targets of American secret intelligence collection. Of Thomson-CSF, the report says: "The company was alleged to have bribed members of the Brazilian government selection panel." Of Airbus, it says that we found that "Airbus agents were offering bribes to a Saudi official." These facts are inevitably left out of European press reports.

That's right, my continental friends, we have spied on you because you bribe. Your companies' products are often more costly, less technically advanced or both, than your American competitors'. As a result you bribe a lot. So complicit are your governments that in several European countries bribes still are tax-deductible.

When we have caught you at it, you might be interested, we haven't said a word to the U.S. companies in the competition. Instead we go to the government you're bribing and tell its officials that we don't take kindly to such corruption. They often respond by giving the most meritorious bid (sometimes American, sometimes not) all or part of the contract. This upsets you, and sometimes creates recriminations between your bribers and the other country's bribees, and this occasionally becomes a public scandal.

There was an incident a few years ago (that led to at least one subsystem maintainer resigning) where RdRand was used as the EXCLUSIVE entropy source for some items if it were present. http://cryptome.org/2013/07/intel-bed-nsa.htm - Matt Mackall resigned over it.

This is BAD.

If it is now merely feeding the pool as one of multiple sources, then it's OK. If anything is directly exposed to raw rdrand output, something is very wrong.

Every gov knows what Russia, the UK and US do with their "Consulate" floors or just put a T2FD outside.
http://cryptome.org/eyeball/rubig/rubig-eyeball.htm
60 metres to photograph the site sounds a strange cover story? What could a normal sized helicopter carry in Germany at this point in time wrt quality sigint collecting?
~ http://en.wikipedia.org/wiki/Intelligence_Support_Activity made in Germany? Why the low distance?

Your excerpt stops before it gets to the good bit. I will add a bit more, and suggest that anyone that is interested read the whole thing. The link below that is from a former head of the CIA that discusses aspects of the same topic.

Statement by Director of National Intelligence James R. Clapper on Allegations of Economic Espionage

What we do not do, as we have said many times, is use our foreign intelligence capabilities to steal the trade secrets of foreign companies on behalf of - or give intelligence we collect to - US companies to enhance their international competitiveness or increase their bottom line.

Why We Spy on Our Allies - By R. James Woolsey, former Director of the Central Intelligence Agency

Cryptome notes this document is claimed to be a hoax by a Hacker News user.

http://cryptome.org/2013/09/computer-forensics-2013.pdf

I believe you can trust OpenBSD totally but it lacks many of the features and much of the convenience of the main Linux distros. It is rock solid and utterly secure though, and the man pages are actually better than any Linux distro I've ever seen.

Three points:

1) See the above discussion: you cannot trust anything that you did not create and compile yourself. With a compiler you wrote yourself. On a machine you created yourself from the ground up, that is not connected to any network in any way. OpenBSD does not make any difference if your compiler or toolchain is compromised.

2) Speaking of which, I cannot but note that OpenBSD had a little kerfuffle a while back, about a backdoot planted by the FBI in the OS? (Source 1) (Source 2). I am willing to bet that (a) it's perfectly possible (though not likely), (b) if it was done, it was not by the FBI and (c) that the dev @openbsd.org are, right now, taking another long and hard look at the incriminated code.

3) Finally OpenBSD lacking features and convenience? Care to support that statement? I have a couple of computers running OpenBSD here, and they are just as nice - or even nicer - to use than any Linux. Besides, you don't choose OpenBSD for convenience - you use it for its security. Period.

The possibly bigger problem is that no matter what OS you use you can't trust SSL's broken certificate system either because the public certificate authorities are corruptible. And before someone says create your own CA, sure, for internal sites, but you can't do that for someone else's website.

This goes way beyond a simple question of OpenSSL certificates - think OpenSSH and VPN security being compromised, and you will have a small idea of the sh*tstorm brewing right now.

There was recently a bit of a kerfuffle over RdRand.

Matt Mackall, kernel hacker and Mercurial lead dev, quit Linux development two years ago because Linus insulted him repeatedly. Linus called Matt a paranoid idiot because Matt would not allow RdRand into the kernel, because it was an Intel CPU instruction for random numbers that could not be audited. Linus thought Matt's paranoia was unwarranted and wanted RdRand due to improved performance. Recently Theodore T'so has undone most of the damage, but call RdRand still exist in Linux. I do not understand exactly if there are lingering issues or not.

Just because the NSA toughened some standards in the 1970s doesn't mean they are good guys now. After all, many familiar with the inner workings of the agency have said that the mood there changed greatly after 9/11 to "privacy be damned", and the Snowden documents leaked the other day admit right now that the NSA has inserted backdoors into cryptosystems used by the general public.

They were "good guys"? People have short memories. NSA have been involved in this type of shit for a long time (in physical world).

http://cryptome.org/jya/nsa-sun.htm

http://cryptome.org/2013-info/08/nsa-li/nsa-li-logos.htm has some more fun art.