Slashdot Mirror

#1 - They're enforcing the laws of our country. The FBI is just the police that operate at the Federal (National) level. It is not the FBI's job to deal with foreign matters.

#2 - The responsbility for tracking down Bin Laden lays with the NSA (It coordinates, directs, and performs highly specialized activities to protect U.S. information systems and produce foreign intelligence information.) and the CIA (Providing accurate, comprehensive, and timely foreign intelligence on national security topics.). The Department of Defense (the military) are the ones who carry out the work to actually find him.

I wonder what qualifications you need to join the NSA?

I wonder what qualifications you need to join the NSA?

Read the fine article--the Army team, at least, uses Linux

I wonder if they'll be using the NSA's Linux against the NSA?

The NSA was nice enough to give us their version of linux that they modded, along with source. Always been tempted to make a box out of it, although I am not sure if I want it live on my network ;)

The NSA was nice enough to give us their version of linux that they modded, along with source. Always been tempted to make a box out of it, although I am not sure if I want it live on my network ;)

The 'tip top' computer programmers in the world who are not working for the likes of IBM or Microsoft are likely working at/for the NSA.

As you can see, all three firms would undoubtedly treat such talent as a valuable proprietery resource to be held in the strictest of confidence.

Isn't making an interface usable something interesting? Something challenging? Aren't challenges something geeks do well? Ignore Microsoft. Why not make the best interface that can be made? It'll take time but it'll arrive. I'd like to see lots of distributions with a strong core feature set to each of them, but with each carrying an ever varying application set. Think KDE on a large scale.

What I find interesting is that whenever someone says "usability" and "linux", people automatically assume "the graphical interface".

How about the rest? A well thought out OS, as far as usability is concerned, is thought so from the ground up.

Pardon me, but I'm going to point at Mac OS X. It's definitely not just the interface that's different, that's just the icing on the cake. The underlaying OS is vastly different from your average Linux distro, because the way it is organized. It has to do with everything: the bootscripts, the security, the application packaging, the filesystem organization, etc.

Think about it: those guys at Apple probably sat down and said "let's make it easy on the user", then they started doing things more or less from scratch. Only some of the people who contribute to Linux give a thought to the basic design principles that Linux is organized upon. No I don't mean the freaking graphical interface, I mean everything. The result is obvious.

The Linux heritage is UNIX, which has always been a black hole of usability. UNIX was always an OS designed by the extra-power users for other extra-power users. Naturally, Linux inherits all the flaws in it.

Frankly, I think it will take something like 10 or 20 years for Linux to become usable (you know what I mean by usable, don't start nitpicking please) and impose itself on the market. If it won't be too late by then. Why? Because companies like Apple and Microsoft can afford to redesign the entire operating system every few years. Think about how the Windows systems have evolved, or how Mac did. Eventually, one of these summers, you're going to look at the new Windows system and say "dude, that looks so good and usable, and it's thought out so well." People already say this about Mac, it's just the price tag for the hardware keeping them back.

Granted, the Linux community could do the same in 6 months to 1 year. The problem is that they don't even begin to acknowledge the need for a complete overhaul. The replies to this post will probably say "what's wrong with Linux as it is today?" Therein lies the problem.

There are already avangardist projects like GoboLinux or Zero Install (heck, even SELinux makes a good example, see how many adopt that soon) out there who try to challenge the basics of the Linux system design, but not many people take them seriously. It's a shame, because if anything, such projects have proved that you can do anything with Linux, as long as enough people start to see the need for the change.

Every year, the major distro's come up with bells and whistles, and better hardware detection, and package newer versions of the software, and better tools to tie together with ducttape the problems in the system. And we delude ourselves into thinking that Linux systems are evolving. Please. No, I don't mean the kernel or the applications, I mean the systems.

Sigh. You'd think there would be a breakthrough at some point, somewhere. That someone would understand the need for fundamental changes. That someone would design a new breed of Linux system. That it would implement that new system to a fairly usable point. That a company would appear to pick it up and bring it to the masses. That the community would embrace it.

But it doesn't happen. There are 5 hops I mentioned here, and something happens at some point. I can figure out some reasons and you can probably figure them out too. So we all clap for the 10th version of the same old distros, going on the 20th.

Not that I'm paranoid or anything. Ok, ok, so I'm paranoid and the governments' out to get me, but I still gotta wonder how quickly it was cracked by the boys with the big iron. Even though private/personal computational horsepower has increased dramatically over the years, while govt funding has decreased, I still can't see a general purpose CPU or network of CPUs being able to compete with dedicated crypto hardware .... Am I wrong??
Another interesting link here
Paper: "Architectural considerations for cryptanalytic hardware"
Cypherpunks Tonga

in-house code, as well.
The advantages of closed source coding seem to me to be a faster development time, stronger integration of components, and more support. The drawbacks, though, are that you are ultimately trusting somebody else.
Open source code, I would say, is more secure overall - there are more people looking at the code, so it is less likely that bugs slip through. The drawbacks would be that open source is less custom-made and possibly less supported than the rest (also, as O'Dowd would have it, people 'contributing' backdoors).
As for simply writing your own secure code (an agency doing this, that is), it's obviously just more expensive.
The best solution, in my opinion, is to make your own custom flavor of Linux that is open to all, but contribution is regulated so no questionable code can be admitted - the tack taken by the NSA.

that Linux can be made pretty damn secure.
If they have faith in it....
http://www.nsa.gov/selinux/

The US government is the largest user of mainframes. If IBM says that 70% of the world's data is stored on them, I'm inclined to believe there's some truth to that statement.

The second chapter covers the security architecture, which features such things as permission-based access, least privilege and isolation, mediation, and other expected elements. ... But three of the design goals represent the core philosophy of Gutmann's architecture: The separation of policy definition and enforcement mechanism, a verifiable design (practical vs. theoretical viability), and a flexible security policy.

It is worth noting that this is exactly what SELinux from the NSA was seeking to apply to Linux at a kernel level. The principle is to confine all user programs and system daemons to an absolute minimum required level of access. That is there is an access manager in the kernel that mediates requests. In turn, there is a policy manager (seperate from the access manager) that maintains policy. Effectively the access manager queries the policy manager and then applies whatever access decision the policy manager returns. This means buffer overflows don't get you anywhere - there is no root account with universal access to exploit!

The system is, in fact, even more flexible than that - seperate access managers exist for processes, filesystem access, and IPC (socket or System V), but the hooks are provided in a way that this is completely modular, and new access managers can be added/written for whatever else you want to control (database access for instance).

The point is, a very fine, well thought out, secure system for access conrol has already been implemented for Linux (and has been folded into the 2.6 kernel). People ought to be using it! If you're running a 2.6 kernel, see if you've got LSM compiled in, if not, do a recompile to include it. Example policies can be found here, and policy management tools (even GUI ones) can be found here. If you're serious about security, the you ought to to be using this stuff. If you're not serious about security, use it anyway and help make Linux as secure as we like to pretend it is.

Jedidiah.

I think this was intended to be funny/sarcastic. At least, I took it this way.
I guess we all need to start using Secure Linux.

The problem might be taken care of in Linux before Windows because of SELinux. If I understand it correctly, the security policy implementation is far more flexible and sophisticated. I know the basics for it are rolled into the 2.6 kernel, but there is a lot of work that needs to be done implementing the access controls.

The problem might be taken care of in Linux before Windows because of SELinux. If I understand it correctly, the security policy implementation is far more flexible and sophisticated. I know the basics for it are rolled into the 2.6 kernel, but there is a lot of work that needs to be done implementing the access controls.

"The NSA might be pushing code into Windows that can be used to compromise our security."

Damn right! For extra security, they should use SE Linux instead ...

Nice, same old shit PFB's have been spouting since the begining. Your type used to be in the majority. We call that the bad old days. But your take-it or shove-it attitude just doesn't fly. I apologise for you because like every Windows moron and every Mac snob your espousing nothing be zeal. As if everyone who doesn't know/think/do exactly what you think they should is somehow less then you. But if you truely weren't trying to put your foot in your own ass you be using OpenBSD or applying the NSA patches, I mean you'd look like a total idiot if *your* OS ever got comprimised, right?

Windows has it faults, sure, but so does Linux and if you can't see that then your simply a bigger asshole then I thought. I use it every day *and* I love it, but if Linux is going to continue to grow beyond a hobbiests OS we are going to have to see its imperfections, not yell at other people for not using it.

Further complicating the problem is that even if someone were to develop an environment that attempted to prevent all of the problems caused by programmer errors, it would be horrendously complex and would likely kill performance.

IMO, a big part of the solution is factoring out solutions for major known security problem areas into the environments, languages, and frameworks that developers use on a day-to-day basis. E.g. if you're using a language with robust automatic memory management, there's little reason to go looking for C-style buffer overflow exploits coded by your developers.

In today's environments (e.g. Windows and current *nix systems) with current popular languages (e.g. C, C++) we're at a big disadvantage. Much of the discussion in this thread presumes that coders can/should amass total knowledge of all levels of security exploits, from binary code injection to cross-site scripting (aka CSS), SQL injection, etc. It becomes overwhelming to a dev who really should be able to focus on the value-added problems at hand. I'm aware of only one cost efficient approach: choose environments, languages, and/or tools that mitigate known security risks.

Where applicable, this can be done by leveraging environments that can limit the scope of attacks. See SELinux and GR Security for ways to patch Linux to meet thess needs, or the EROS project for a fresh view of OS security and compartmentalization models. Environment choise is most relevant to folks providing networked services, where they can control the platform specifics.

The cause can also be aided by using languages/frameworks that encapsulate security knowledge. This can be as "simple" as using a language with automatic memory management(to factor out common buffer overflow problems), or along the lines of using scripting frameworks that standardize policies for correctly managing more complex security issues (e.g. cookie management, web input/output validation, CSS issues, etc).

I'd argue that it is possible to improve software security practices significantly simply by careful choices of tools and techniques available today. But it takes a saavy organization to really commit to providing secure software solutions, and to be able to do so in a cost effective manner. As always, the hard part of the equation is programming the wetware. 8-)

On the other hand, Google Watch appears to be the site that routinely cries "wolf". I think there's a straight-forward reason to ignore Google Watch. You aren't providing real information, but rather vapid propaganda. For example, we're supposed to get worked up over the fact that a single Google employee worked for a year at the NSA? Is this something like the "one drop" rule? If you ever hire someone who worked for any period of time at the NSA, then you become a tool of the NSA? My point is that, if Google does something particularly heinous, then Google Watch will be well positioned to discredit or hijack any public reaction to this information. Just the kind of operation the CIA would do... hmmm...

I think I see a pattern, Damiler, IBM, thinking about Bank of America. The strategy would seem to be "lets find a company with deep, deep pickets, legions lawers already on the payroll and sue them". Perhaps they will go after the NSA next, as it would seem that they have also been naughty Secure Linux

That might be funny, if it were true. Fortunately, it's not.

How many operating systems can boast about having ***NSA***-quality security?

Seeing as how NSA publishes security guides for NT, 2000, XP, 2003Server and Solaris 8, I'd say it is more than just Linux.

Man, to think Mr. Gates has to spend company money to secure his OS, whereas Linux users (in the U.S.) just need to pay their taxes to get an extra secure system.

And at least for me, knowing that the NSA is using Fedora Core 2 as a development platform makes me more likely to use it than other distros (although admittedly I already had a liking for Fedora Core for the get go). Perhaps it's stupid to let a thing like that sway me, but it definitely adds to a conversation...

Friend: Linux? Huh?

Me: Ya, it's an OS that even has the NSA making security patches for it too.

Friend: Nice. But does it play my games?

Me: Doh!

Microsoft already had a copyright on your old name, but if you live in a country other than The Netherlands, Belgium, Luxembourg, or Sweden, click here.

-Letter

... their web site,...

click

"Ooh, sweet Flash intro..."

Accept cookie from www.nsa.gov?

The site "www.nsa.gov" wants to set a cookie.

[X] Remember this decision for this site

Cookie Details

• Name: CFID
• Value: 108563
• Path: /
• Secure: No
• Expires: Sat, Sep 26 2037 at 7:56 PM

Reject/Accept?

Something isn't right about that...

Can we expect that NSA will also do EAL5 for Linux for free?

No, because that is not a project goal. It (Security Enhanced Linux) is not designed with the goal of getting Common Criteria approval (by an independant government-approved lab).

SELinux's beginning have more to do with extending an experimental Role Based Access Control (RBAC) than trying to deliver a production quality "secure OS".

Can we expect that NSA will also do EAL5 for Linux for free?

No, because that is not a project goal. It (Security Enhanced Linux) is not designed with the goal of getting Common Criteria approval (by an independant government-approved lab).

SELinux's beginning have more to do with extending an experimental Role Based Access Control (RBAC) than trying to deliver a production quality "secure OS".

Can we expect that NSA will also do EAL5 for Linux for free?

No, because that is not a project goal. It (Security Enhanced Linux) is not designed with the goal of getting Common Criteria approval (by an independant government-approved lab).

SELinux's beginning have more to do with extending an experimental Role Based Access Control (RBAC) than trying to deliver a production quality "secure OS".

It's not just community spririt; it's actually their job. While the NSA is well known for its role as a spy agency stealing other countries' secrets, it has a less well known role of helping America to protect its own secrets. Looking at their mission statement on their web site, they say that their goal includes:

The Information Assurance mission provides the solutions, products, and services, and conducts defensive information operations, to achieve information assurance for information infrastructures critical to U.S. national security interests.

IOW, designing secure computer systems is a critical part of their job. Making SELinux means that, as an example, DOD projects that use Linux- and the DOD likes Linux quite a bit- will now be that much more secure.

It's not just community spririt; it's actually their job. While the NSA is well known for its role as a spy agency stealing other countries' secrets, it has a less well known role of helping America to protect its own secrets. Looking at their mission statement on their web site, they say that their goal includes:

The Information Assurance mission provides the solutions, products, and services, and conducts defensive information operations, to achieve information assurance for information infrastructures critical to U.S. national security interests.

IOW, designing secure computer systems is a critical part of their job. Making SELinux means that, as an example, DOD projects that use Linux- and the DOD likes Linux quite a bit- will now be that much more secure.

Here's a few more interesting SELinux links: - yesterday's release
- the FAQ
- sourceforge page
- Gentoo Hardened
- Fedora Project' SELinux

Here's a few more interesting SELinux links: - yesterday's release
- the FAQ
- sourceforge page
- Gentoo Hardened
- Fedora Project' SELinux

It doesn appear that they even slowed down...

They seem to be doing an update every couple of months.

http://www.nsa.gov/selinux/

And if you are at all concerned about the security of your box you should take a look at SE Linux

Take a look at the bottom of any of the ARDA pages. See the little webmaster mail link? See the domain it goes to? ardaweb@nsa.gov. I think that since the NSA has gotten a hold of it, there's not much you can do about it . . unless you want to disappear.

This feature sounds like the privilege model from Trusted Solaris is being mainlined into the plain ol' Solaris tree. In which case, yes, someone is working to bring that into Linux. That's one of things SELinux is doing.

Better not let this guy know that the NSA has developed their own version of Linux and made the source code publicly available. Just think! The terrorists could see the source and hack the government, all because they wanted to 'save money' of free software!

I haven't read the article, but I think it's safe to say that the author needs to get a clue and a ticket back to reality rather badly.

Better not let this guy know that the NSA has developed their own version of Linux and made the source code publicly available. Just think! The terrorists could see the source and hack the government, all because they wanted to 'save money' of free software!

I haven't read the article, but I think it's safe to say that the author needs to get a clue and a ticket back to reality rather badly.

That's what made me laugh. A government is going to buy an OS "subsidized and supported by organizations that may not have U.S. or other government interests at heart". The Defense Department is going to by alQaedix (or even RedFlag Linux) because it's cheap? Has this troll never heard of, say the NSA's Security-Enhanced Linux?

Anyway, he omits that subversion of an OS could almost as easily be done in any closed source software, especially with the trend to subcontract and outsource.

VeriSign running a bogus SMTP server was very bad from a privacy point of view. Even if they didn't accept the message body (did they? I don't remember), they collected a lot of information that could've been used for traffic analysis. It's none of VeriSign's business to know that I mistyped an email address: they could find out what the real address was. It's none of VeriSign's business to know that I mistyped a URL: they could find out what the real URL was (hamming distance usually 1 or 2). Why should they collect so much information about my email or surfing habits anyway? If I believed in conspiracy theories, I'd suspect that they may be in cahoots with the NSA (I don't think so).

Here's what the National Security Agency says about Security-Enhanced Linux.

I don't recall if it got as far as filing an injunction, but they did complain that any open source work the government does is effectively the taxpayers funding an MS competitor. Not that there's anything wrong with that. Lots of pieces of BSD were DARPA funded, and MS uses pieces of BSD.

SELinux is still available at nsa.gov. Always has been.

1. So how does SE Linux protect systems against trojans?

SE Linux removes what you might consider to be the "superuser" account (aka 'root' under *nix or 'administrator' under Windows).

You can configure the system to act just as it is now -- having an account that is all-powerful (root or another one), or you can have very limited focus accounts that can not 'see' or use the resources of the others.

The core OS still has the ability to do root-like things and dole out those permissions, though the scope of what needs to be watched is greatly reduced.

By itself, this is not interesting. As a base for a security policy, the increased ability to log who-did-what, and the ability to stop per-process resouce use (not just per 'user'), it becomes very very interesting.

Here are some links on it;

Security-Enhanced Fedora Core 2

Looking forward to Fedora Core 2

(follow this thread) Re: Proposal: Discourage rpmbuild --sign

The main SE Linux site

I know I'm plugging my own university here, but A&M has a really great environment if you want to do networking. Also, the CPSC degree plan is pretty flexible.

Check out the
VNE and this list
of schools that the NSA has designated as "CENTERS OF ACADEMIC EXCELLENCE IN INFORMATION ASSURANCE EDUCATION" which also largely have good networking programs. This list of course includes Texas A&M University :-). Also, note the NE program at TAMU: http://vnelab.cs.tamu.edu/network_engineering_vne. html

I never asserted anything of the kind. SELinux is about implementing access control, which has little if anthing to do with enhancing the kind of security being discussed here, i.e., getting root.

Well, this would indicate to me that you have no idea what issues SELinux might or might not address. Perhaps you should research the topics of your closely held opinions somewhat. From the FAQ:

It [SELinux] has no concept of a "root" super-user, and does not share the well-known shortcomings of the traditional Linux security mechanisms (such as a dependence on setuid/setgid binaries).

I would say this rather soundly addresses the concept of "getting root", wouldn't you?

Linux tends to be more focused on utility and performance.

This is exactly the situation that SELinux hopes to address, isn't it?

The question you should be asking yourself is why organizations like the NSA and DARPA, which are after all dedicated to eavesdropping and intelligence gathering, would want to spend time and resources making the computer systems of target nations more secure.

Come on, that one is too easy... the security of the parent system has absolutely nothing to do with the security of an isolated data stream - i.e., email, instant messenger, http, ftp - you name it. SELinux also does little to address the security of daemons like, say, MySQL - it simply isolates the components so that a compromise of the apache code doesn't translate to a compromise of the system.

There is also the fact that the NSA and DARPA don't have to work to compromise our security - after all, the RIAA and MPAA may engineer us into a government-controlled cryptographic system with government (or copyright holder!) held keys - for Intellectual Properties enforcement, of course.

This reminds me of NSA's SELinux, a ploy to get everybody to pass over an OS built with security foremost in mind (like OpenBSD) and rush instead into one for which the NSA no doubt has hundreds if not thousands of pre-programmed exploits.

I'll bet you that's where half of their supercomputer time goes. Iterating across the domain of all possible inputs against Windows and stock Linux distributions, looking for all the holes.

How does DARPA game Sardonix? By controlling the rankings and emphasizing simple or known security holes while concealing or obscuring those for which federal exploits stand at the ready.

It would be a great idea, but only if somebody else was running it.

SELinux has been included in 2.6. In case you don't know, this is the set of security extensions developed by the NSA itself. Check it out here .

With the NIST releasing their new report; is there a "third party" agency that is doing any independant review of the suggestions in these reports/guides released by certain US govt agencies?

The ones that really interests me are the "Security Recommendation Guides" supposedly by that "Three Letter Agency"