Slashdot Mirror

Or you could join the US National Security Agency...

They have these http://www.nsa.gov/careers/students_4.cfm programs

Definitely worth the trip, as others are saying.

One thing I wondered about when I was there: SIGABA/ECM was touted by our tour guide as something which still hasn't been broken, even with modern computers. This seemed unlikely to me, especially after realizing how easily Enigma can be bruteforced (given any known plaintext) -- but then I read about Solitaire/Pontifex in Cryptonomicon, and it makes me wonder...

Thanks, General Alexander!

Sadly this is quite possible. The complete package would not only include a "trusted hardware" system that enforces DRM on any media you get from elsewhere while it happily violates your own copyright on anything you create yourself by sending a copy to Fort Meade.

I get what you are saying about the potential for vote buying... and it is a Valid point.
But as a voter, that is so much less of a fear to me than the ability for someone or an entity to be able to electronically rig an election (if not just part). Allowing the voter to lookup to "verify" their vote choices *after the fact* is the point!
How do I know if my vote was electronically changed to a different choice than the one I made? Buy looking it up!
Using statistics to prove a system is secure sure sounds like telling an individual their vote does not count. I want to look mine up! After all the money spent on political ads and other advertising, there's no way for a specific voter to vbe able to verify their vote? Even my local cable company can look up mt account and verify what choices I made on my channel and data plan selections. I have had some of those changed without mt permission, I verified my choices and resolved the error. Verification is key to trust.
Now if someone or some entity is paying others for their votes and they want to use the 'verification' system to prove who they voted for... that's abuse and is already against the law in the US.

If I can account for my exact 'choices' and 'values' made at precise times and locations with a simple credit card receipt NOW, why not for my electronic vote!!!??
There is a real reason we do not have an accountable system in place. What could it be?
Furthermore, we need to verify identity with a fingerprint (or other not-exclusive-to-an-ID-Card biometric information) when we vote to ensure multiple voting abuses do not take place. Wait a minute... I do this *already* with my fingerprint whenever I cash a check at my local bank.. Why not for voting too??

Voting IS a National Security issue and therefore falls under the territorial umbrella of the NSA (just as cryptography strength verification or even how to securely up your Computer). http://www.nsa.gov/snac/
With the proven fraud methods illegal aliens (and legal aliens) have used before to vote in US elections, self-identification is also essential. (Just like with credit card use! Ever been asked for your Picture ID when using your credit card? Why not with voting?)
With current electronic voting systems I remain unconvinced that there is not the ability to alter the voting data after I make my choice.
I say prove it. What better way then to provide the voting citizen the ability to look up their data individually from a unique number given at the time of voting?
->Bruce Schneier's excellent essay addresses the real need for electronic voting devices to have: Accuracy, Anonymity, Scalability, and Speed. http://www.schneier.com/blog/archives/2004/11/the_problem_wit.html

If illegal vote buying takes place after the fact because users can look up their unique number given at the time of voting, pass harsh laws that make any adjudged vote selling a instant federal felony conviction unexpungeable from their permanent arrest records (felons in the US lose their right to vote, although certain former trial-lawyer politicians have been quietly seeking ways to allow non-citizens and felons to be able vote.)
You rarely hear about the theft of US Mail, and nobody in the criminal world wants a US Mail Fraud conviction. There are very harsh penalties for messing with the USPS.

Present electronic voting systems are unaccountable and therefore it might be hard to fint a security flaw and exploit it to alter the voting data (or to just change the data), but it is just too easy to get away with it!
There MUST be a permanent and unalterable when-cast vote record created *and* a way for each voter to verify that their data made it into the system precisely as they cast it. The Anonymity portion of my proposal is that the printed number is linked to what the vote choices were, not to the user's name.
The

"People" are not who should be the ones to determine "security" no matter how Warm & Fuzzy they feel about said technology.
I want a unique timestamped paper receipt which I can look up later to verify my actual votes! NOTE: This *IS ALREADY IN PLACE* with retail credit/debit card sales.

I want the NSA (yes, them. http://www.nsa.gov/home_html.cfm ) to certify ANY electronic voting apparatus used in the US and to further guarantee its accuracy.
This means they would be one the ones doing the recounts along with an certified third party (or two) paid for by each region/state choosing to use electronic voting.

I would like all records including the evidence (in-situ timestamps generated printed paper vote ballot recipts) be available for and dispute review.
Each electronic voter would be issued a unique identifier number on their receipt at the time of their voting, that way they could login into a secure web server with that number to review their vote selections. There would also be a dispute console available for any discrepancies. Metrics revealed from the 'disputes' submitted would indicate a problem. This would be a more ideal way to merge the speed of 'paperless' electronic voting technologies with the exacting re-countability of 'paper' voting methods.
I get a receipt that is both unique and timestamped when I purchase a single pack of gum at the grocery store with my Debit Card.
Why are there no accountable unique and timestamped receipts provided to every electronic voter and some secure method with which they could later review them?
I believe that the NSA has both the technical knowledge and resources to set up said secure verification of-your-vote web servers.
If it works for retail transactions, why not for voting? Heck... Mastercard/Visa and the NSA could team up and develop a FAST *and* far more secure electronic voting system with paper receipts user verification. I'd even pay the Card companies their 1%-3% cuts for that kind of reliability!
The real problem here is that there are too many cooks with too many agendas in the voting methodology kitchen!!!

They aren't a DOD agency in the normal sense. They have a flag officer, but they are outside of DOD for all intents and purposes. The DOD already has a joint network protection group (JTF-GNO) and they are monitoring and protecting their networks across the three branches fairly well now. NSA provides input and expertise, but they aren't doing any of the actual work.

They aren't a DOD agency in the normal sense. They have a flag officer, but they are outside of DOD for all intents and purposes. The DOD already has a joint network protection group (JTF-GNO) and they are monitoring and protecting their networks across the three branches fairly well now. NSA provides input and expertise, but they aren't doing any of the actual work.

Nope!

All now part of the Google Panopticon!

We have put Jamshid's Cup in the hands of the puerile and unworthy.

Even those of... the criminal.

Perl was created by Larry Wall, who worked for NASA, not NSA. Specifically, the NASA Jet Propulsion Laboratory at Caltech.

SELinux consists of modifications to Linux operating systems to conform to certain guidelines.

But yes, the government has a history of willing participation in open source software and open standards. Today, it's even more defined. That much of the government involved in routine business and administrative operations still can't break away from the Windows paradigm isn't an indictment of open source software.

BSD =/= Linux. OSX = BSD. What you suggest is what they're doing.

Personally, I'm just wondering what's wrong with SE Linux.

The NSA have an OS X hardening guide you may be interested in: http://www.nsa.gov/notices/notic00004.cfm?Address=/snac/os/applemac/I731-006R-2007.pdf

By that reasoning, that's a concern for ANY encryption standard, then.

A lot of people seem to forget that the NSA's only job isn't to "break codes". It's to also provide mechanisms that it believes CANNOT be easily broken to protect OUR OWN information. That's the other half of NSA's mission everyone seems to forget.

Wait. Are you saying that the federal government are a bunch of PIRATES? Time to fight fire with fire.

So they're going to seize the NSA's computers? Perhaps they're going to seize the computers running whitehouse.gov? Or let's go the direct route and have the FBI seize some computers close to home.

(come on, this'll help get you moved out of Mom's basement)

It's not much of a cover. NSA lists the Maryland Procurement Office on their web site, in the "Doing Business with NSA" section. It's their central point for contractor invoicing. "DoD IECA PKI Certificate is required to access the website."

NSA used to be far more secretive. But that was a long time ago. Now everyone knows who they are and what they do.

I'm not sure why this is considered controversial. I do personally think it is sort of interesting, but I'm not sure where the "real" story is. It would be like if someone who just discovered the internet posted "did you know that the suffix .org is meant to be for non-profit organizations but in reality anyone can use it?" Shocking! Must be a conspiracy. This strikes me as the same kind of thing. It is a bit of common trivia not generally known by people who don't write research grants. But its not a whistle-blower revelation regarding a large scale breach of ethics. Is it really surprising that academics who get NSA funding want to keep a little quiet about it? I can think of a lot of practical reasons this might be the case. What bugs me is that the article makes it sounds like chagrin is the motivator: they are ashamed of their funding source because academics are suppose to be free thinking anti-establishment types. But I think the reality is much simpler: academics have a spectrum of beliefs like everyone else and moreover are happy to get funding where they can get it. Although I may not agree with everything the NSA does, taking money from them in the form of formal research grants does not constitute a breach of ethics of any kind (as this wikileak thing implies). Besides, a research grant probably created this really cool kids page (its sort of psychotic if you think about it). Another interesting thing is that a huge amount of computing the NSA does has to do with linux-based security issues. Perhaps this whole story is just an NSA cover to get a mildly amusing NSA story on the front pages of slashdot. Come on, Dr. Malda and reveal your true funding sources.

I'm not sure why this is considered controversial. I do personally think it is sort of interesting, but I'm not sure where the "real" story is. It would be like if someone who just discovered the internet posted "did you know that the suffix .org is meant to be for non-profit organizations but in reality anyone can use it?" Shocking! Must be a conspiracy. This strikes me as the same kind of thing. It is a bit of common trivia not generally known by people who don't write research grants. But its not a whistle-blower revelation regarding a large scale breach of ethics. Is it really surprising that academics who get NSA funding want to keep a little quiet about it? I can think of a lot of practical reasons this might be the case. What bugs me is that the article makes it sounds like chagrin is the motivator: they are ashamed of their funding source because academics are suppose to be free thinking anti-establishment types. But I think the reality is much simpler: academics have a spectrum of beliefs like everyone else and moreover are happy to get funding where they can get it. Although I may not agree with everything the NSA does, taking money from them in the form of formal research grants does not constitute a breach of ethics of any kind (as this wikileak thing implies). Besides, a research grant probably created this really cool kids page (its sort of psychotic if you think about it). Another interesting thing is that a huge amount of computing the NSA does has to do with linux-based security issues. Perhaps this whole story is just an NSA cover to get a mildly amusing NSA story on the front pages of slashdot. Come on, Dr. Malda and reveal your true funding sources.

Actually, there's a good chance that you will. I suspect that we'll see a resurgence of the NSA Security Configuration Guides (which already have seen a little bit of a spike in the last couple of months) as this spreads out, including information on how to pick firewalls and IDS, additional information about securing a DMZ and even when to use them, and further recommendations on how to lock down clients. Microsoft has picked up some of the heavy lifting when it comes to the major portions, as its security guides for Windows 2003 and Vista are considered acceptable to the NSA, and the follow-up for Windows 2008 will probably be similarly considered good enough. But there are still topics that are not dealt with as well (or at least as concisely) by other vendors, and as such, the NSA will probably help to pick up the slack.

If nothing else, the documents provide valuable positive public relations, and (all pseudo-conspiratorial snickering aside) are widely considered to be very well-written documents that can and often do serve as the security base for many network environments.

It seems like this was the type of expoloit that SELinux was designed to handle automatically. Do any of the Linux distributions provide a default SELinux policy which actually did handle this particular case? I know there has been some success in the past with SELinux prventing zero-day exploits. What about Fedora's default policy?

The NSA has their own Linux distro, specially hardened for security.

Let's hope they start deploying it more widely... :-)

However, if a member of a law enforcement branch of the government says "this is legal" and it's plausible, I might answer differently.

The NSA isn't law enforcement. It's a spy agency. They serve two purposes: they protect American intelligence assets, and they attempt to acquire foreign intelligence assets. Note my emphasis on foreign. Domestic spying used to be illegal for them to do, and that knowledge should be basics civics knowledge for any high school graduate.

From the linked list:Secrecy level: High. Two reporters from the local newspaper are the only media who've been inside the compound and written about it (See "Inside the World of Google"): Google treats any and all details as though they belong to the National Security Agency.

Well.... I know they were trying to be funny, but the authors could be more correct that they might have known given the history of Google (startup partially funded by CIA $$s) and how tight they are with NGIA (Google Earth projects), CIA etc..., it would not surprise me to see Google working intimately with NSA. After all, Google has been competing with NSA for PhD mathematicians for some time now (and winning) and it seems like a natural fit. Of course such a "hypothetical" collaboration would raise all sorts of ethical questions, but assuming one could appropriately compartmentalize those concerns, it could certainly be mutually beneficial.

Personally, I'd like to think that this little project (when complete) will certainly contribute to the creation of one or more of the Seven Wonders of the IT world. After all, we all have little wetware parallel supercomputers sitting in the backs of our eyes that can process massive amounts of data, pre-encode it, filter it and more all while dealing with a certain level of data corruption, particularly in disease.

"What do you think is in the kernel ? (This discussion is rapidly exceeding the scope of comparing IE on Windows to its counterparts on other platforms - unless you think IE is in the kernel.)"

No, I'm talking about things like the GDI kernel data structures. A vulnerability there was reported in last year's Month of Kernel Bugs, and it turns out that it had been reported two years earlier, and was still unpatched.

"Perhaps you don't realise pretty much the biggest reason Windows 9x even existed *at all* was to deal with legacy hardware and software.... "None of either" ? Do the ~15 years of PC usage usage preceding Windows 95 - and the significant investment by users in hardware and software during that time - not exist in your world ?"

I think you're arguing for the sake of arguing. Certainly this is a strawman. At the beginning of that ~15 year period, you'd find personal machines like the Commodore PET. At the ~10 year point, my personal machine ran CP/M on a 4MHZ Z80A, with 64K RAM, and the only way I could talk to another system was over a 300 bps modem. WTF does ~15 years have to do with Windows backward compatibility? Though they're better at this than, say, Linux (which had a truly horrible ABI situation for a long time), Microsoft has broken backwards compatibility several times.

Once again, I have to reiterate that I was speaking of quite simply of the the folly of introducing a single-user machine to the Internet.

"They did. Windows NT. Users weren't really interested at the time because most of their software and hardware was unsupported and it needed a relatively powerful machine to run (another price you pay)."

So buy the expensive product or be exposed to risks you probably didn't know about in the cheaper product? Perhaps it was impossible to add multiuser to Win95 and still maintain the ability to run Win 3.1 apps. Certainly it would have been difficult, but I've never heard that it was even attempted. You're making a reasonable argument here, but (largely because of Microsoft's business practice record) I'm not convinced.

"You mean extending it in a way the protocol and RFCs allowed for ? How would that argue against Windows being meaningfully more complex than its functionally-equivalent contemporaries ?"

The purpose of the RFCs is interoperability. The MIT Kerberos team developed something quite useful, gave it away, and got an RFC out there to make it easier for others to implement, all in the name of interoperability, and helping the computing world. Microsoft took that product, and intentionally broke interoperability. *That* is illegal use of monopoly power, IMO. After a huge firestorm of bad press, they made the spec available if you'd run a .exe that forced you to agree that it was a trade secret, making it essentially unusable. Yet more hilarity ensues, and yet more bad PR.

That's a sweet bit of revisionist history you're working on there, but I doubt many people who've been in this game for long are buying what you're selling.

"You'll need to be more specific." (related to my "subtly different APIs" remark)

I'm not up for chasing down the references. Let's leave that one as an exercise for the reader. Anyone who wants to Google for Microsoft API weirdness, or undocumented APIs (cause of yet legal more problems in both the US DoJ and European Commission cases) shouldn't have much trouble.

"What's in the equivalent Linux documentation ? (Although given that SELinux-capable distros didn't start showing up until 4 - 5 years later, the comparison is hardly going to be fair.)"

There wasn't much there in way of Linux docs on the NSA site at the time, and they didn't release SELinux for another year. You could run SELinux in 2001, if you had too. Not "4-5 years later." See the press release at http://www.nsa.gov/releases/relea00027.cfm, dated 2 January 2001. I wouldn't have done it without a driving need, but I know people who had the ne

I strongly recommend a reading of "The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments" http://www.nsa.gov/selinux/papers/inevitability/. Whether it's AppArmor or SELinux or something else, it's well past time to start requiring mandatory access controls on our OSes.

There's a reason I moved to Canada. Not that it is wildly better or all that different, or even free of major stupidity and scandal, but it seems to be largely (but not completely) free of retarded hatefilled shitbags. And while the gov't has a deeper hand on things here, one would expect boneheaded nanny state nonsense like the legislation in TFA from Canada, not from the USA. OH, how times have changed... The Rethugs want to blow up the planet and make everyone a classic Xian sexless mouthbreathing mallrat and the Dems want the corporations to own every piece of cultural artefacture in perpetuity, and make it all safe for the lowest and stupidest citizens and remove the responsibility that PARENTS SHOULD BE EXERCISING in favour of the nanny state.

As the Dukes of Stratosphear (XTC) crooned:

I'm the Mole in the Ministry
And you'll all bow down to me.
I'm the mole in the potting shed.
I'm the bad thoughts inside your head.
And you won't catch me...

As a little black girl once shouted into a bullhorn on the TV show "Wondershowzen":

RISE UP PEOPLE!!! RISE UP!!!

RS

Not Gitmo....Manhattan.

Oh, one other thing: anyone want to tell us what candidate has made it quite public she sees nothing good in it, "i.e., as anyone who has a copy of it can find its weaknesses and hack [sic] into those systems because they would be vulnerable.

It would appear if she takes office, we better start grabbing copies from http://www.nsa.gov/selinux/ before she gets to it

THis place is _really_ worth a visit. The staff are all retired NSA staff and are glad to talk to you about the exhibits (now that the equipment is declassified!) They have an excellent exhibit on Cold War era supercomputers, with a Cray and a Connection Machine CM-5 on display.

Probably the government approved SELinux.

...Or you can use the NSA's Security Guide to provide a standard model of security. Sounds like you need to look at the configuration guides for router's switches and Operating Systems. http://www.nsa.gov/snac/downloads_all.cfm

When I visited the National Cryptologic Museum I bought a very nice mug with the NSA logo on it. Within a few years it had developed a couple of long, nasty cracks and leaked like the proverbial sieve. The jokes pretty much wrote themselves.

Here are some more famous last words that illustrate your point.

"From a mathematical standpoint we cannot speak of a theoretically absolute unsolvability of a cryptogram, but due to the special procedures performed by the Enigma machine, the solvability is so far removed from practical possibility that the cipher system of the machine, when the distribution of keys is correctly handled, must be regarded as virtually incapable of solution."
-German cryptographer
http://www.nsa.gov/publications/publi00004.cfm

What on earth are you talking about? The NSA use AES256 for encryption. You could have just googled AES NSA to find out, but to save you time, here's the first link that will come up. AES is considered secure because it's been tried and tested in the real world. The number of cyphertexts to analyse doesn't make a difference, hell I can create a billion cyphertexts for AES in a few hours.

Hiding the algorithm simply doesn't work. It never has. You need encryption to talk to pretty much everyone who has sensitive information and if just one of them is compromised then the algorithm's not hidden anymore. If you're relying on the secret of a secure algorithm then as soon as one of your agents is compromised then not only can the enemy read all your messages but you don't even know that!

"Instead access to files should be further restricted by process..."

Such as http://www.novell.com/linux/security/apparmor/over view.html or http://www.nsa.gov/selinux/

From my experience, Apparmor is far more straightforward.

RHEL5 shipped March 14th, 2007. Why not compare it's errata?

I wouldn't count any updates released on 3/14 against RHEL5 on it's ship date - It's a perfect example of how OSS works and how fast patches are available. RH wanted to ship a stable version and didn't want to through last-minute patches into the install routine. What's the first thing you do when you install a new OS? You run the tool for online updates. So on day one 19 patches were available for all the bugs that had popped up since the version freeze to produce RHEL5.

Since 3/14, there have been 42 updates to RHEL-WS5. 11 of them have been after the 90-day mark, so that leaves you with 31 defects in the first 90 days of RHEL-WS5. That's also not using the "reduced" method to match feature-for-feature what Vista has.

However, I think the point is still always going to be that you can't have totally bug-free sofware. But it's how fast are bugs found and fixed. That's what Microsoft can't touch. How long do bugs go unreported so someone can take advantage of them on MS OS? Even once reported, how long do they linger? The same is simply not true for any critical bugs found in OSS.

But it is nice to see MS finally taking security seriously. They've only been trying to do that for 5 years with their Trustworthy Computing Initiative. Why not compare Windows 2003 Server stats, since it was released after the Trustworthy Computing Initiative? 6 months showed 38 defects. If you compare RHEL5 with just the same installed features to match WS2003 in 3 more months, I wonder how it will fair?

Of course, Microsoft had the NSA help them with Vista, which proves again that the more eyes you have on the source code, the better ;-p

I'll stick with CentOS myself... all the benefits of RHEL without the support fee costs.

So I guess the existence of SELinux confirms my suspicions - the USA has been infiltrated by Communists!

I guess there weren't any basic tutorials on computer security in that budget

Say what you want about Stalin-era Soviet Union, but their secrets were kept tight.

The short version: it's very good. But a huge pain in the ass.

The slightly longer version: IPtables is about network access, firewalls, et cetera. SELinux is about ensuring the integrity and access rights of software on your system. It's designed to prevent, say, one process on your machine from overwriting a file it should be able to. There's a pretty good explanation of exactly what it buys you here. (Warning: government site. They're watching youuuuuu!)

The problem with SELinux is that up until recently it has been a royal pain in the ass to configure. You'd go, "Sure, this sounds like a good idea", turn it on, and then curse it roundly when you tried updating MySQL from the version that ships with RHEL to the most recent supported release from MySQL. As a result, most folks just turned it off - they figured it wasn't worth the hassle.

RHEL 5 apparently includes tools (see the article) for figuring out what's wrong with your SELinux configuration. Definitely worth looking into. But if you're not concerned with validating application integrity on your home box... and let's face it, it's a home box... probably not worth it for you until it becomes dead simple.

Disclaimer: I used to work there, right out of college.

Disclaimer: I used to work there, right out of college.

Disclaimer: I used to work there, right out of college.

[dons tin-foil hat]
What if they weren't really false alarms, and there really is a back-door in those DLLs? Isn't it a little suspicious that only the Chinese version was affected? Obviously what happened is that someone convinced Microsoft to add a back door into the Chinese version, and then, since Symantec didn't test against the Chinese version of windows, it wasn't on Symantec's white list.
[removes tin-foil hat]

The NSA publishes some very useful guides for dealing with sensitive information here:
http://www.nsa.gov/snac/

Specifically, how to properly redact a Microsoft Word .doc is detailed in this document:
http://www.fas.org/sgp/othergov/dod/nsa-redact.pdf