Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Opens Source Code To KGB's Successor Agency

Posted by timothy on from the we'll-trade-for-american-spyware dept.

Jack Spine writes "Microsoft has struck a deal with the Russian government which will give the FSB, successor to the KGB, access to the source code for Windows 7, among other products. The agreement is an extension of Microsoft's Government Security Program, according to a source with links to the UK government."

9 of 187 comments (clear)

  1. I'm sure this will turn out well by linzeal · · Score: 5, Interesting

    I'm more afraid of the FSB selling or having the code stolen from them by Russian hackers than the FSB actually doing anything. They are mostly incompetent hacks either leftover from the 90's or put there to be yes-men to Putin policy. Putin would not stack the deck against himself so he has cut out most of the intelligence in the intelligence agencies, that is why you get things like the recent spy swap debacle where they could not even penetrate a PTA meeting let alone the Pentagon.

    --
    An Education is the Font of All Liberty
  2. FSB is not "the" successor to the KGB by the+linux+geek · · Score: 5, Interesting

    The FSB is approximately a third of the total KGB capability, with the FSO and SVR being the other legs of the triumvirate. The FSB, being the replacement for the former First Chief Directorate, is mostly responsible for internal security (counterintelligence, counterterrorism, counterinsurgency, action against dissenters.) I don't see how this deal with Microsoft could possibly threaten the US or US interests, except possibly in a peripheral way.

  3. Re:security holes of releasing source code by TheRaven64 · · Score: 5, Interesting

    They've already provided it to the Chinese (and the British, not sure who else). That means that the Russians and Chinese can look for and exploit holes in Windows. Last I heard (which, admittedly, was around 2002), the source code that they provide is not enough to build a complete Windows system, and the license does not permit building it, only reviewing it, so this only lets you find (but not fix) accidental flaws, not malicious ones.

    Basically, they get all of the disadvantages of open source security, but none of the advantages.

    --
    I am TheRaven on Soylent News
  4. This is actually good by Chrisq · · Score: 3, Interesting

    It will keep them tied up for years trying to find exploitable holes, when the real spies will use something else

  5. Trust, Interesting World by Bob9113 · · Score: 4, Interesting

    It is an interesting world in which a United States company trusts Russian spies more than it trusts United States citizens.

    --
    Stop-Prism.org: Opt Out of Surveillance
  6. Re:security holes of releasing source code by mlts · · Score: 4, Interesting

    Isn't it coincidental that the Chinese intelligence who received the source code suddenly had a lot of new Windows based 0-days and used them against US companies, Google mainly?

    The blackhats have the source and can look for bugs and errors that they can exploit at will. The whitehats have to guess or blindly firewall, hope that there are no remote exploits, and put a lot of resources into perimeter security.

    Maybe this is just another impetus for people and companies to move to UNIX based operating systems. Even a closed source offering like HP-UX or OS X (the pieces that are not open-sourced in Darwin or elsewhere) has been around such a long time that glaring show-stopper bugs are rare, and are usually limited to local exploits. This isn't to say things are perfect, but an exploit from remote like ssh is extremely rare on the UNIX side. To boot, UNIX variants have been getting a lot better at security, having ASLR, DEP, SELinux/AppArmor security policies, and other items to limit damage and spread of compromised code.

  7. Re:Available as a Torrent in 3... 2... 1... by arivanov · · Score: 3, Interesting

    And in which jurisdiction are you going to sue?

    --
    Baker's Law: Misery no longer loves company. Nowadays it insists on it
    http://www.sigsegv.cx/
  8. Re:security holes of releasing source code by alexo · · Score: 3, Interesting

    the source code that they provide is not enough to build a complete Windows system, and the license does not permit building it, only reviewing it, so this only lets you find (but not fix) accidental flaws, not malicious ones.

    If I were in charge of an internal security agency, I would be more concerned about running an OS containing back doors or exploits than to try and exploit them myself. To that effect, I would insist on being able to build the OS from sources using a compiler that is known to be uncompromised (built it from source too). No other arrangement will guarantee that the copies I am running behave exactly like the source code says.

    If the FSB agreed to the terms that you mentioned, they are not doing their work.

  9. Re:Available as a Torrent in 3... 2... 1... by theArtificial · · Score: 3, Interesting

    Wasn't that how the image hacks started? A specially crafted BMP. There are more but this is one I recall off of the top of my head.

    --
    Man blir trött av att gå och göra ingenting.