Slashdot Mirror
Ask Slashdot: Linux Security, In Light of NSA Crypto-Subverting Attacks?
New submitter deepdive writes "I have a basic question: What is the privacy/security health of the Linux kernel (and indeed other FOSS OSes) given all the recent stories about the NSA going in and deliberately subverting various parts of the privacy/security sub-systems? Basically, can one still sleep soundly thinking that the most recent latest/greatest Ubuntu/OpenSUSE/what-have-you distro she/he downloaded is still pretty safe?"
I think there's even a law for this kind of reply...
The big worry is not building from source, but builds delivered by companies like Ubuntu, which you have absolutely no guarantee are actually built from the same source that they publish. Ditto Microsquishy, iOS, Android, et. al.
The big concern is back doors built into distributed binaries.
I do not fail; I succeed at finding out what does not work.
Short of writing it all yourself, I think OpenBSD is as close as you will find to a useful OS you can trust.
i never understood why people go for AES. clearly, if NSA recommends it, in my view it is something to be avoided (i personally go for twofish instead). in ubuntu, ecryptfs uses aes by default, so i would not trust that.
You can sleep soundly if your computer is off and/or unplugged. Otherwise, you should always be on your guard.
Keep your confidential data behind multiple levels of protection, and preferentially disconnected when you are not using it. Never trust anything that is marketed at 100% safe. There will always be bugs to be exploited, if nothing else.
A healthy level of paranoia is the best security tool...
morcego
Every encryption protocol you use has been sabotaged to be readable by them. You dont really think they will try 200 trillion keys to break your stream do you?
No. They modified the protocols, (to make them more secure) and of course never explained the changes. They just mandated it.
You have to trust the integrity of Linus and the core developers.
If any of them let in such major flaws they would be found out fairly quickly... and that would destroy the reputation of the subsystem leader, and he would be removed.
Having the entire subsystem subverted would cause bigger problems.. but more likely the entire subsystem would be reverted. This has happened in the past, most recently, the entire changes made for Android were rejected en-mass. Only small, internally compatible changes were accepted, and these went through the usual analysis, and (rather severe) modifications to make them compatible.
It is possible that this is part of the reason IPsec has never been accepted in the kernel networking code.
You can not add security, later.
In Unix systems, there’s a program named “login“. login is the code that takes your username and password, verifies that the password you gave is the correct one for the username you gave, and if so, logs you in to the system.
For debugging purposes, Thompson put a back-door into “login”. The way he did it was by modifying the C compiler. He took the code pattern for password verification, and embedded it into the C compiler, so that when it saw that pattern, it would actually generate code
that accepted either the correct password for the username, or Thompson’s special debugging password. In pseudo-Python:
def compile(code):
if (looksLikeLoginCode(code)):
generateLoginWithBackDoor()
else:
compileNormally(code)
With that in the C compiler, any time that anyone compiles login,
the code generated by the compiler will include Ritchie’s back door.
Now comes the really clever part. Obviously, if anyone saw code like what’s in that
example, they’d throw a fit. That’s insanely insecure, and any manager who saw that would immediately demand that it be removed. So, how can you keep the back door, but get rid of the danger of someone noticing it in the source code for the C compiler? You hack the C compiler itself:
def compile(code):
if (looksLikeLoginCode(code)):
generateLoginWithBackDoor(code)
elif (looksLikeCompilerCode(code)):
generateCompilerWithBackDoorDetection(code)
else:
compileNormally(code)
What happens here is that you modify the C compiler code so that when it compiles itelf, it inserts the back-door code. So now when the C compiler compiles login, it will insert the back door code; and when it compiles
the C compiler, it will insert the code that inserts the code into both login and the C compiler.
Now, you compile the C compiler with itself – getting a C compiler that includes the back-door generation code explicitly. Then you delete the back-door code from the C compiler source. But it’s in the binary. So when you use that binary to produce a new version of the compiler from the source, it will insert the back-door code into
the new version.
So you’ve now got a C compiler that inserts back-door code when it compiles itself – and that code appears nowhere in the source code of the compiler. It did exist in the code at one point – but then it got deleted. But because the C compiler is written in C, and always compiled with itself, that means thats each successive new version of the C compiler will pass along the back-door – and it will continue to appear in both login and in the C compiler, without any trace in the source code of either.
http://scienceblogs.com/goodmath/2007/04/15/strange-loops-dennis-ritchie-a/
"Flyin' in just a sweet place,
Never been known to fail..."
There are no guarantees, but I'm much more concerned with what Microsoft/Oracle/Cisco does than what Redhat, Ubuntu, or OpenBSD throws into their builds/source.
or "Privacy" anymore. Perhaps there hasn't been for the last decade or so. We just didn't know at the time. ---- Enjoy your 21st Century. As long as people fail to defend their basic rights, there will not be such a thing as "security" or "privacy" again. My 2 Cents...
Why did the chicken cross the road? Because Elon Musk put an AI chip in its head.
There was recently a bit of a kerfuffle over RdRand.
Matt Mackall, kernel hacker and Mercurial lead dev, quit Linux development two years ago because Linus insulted him repeatedly. Linus called Matt a paranoid idiot because Matt would not allow RdRand into the kernel, because it was an Intel CPU instruction for random numbers that could not be audited. Linus thought Matt's paranoia was unwarranted and wanted RdRand due to improved performance. Recently Theodore T'so has undone most of the damage, but call RdRand still exist in Linux. I do not understand exactly if there are lingering issues or not.
It's sad but you can't trust any mainstream Linux distro created by a US company, and you likely can't trust any created in other countries either. I'm not saying that as a pro-windows troll because you can trust MS's efforts even less.
I believe you can trust OpenBSD totally but it lacks many of the features and much of the convenience of the main Linux distros. It is rock solid and utterly secure though, and the man pages are actually better than any Linux distro I've ever seen.
The possibly bigger problem is that no matter what OS you use you can't trust SSL's broken certificate system either because the public certificate authorities are corruptible. And before someone says create your own CA, sure, for internal sites, but you can't do that for someone else's website.
If the powers that be had their way, you would do nothing but lie in your bed with the sheets pulled up around your chin, your eyes darting left and right. Nice life you have there. It would be a shame if something... happened to it.
Meanwhile, if you care about keeping your data private, don't use encryption and think that you can just trust it all to keep it hidden. Your data might be safe, it might not. Be smarter. Learn from baseball players. They keep their signals safe, and they don't even need a computer to do it.
It's possible the NSA did something bad to the code, but it's not likely and it won't last.
For the "not likely" part, code accepted into Linux projects tends to be reviewed. The NSA can't be too obvious about any backdoors or holes they try to put in, or at least one of the reviewers is going to go "Hey, WTF is this? That's not right. Fix it.". and the change will be rejected. That's even more true with the kernel itself where changes go through multiple levels of review before being accepted and the people doing the reviewing pretty much know their stuff. My bet would be that the only thing that might get through would be subtle and exotic modifications to the crypto algorithms themselves to render them less secure than they ought to be.
And that brings us to the "not going to last" part. Now that the NSA's trickery is known, the crypto experts are going to be looking at crypto implementations. And all the source code for Linux projects is right there to look at. If a weakness were introduced, it's going to be visible to the experts and it'll get fixed.
That leaves only the standard external points of attack: the NSA getting CAs to issue it valid certificates with false subjects so they can impersonate sites and servers, encryption standards that permit "null" (no encryption) as a valid encryption option allowing the NSA to tweak servers to disable encryption entirely, that sort of thing. There's no technical solution to those, but they're easier to monitor for.
The NSA doesn't really need to have backdoors written into the systems, they have a lot of exploits in their bag of tricks that they've bought or found. Unfortunately the NSA only needs to find one exploit, but truly secure systems we need to find and fix them all :/
The big concern is back doors built into distributed binaries.
And what about the hardware? And how can you be sure the compilers aren't putting a little something extra into the binaries. There are so many places for NSA malware to hide it's scary. Could be in the BIOS, could be in the keyboard or graphics firmware, could be in the kernel placed there by a malicious compiler. Could be added to the kernel if some other trojan horse is allowed to run. And just because the kernel, etc. are open source doesn't mean they have perfect security. The operating system is incredibly complex, and all it takes is one flaw in one piece of code with root privileges (or without if a local privilege escalation vulnerability exists anywhere on the system, which it surely does), and that can be exploited to deliver a payload into the kernel (or BIOS, or something else). Really, if the NSA wants to see what you're doing on your Linux system, rest assured, they can.
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
Absolute Anonymity is a weapon of mass destruction and will never be allowed by any government.
Seems like the obvious choice if you want to be more secure, because it's NSA appr.... wait a second.
... we can only assume that the Linux Kernel is compromised and has government (and not necessarily the US government) backdoors in it.
No, but there's no reason to think that Linux is worse than anything else, and it's probably easier to fix.
If I were Linus I'd be putting together a small team of people who have been with Linux for years to begin assessing things. From Gilmour's posting it seems clear that IPsec and VPN functionality will need major change. Other things to audit include crypto libraries, both in Linux and the browsers, and the random number generators.
But certainly some examination of SELinux and other portions are also needed.
I don't see how anyone can answer the original question without doing some serious assessment. However I'm a bit skpetical whether this problem can actually be fixed at all. We don't know what things have been subverted, and what level of access the NSA and their equivalents in other countries have had to be code and algorithm design. They probably have access to more resources than the Linux community does.
I would not be surprised if visionaries and leaders of the computer industry, including FOSS, turn out to be generals, admirals and colonels. And that the leading technological companies are just the departments of the single organization.
We are being told - and some of us suspected as much for a very long time - that the NSA &Co track everything we do, and have the ability de-encrypt much of what we think is secure; whether through brute force, exploits, backdoors, or corporate collusion.
Surely we should also assume that there are other criminal and/or hacker groups with the resources or skills to gain similar access? Another case of "once they know it can be done, you can't turn back."
I honestly believe that we're finally at the point where the reasonable assumption is that nothing is secure, and that you should act accordingly.
Three Squirrels
I can guarantee that unless you're very much out of the ordinary -- meaning that you're either guilty of million $1,000,000+ fraud (although even that is probably well on the low side), or else a member of organizations directly associated with extremist views -- then the NSA do not give the slightest fuck about you and it's an enormous arrogance to think they do. Honestly, just think about it: there are hundreds of millions of Americans, none of whom the NSA have a legal basis for probing so they have to be at the very least slightly circumspect, and a good few billion people outside America who they have every right to snoop on. You'd have to fucking go some for them to give a fuck about you and my guess is that, honestly, they really, really, really couldn't give a toss if you lived or died. That means they're not going to break into your personal desktop (honestly, why the hell *would* they?) and your imprint on their databases will go back to your internet metadata, none of which you've ever been assured by anyone at all is in the slightest bit private.
Everything I've said also goes for GCHQ who are my local legally-dubious group of spooks, and for anything I might ever say about them or, indeed, anything. They really don't care about me.
I think that depends on what keeps you up at night.
In one of the earlier stories today there was a post making all sorts of claims about compromised software, bad actors, and pointing to this paper: A Cryptographic Evaluation of IPsec. I wonder if anyone bothered to read it?
IPsec was a great disappointment to us. Given the quality of the people that worked on it and the time that was spent on it, we expected a much better result. We are not alone in this opinion; from various discussions with the people involved, we learned that virtually nobody is satised with the process or the result. The development of IPsec seems to have been burdened by the committee process that it was forced to use, and it shows in the results. Even with all the serious critisisms that we have on IPsec, it is probably the best IP security protocol available at the moment. We have looked at other, functionally similar, protocols in the past (including PPTP [SM98, SM99]) in much the same manner as we have looked at IPsec. None of these protocols come anywhere near their target, but the others manage to miss the mark by a wider margin than IPsec.
I even saw calls for the equivalent of mole hunts in the opens source software world. What could possibly go wrong?
Criminals, vandals, and spies have been targeting computers for a very long time. Various types of security problems have been known for 40 years or more, yet they either persist or are reimplemented in interesting new ways with new systems. People make a lot of mistakes in writing software, and managing their systems and sites, and yet the internet overall works reasonably well. Of course it still has boatloads of problems, including both security and privacy issues.
Frankly I think you have much more to worry about from unpatched buggy software, poor configuration, unmonitored logs, lack of firewalls, crackers or vandals, and the usual problems sites have than from a US national intelligence agency. That is assuming you and 10 of your closes friends from Afghanistan aren't planning to plant bombs in shopping malls, or try to steal the blueprints for the new antitank missiles. Something to keep in mind is that their resources are limited, and they have more important things to do unless you make yourself important for them to look at. If you make yourself important for them to look, a "secure" computer won't stop them. You should probably worry more about ordinary criminal hackers, vandals, and automated probe / hack attacks.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
Hmmm - all of a sudden this looks interesting again:
http://news.cnet.com/8301-31921_3-20025767-281.html
No one will bother with unencrypted text as it will be assumed to have nothing interesting. If a computer scanning your text and forgetting it bothers you, hide the real text inside other boring text. Obscurity by tedium.
Yes, it's "pretty safe". It's not absolutely safe or guaranteed to be safe. But if your other alternative is a hidden-source OS, especially one in US jurisdiction, then OSS is "pretty safe."
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Even if you did use ssl to get an proper kernel image (which i doubt), ssl relies on companies issuing certificates, which have been issuing bad certificates for much less important entities than the NSA.
So, not you can not rely on that. Anybody could have given you any binary
Don't forget that there are concerns in the hardware as well. Are you using NVIDIA chip, a ATI chip, a non-atheros wireless chip, a non-HP printer (and even if it is HP in many cases), etc. All these things have non-free code where shit hides. Then there is also Chrome, Adobe Flash, Adobe Reader, Skype, and a number of other non-free components in most distributions. You have to be really careful. You may want to check out Trisquel. It's based on Ubuntu, compiled from scratch, patched for free software reasons, and some privacy related ones.
Digitial Forensics for Prosecutors presentation suggests Truecrypt has a backdoor.
http://www.techarp.com/showarticle.aspx?artno=770&pgno=0
10000 laptops are stolen at airports every year. Presumably, they are off when that happens.
The NSA is not your problem; you are not important enough to be a target. When thinking about security, thieves are your problem. Theft happens, and happens often. Your computer is far more likely to get stolen than to be inflitrated by the NSA. And the solution is to encrypt your hard drive. Without encryption the thief will have access to everything you normally access from the computer - like your bank account. You wouldn't want that, would you? Today's CPUs all have AESNI support, so there is no excuse for not encrypting your laptop's hard drive. Do it today and get some financial peace of mind.
The good news is that for linux, this can, in theory, be audited.
For Windows...no. Not a hope. None. At all. Likewise OSX.
Which means that any and every government that might possibly have any future dispute with the US is, right now, going over all their Windows servers and desktops in the military. diplomatic and intelligence services to see how much they can replace.
It'll take months just to write up the reports, and months more to run through the political commitees, and even then it'll be very undiplomatic to openly admit the reason for the switch - but in a year or so, I think we are going to see a lot of governments decide that linux is more 'cost effective' in sensitive roles.
they destroyed my trust in anything, i dont trust any operating system and software anymore, i dont trust the internet or any encryption method, the US Govt and all its elements have been proven to be a criminal gang of fascist kleptocratic totalitarian warmongering pigs.
Politics is Treachery, Religion is Brainwashing
Makes you wonder about using it . As SELinux came about from NSA work in the first place, maybe it's time to re-look at including it in major distributions.
Everyone on this thread is concerned with the possibility of nsa backdoors code but from my understanding the attack is much more insidious and the consequences much more severe than just a backdoor that only the nsa could use. By hiring most of the wrolds talent in cryptography and then deliberately having them design algortihms and code that is not as secure as it could be, or it should be then are they not only leaving everyone open to attack just by the NSA but from anyone else as well.
Fit in one conference hall? I'll bet they would all fit in a medium sized office: all dozen of them.
Or, perhaps more appropriate to the topic of this discussion, which I personally think it worrying about low level stuff "because it can" rather than bigger high level issues "because it can't": a portion of a wing at Camp Delta at Guantanamo, or one tiny cell in some friendly rendition country, etc.
Define 'safe'.
What if you made an amd64 cross compiler for a PDP 11? Then, you could build a trustworthy compiler, knowing the compiling machine is too old or uninteresting for the NSA to have infiltrated.
After the NSA and anyone else found out about this sleight of hand trick, there would be a REQUIRED modification of the compiler to do one of several things....
Some code buried somewhere in the Linux kernel would be a check on the compiler to ensure that back door is still in the compiler, and if it wasn't the compiler would, pick one or more; destroy itself, insert the back door, send a message to some agency that some one was trying to fix the back door issue and shut them down. So the likelihood of someone actually fixing the security hole and submitting it to anyone outside of some small cadre of friends and cohorts is small to non-existent. The person or persons would be immediately put under NSL letters and silenced. So is there any security, not likely; some agency somewhere in the world will have a back door to any worthwhile OS one creates or has developed.
This brings up the next quandary how does one ensure that one can trust someone implicitly? With the NSL letters one can not be trusted to be telling the truth. One can attempt to do the whole thing oneself, but that quickly gets out of hand. As soon as one gets the assistance of some other person the jig is up and trust is lost. So we now have levels of trust and certification. As has been clearly indicated by some of the DEA documents, they LIE and can NOT be trusted to tell the truth about anything. Someone should edit the dictionary and clearly indicate on the word trust and truth, that the only person one can trust and ensure truthfulness is oneself. Anyone else can be "encouraged" to be UN-truthful or UN-trustworthy.
Sorry for the long harangue! I am not a wordsmith. Someone rewrite this shorter and more concisely.
http://qubes-os.org/trac/wiki/QubesArchitecture
Compartmentalize the high-risk parts of the OS (like network and X11) into separate VMs that each get access to only the hardware they need via the IOMMU.
Then you make it easy to use the hypervisor to graphically create separate color-coded domains: personal info, banking etc. go into one domain; work-related stuff into another; general browsing and other higher-risk stuff go into a third. The app windows from each of these "app domains" appears with the corresponding border color.
If your network stack becomes compromised, the infection goes away when you reset the netVM or reboot the system. Same goes for the display, and for the disposable app VMs. Theoretically, nothing should be able to touch your Dom0 hypervisor or your other domains... or at least that task becomes extremely difficult for an attacker.
You need certain late-model systems to take advantage of these security features, though.
you are not important enough to be a target.
Wrong. You may become important in the future. So you are important enough to target. They are collecting data on everyone, and holding on to it. They just might not be actively going through all the data from everyone (or they might be, if they have enough computing power). But if it's recorded it doesn't really matter if they do it today or in 20 years. They've got you. "If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him." --Richelieu
Seven puppies were harmed during the making of this post.
http://vimeo.com/18279777
http://cr.yp.to/talks/2010.12.28/slides.pdf
(Bernstein on Elliptical curve cryptography.)
Need Mercedes parts ?
Seriously, the NSA will help protect you from anyone but themselves. As long as the NSA has nothing to do on your box, they will do their utmost to prevent foreign intelligence, hackers and other mischievous individuals gaining entrance to the average Linux distribution. Even if they do have something to do on your box, they'll still try to keep others out. Now if you want to hide your stuff from the NSA, you will have to do a bit more than just run an up to date linux distribution. It doesn't really matter what you run, they will probably have researched it, or it will be so small that it will be hard to find useful applications for it....
I was promised a flying car. Where is my flying car?
Your comment however only addresses one part of surveillance. The other is that the NSA has to communicate with home base. Two places to catch a snoop.
Correction: Only some Atom chips have AESNI. Not all models. That's an issue with netbooks, where processor speed can easily become a bottleneck.
Did the "experts" know about Differential cryptanalysis and the S-boxes at the time?
What makes you think that if the NSA wanted in badly enough, they wouldn't just go and talk to / threaten Linus? Is that too paranoid? I mean, they haven't done the same thing to any other upper management types at other companies have they? They didn't go talk to the Skype team (prior to the MS buyout) either. Totally out of character and unprecedented, huh. They've proven that they're not just going to quit when they really want something, and they have a -lot- of weight they can swing around.
None of this should be news to foreign governments. All of this stuff has been an open secret for at least a decade. But the NSA always had plausible deniability in the civilian sphere. But any government worth it's mettle should have known (and undoubtedly has known) that the NSA was embedding backdoors into Windows as well as Cisco and similar equipment.
When the NSA is accusing the Chinese of doing this stuff--e.g. Huawei--you can be darn sure that the NSA was doing it even earlier.
I work at a largish corporation that sells security appliances, and I'm fairly certain that the company has defense ties, based on the coyness the CEO, CTO, and others have shown when I ask certain questions. But I also have access to _all_ the source code as one of the biggest committers. Which tells me that they patch the firmware outside of the regular [known] chain of manufacturing control, probably on a client-by-client basis. That is, expensive installations for huge customers get "special" treatment, but smaller orders for smaller companies are pretty much ignored. Which makes sense, because security researchers regularly scan our firmware, and you wouldn't want them getting hold of a copy of the firmware with NSA backdoors.
Remember how that kid that created a secure chat client has been endlessly harassed? That's just for a piddly-assed IM system. You don't think that they'd do the same to the high-level maintainers of an OS?
To throw off the NSA I use a Pig Latin Crypto plug-in.
Eythay Ontday Ownay Atway Etsgay Entsay!
Our server room has some (hardware) utilities for remote administration, including remote reboots. Dell and HP have them, probably other vendors. You can actually turn the computer on remotely. As well, some desktops are set to Wake-on-LAN for support purposes ... again, they come on via remote signals.
You can't have too much paranoia ...
Keychain is for throwaway logins, eg slashdot forums, all those stupid sites that demand a login and password, and all with different rules and
requirements fro unique logins. Those go in the keychain, under one master password. I've always considered it to be of lower-level security, and the browser password store lower level again.
I don't put financial account numbers or passwords in the keychain or browser store- I memorize those. I also memorize my mastercard number, expiry and code.
Ones I haven't memorized go in a text file inside an encrypted container file.
I'd like to find a more recent report of what they found.
Yes it will be fun as diplomats spin up their international story telling skills on their embassy equipment and create believable plots.
Their intelligence services will sit back waiting for the first hint of their work to drop into the press.
Domestic spying is now "Benign Information Gathering"
If it is compromised, then someone other than NSA will figure out how, and exploit it.
Thieves are just as smart as spies, and far more motivated.
I have always been an Advocate of using Serpent over Rinjdael, which eventually became AES, simply because Serpent's higher security level was never in doubt; Rinjdael was chosen primarily because it is faster. However, in light of all this news, I think People should jump ship to Serpent on principle.
No, but there's no reason to think that Linux is worse than anything else, and it's probably easier to fix.
If I were Linus I'd be putting together a small team of people who have been with Linux for years to begin assessing things. From Gilmour's posting it seems clear that IPsec and VPN functionality will need major change. Other things to audit include crypto libraries, both in Linux and the browsers, and the random number generators.
But certainly some examination of SELinux and other portions are also needed.
I don't see how anyone can answer the original question without doing some serious assessment. However I'm a bit skpetical whether this problem can actually be fixed at all. We don't know what things have been subverted, and what level of access the NSA and their equivalents in other countries have had to be code and algorithm design. They probably have access to more resources than the Linux community does.
If you look hard at the history, you will find Gilmor's is rewriting history to his point of view. He was in a fight with the US crypto export policy and won. He carried that baggage over into FreeSwan development. The code he is talking about was rejected because he placed restrictions that only non-US developers could contribute to it. Also the code had a non-standard coding style. The combination of the two meant the code was not going to be accepted. He wants to believe it was related to NSA which is bullshit.
improving a single ASIC design for breaking it.
On the other hand, computer technology and cryptography have advanced to the point where crypto-algos are so complex that it would require more than the universe' worth of energy for exhaustively brute-force the whole key-space (or at least we're quickly approaching this point).
Currently, breaking crypto isn't done by trying to built faster machine to make more brute-force tries pers nanosecond. Instead it's done:
- by circumventing the crypto: breaking the software it self so generate broken cryptography (remember the broker SSL keygen in Debian making relatively predictible keys?) or having exploits leading to leaks of plaintext before encryption.
- by finding flaws in the algorithm itself: finding weakpoints so that you don't actually have to scan the whole key space in brute force, but instead have only a reduced set of possible way to break it, thus making it feasible before universe heat death.
we should be using hundreds of different algorithms.
On the other hand you should be using algorithms which have been thoroughly studied and examined by the academics and for which we have a high level of confidence that the maths are sound and no shortcut could be developped.
And you should implementation which have been throughly reviewed against bugs.
Using a dozen of well done encryption algo could be a good idea.
Moving to the thousands: you dilute the amount of eyeball looking for bugs and thus have a higher risk that some algo or implementation haven't been reviewed enough and might actually be flawed.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
10000 laptops are stolen at airports every year. Presumably, they are off when that happens.
The NSA is not your problem; you are not important enough to be a target. When thinking about security, thieves are your problem. Theft happens, and happens often. Your computer is far more likely to get stolen than to be inflitrated by the NSA. And the solution is to encrypt your hard drive. Without encryption the thief will have access to everything you normally access from the computer - like your bank account. You wouldn't want that, would you? Today's CPUs all have AESNI support, so there is no excuse for not encrypting your laptop's hard drive. Do it today and get some financial peace of mind.
Ok, I till give you the-best-secure-computer-is-the-one-off-locked-in-a-safe-in-the-bottom-of-a-salt-mine award. However, everyone is currently on the NSA radar. If not for terrorism for some other reason, so to say that you are more likely to lose data to theft than the NSA is impossible to prove. Encryption won't get your laptop back from a thief. Even if they can't get at the data you're still without data or a computer. How is that financial piece of mind? Mod parent down for lack of critical thinking.
most governments of the world and universities etc all have full code access to windows for audit purposes. I would not be surprised if OSX was the same, So no Linux is not a special animal with its ability to be audited.
Isn't the compiler software?
And doesn't the compiler target an architecture?
And isn't that architecture rife with microcode you never see?
Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
So I'm not a programmer and I can't write my own OS... However, I do wonder why it is that I haven't saw much postings (if any) about monitoring the network traffic surrounding your boxes. I don't find it hard to believe that it is possible to insert malicious code into a program (open source or not) however I do find it hard to believe that someone... Anyone... Could not see the inbound/outbound traffic with a network monitoring box somewhere. Heck, take a look top dump data or net flow data and look for anomalies. Am I really that far off the reservation on this?
I have reviewed some, and what a terrible, terrible collection of beginner's mistakes it was. This is not the NSA having god-like powers. This is most commercial software being incredible bad with regard to security. Add to that the broken, NSA compromised SSL CA system, and you get the current claims, all without any backdoors in OSes (no, not even Windows).
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
...perhaps it is time to dust off my old Apple II?
The reason you can boot from a raid card or network is because the BIOS loads and runs BIOS modules from those cards. You may be familiar with the Linux kernel, where most of the functionallity is in modules that become part of the kernel. BIOS is the same. One differentiator between a server motherboard and a consumer one is how much BIOS memory it has, to load modules from many different pieces of hardware. I have one machine with at least four different pieces of hardware that include BIOS. MOST of the BIOS on that machine didn't come with the motherboard.
For the Linux kernel, that's how development is done already, for quality control and bloat reduction. Nobody can commit by themselves, it takes at least three people to get a change into mainline. Each developer has their own copy of the tree into which changes are pulled, so they can see all changes that are made, and who made them.
For each part of the kernel, there are a number of people particularly interested in that bit who watch it and work on it. For example, the people making NAS and SAN devices and services keep a close eye on the storage subsystems. Myself, I watch the cm storage stack generally, more specifically LVM, and even more specifically snapshots. There are a few dozen people around the world with special interest in that particular part of the code. No backdoors will come in without some of us spotting it. What COULD happen is that some code could come in that isn't quite as secure as it could be.
It just so happens that I'm a security professional who uses advanced Linux storage systems for a security product called Clonebox, so that's at least one security professional closely watching that part of the code. Thousands of others watch the other parts.
It's convenient that a lot of the development is done by companies like Netapp, Amazon (S3) and Google. You can bet that when Amazon submits code, Netapp and Google are looking closely at it. When RedHat submits something, Canonical will point out any reasons it shouldn't be accepted.
No matter how safe you think something is, you should always assume someone else has broken it. That is, don't do anything with your computer that you don't want the NSA to see.
If you were the NSA looking to get the biggest bang for your bugging dollar, planting backdoors into hypervisors would get you the most bang for your buck. Almost all medium to large companies now use hypervisors, usually Microsoft's or VMWare. As the hypervisor already has access to everything the VM does, including all network and disk access as well as the contents of memory (think data while it's still in the application before it's encrypted), they would make the perfect target for someone wanting to clandestinely spy on people. I'd be willing to bet the farm that Hyper V and VMWare have been compromised. In VMWare's case all you have to do is search on VMWare and NSA to see all these announcements by VMWare over the last five or six years where they are trumpeting their "partnership" with the NSA to make more secure products. I think we can all figure out what that really means now.
Please correct me if I am wrong, but isn't it true that nearly any dusty old driver or any peripheral with bus-mastering or DMA capability could be turned into a binary patcher to insert arbitrary backdoor functions into a Linux kernel at runtime?
Does this mean we'd have to (at least) audit all peripheral hardware and their firmware to have any real confidence in the integrity of a particular kernel instance?
Could a storage HBA maliciously insert code into the kernel as a side-effect of other I/O transfers it is performing, e.g. assuming the HBA firmware was compromised before the system even booted? Assuming we trusted the IO-MMU features of modern processors, are they used in a sufficiently fine-grained manner to prevent an HBA from modifying kernel code (or stack space) outside of the specific buffer pages that were supposed to receive disk data from that HBA?
Store it is passwords in it is own keystore?
Didn't even have to check to know that you were the guy doing the same thing in the Atlas Robot story comments. Gah...
but fairly unlikely, at least not in the way you describe, with a "specific command sequence". 1) its at too low a level to be really useful as a backdoor, not without the help of backdoor software higher up, but then what's the point? there are already many "backdoor"-like ways to gain privileges as long as the software is there to support them, 2) it would have to be designed to NOT slow the CPU down or take up obvious chip real estate... the CPU biz is so competitive that any extra overhead of either type would make that chip less competitive in the market.
Don't blame me, I voted for Kodos.
How about sending messages through J-Peg
The NSA is a problem. Their theft, of business data, private political information, and personal correspondence of any "person of interest" is organized and legally protected in ways that your average laptop thief could only dream about. A laptop thief can waste months of your income. The NSA can, and has, helped lead the USA into unwinnable wars by manipulating, or failing to correct, fraudulent information fed to Congress by nutjobs with an agenda. (See the history of Dick Cheney's manipulation of intelligence reports to get a glimpse of how this was done.)
When RedHat submits something, Canonical will point out any reasons it shouldn't be accepted.
I had a good laugh when I read this.
Red Hat employs hundreds of software engineers, contributing a lot to the entire Linux ecosystem. Canonical's resources in terms of code contribution are laughable in comparison and being a streamlined business Cacnonical has few, if any, resources to review third party code. They are happy to ride along, but the number of people at Canonical who actually write and read code outside the shiny UI field are hardly those with the expertise to review low level kernel code.
Over the years the NSA has contributed what seemed like positive things to computer security in general, and Linux specifically. They have helped correct some algorithms to make them more secure, and implemented things like SELinux.
However, now that their other actions and intentions have been starkly revealed, any and all things the NSA does (and has done) are now cast into steep doubt. Which is unfortunately because the NSA has a lot of really smart cryptographers and mathematicians that could greatly contribute to information security.
Now, however, their ability to contribute in any positive way to the open source community, or even to the industry at large, is gone forever. No one will trust them again. A sad loss for them, but also a potential loss for everyone. Nothing will quite be the same from here on out. And in the long run, without the help of smart, honest mathematicians and cryptographers, our security across the board will suffer. It's not the the revelations caused the damage, but that the NSA sabotaged things. Shame on them. Kudos to Snowden for helping us learn the extent of the damage.
The binary releases for Ubuntu or any other Linux should be compiled from scratch (including compiling the compiler) by many trusted people (not a one company) and then the binary code should be compared. NSA will definitely want to hire the people that are responsible for creating binary distributions for Linuxes, as their secret agents. So we should make sure there are many of them and they are of high morality.
maybe to stay sane, a change in perspective is in order. ... ... errr .... people.
one has adapted to sleep okay even though one reads
about new CVS and software problems "all the time".
now just assume that NO ONE doing opens source wants a
backdoor, then further just assume a backdoor (government or not) is just
a flaw that will be discovered and get its own CVS in time
furthermore, don't forget that modern OS and software in general is HUGE!
bits and bytes wise AND human intelligence wise. it gets more and more
complex as it moves into the future.
so it is safe to assume that it is close to impossible to write a OS (and tools)
from scratch, for this is what a deliberate sabotaging agent would need to have first.
if there is no safe (secure and backdoor free) base to fall back to, then what is the
sabotaging agent going to fall back on, once his mission as been accomplished?
banks run on open source and so do governments etc. etc. etc. hell, even the sabotage
agent mission planning office is probably running it.
so in the end, it is probably NOT the desktop user that should be worried, but people
who want to use (open source powered) computers to "save the planet" from
*waves to 3 letter*
No, the NSA has pretty much blacklisted not just Open BSD, but all the BSD's over Theo's opposition to them. So if one is paranoid about the NSA, just go w/ any one of the BSDs, they simply don't touch it. And since they don't support BSD devs, one can be sure that BSD devs don't build in any back doors for them.
The perfect GNU CPU would be a VLIW CPU. The FSF could try & get the HDLs from whoever owns the VLIW core of Transmeta's Crusoe, and put them under GPL3. Then they could try working w/ a fab on creating a CPU based on this - not the x86 part, mind you, just the VLIW core.
From that point, they could create their own VLIW CPUs every time, and since it's a pure VLIW and not EPIC/RISC, all programs would have to be recompiled every time a new CPU is out. The FSF can also work to ensure that there are no backdoors or anything, and then also work on getting their 'Libre-Linux' or HURD on this platform. For compiler, they'd have the good ole GCC. Sounds so hunky dory - they should try it.
Being one of those liberal hippies you seem to be attempting to blame for "Republican Military-Industrial Complex Elitism As Usual" let me speak on our behalf:
No. Mr. O does not speak for me. Mr. O is just another "Republican Moderate" in allegedly liberal clothing [if he had been a *real* liberal he would have gotten us the "Single Provider" [aka Socialist} version of healthcare like all reasonable western countries have rather than the Capitalist "bend over, here's the bill" Romney-care.
I do not support Mr. Obama and his Republican backers in regards to spying and their violation of privacy and free speech. I have to ask tho': Is your memory so short? The NSA making war on the American People has nothing to do with a particular politician... I'm sure that if Romney-bama had won it would be exactly the same [except Snowdon might have gotten a drone strike] Don't you get it? Or are you just one of those who can't think any further that "the wise words" of Limbaugh, Beck, or Hanity? All that has happened is Obama has become Bush III. [or should we say Nixon IV? All this stuff began under Bush II and probably even Bush I [since he was an ex Director CIA]....
Our allegedly two party system is actually two faces of the same 1% Capitalists -- who believe that lying, cheating, stealing, and sticking their nose in to the lives of the proles is acceptable to their comfort... after all they aren't snooping on each other are they? -- Except to get what they want... Which is how Mr O. has become "a Liberal that Joe McCarthy could love"(TM)... How many of our "Freedom loving" Republicans or Or "I am a rugged individualist Tea DoucheBagger" are actually saying "this is "wrong and I'm writing veto proof legislation to kill the spying"? Where is the Republican or conservative Congressional censure? Look! There IS none! Most of your Conservative friends are cheering this on... Welcome to the Barry Goldwarter 1984...
Just wait till the morals proctors get a hold on this stuff then we'll have the Scarlett Alphabet of offenses against the state
Mister O. does not make laws. Congress does. Where is your outrage at the violation of the constitution? Why aren't you throttling your Congress with questions like: Where does it say in the constitution there is a guarantee to the government that "State Secrets" is a free pass to tyranny or violating the constitution? You see? Everything your "Douchebag Conservative Establishment (TM)" [including Limbaugh, Beck, & Hanity} has ever said about us Socialist-leaning Hippies is wrong...
Hippies never started any wars... Hippies never napalmed anyone [United States in South Vietnam], nor released Sarin gas [Syria & Iraq]... Hippies don't chop off people's heads for moral infractions [Saudi Arabia anyone?] nor encourage lying [Most governments]... Hippies don't condone nor control drone assassination teams [The CIA]... Your Duly Elected Washington Representatives don't speak for us at all... All of the lying Corporation Bought Representatives of our Congress as well as the secondary Legislative branch call the Supreme Court are no one we would call friend... Nor the current POTUS nor any of the potential future ones... as they are all bought and paid for by all of the corporations you know and love...
by the way... Hippies don't like corporations... but the corporations love people that they can lead around by the noses... like maybe some of your congress persons or you since you seem to be fixed on the wrong Villain in this skit....
In the future please remember our motto-- Make Love, Not War!
If you don't like what America has become, I advise you, as we hippies were advised by the conservatives and red-necked Southern Good Ol' Boys way back when: "America, Love it or Leave it!"
The Truth Will Out.
It only take one guy, checking random important spots in different distros.
Anyone need a new hobby?
(anonymous at work cuz I did not memorize the password for my user)
you are not important enough to be a target Tell that to 1930's Europeans!
If you only look at the diffs, you won't notice a change which they'll spread out over a couple of months.
New things are always on the horizon
Rebuild from the ground up. It's the only way to be sure.
I predict a huge increase in use of BitBake.
I am very small, utmostly microscopic.
The suspicions surrounding Truecrypt have never been fully explained.
I am very small, utmostly microscopic.
The US government certainly is.
http://www.darpa.mil/Our_Work/MTO/Programs/Trusted_Integrated_Circuits_(TRUST).aspx
Every wonder why National Semiconductor (now TI I guess) runs a FAB at Fort Meade?
http://www.trustedfoundryprogram.org/
I am very small, utmostly microscopic.
Jason Wright and Angelos Keromytis where are they now? Jason Wright is (likely Jason L Wright) at Idaho National Laboratory. Angelos Keromytis is now a professor at Department of Computer Science Columbia University, must be him with such an obscure name.
Interesting, I wonder how they feel about their little part in the Stasiverse?
Perhaps they're students should ask them? I mean if you want to learn from these academics, it's important to know what the f*** were they thinking when they put backdoors into secure systems???
And what exactly did the University do when it read these allegations?
We do not agree on things but from your post I can see you are someone who has a brain, uses it and is capable of having a discussion. Usually around here all I get is name calling and down modding to the tune of 'shut up you are an evil Republican and therefore wrong'. FWIW I am not a Republican and I am not wrong. If you care the only reason I post around here is that it's fun to rattle the cages as it were, posting on conservative blogs gets boring as there one is either facing an echo chamber or you just end in some social club where you get to see people engage in virtual pissing contests, neither of which interest me.
But having an actual discussion is something different; I do not think you are evil for being wrong about things, you are just wrong. And on top of that you get a lot of things right, I assure you you would be surprised to find how much we agree about. Do you care to discuss some of this?
Let's start with a few of your points. Comments inline.
----
Being one of those liberal hippies you seem to be attempting to blame for "Republican Military-Industrial Complex Elitism As Usual" let me speak on our behalf:
-- Republican Military-Industrial Complex Elitism As Usual
Let's take that one first.
John F. Kennedy - D
Lyndon B. Johnson - D
Richard Nixon - R
Gerald Ford - R
Jimmy Carter - D
Ronald Reagan - R
George H. W. Bush - R
Bill Clinton - D
George W. Bush - R
Barack Obama - D
Going back to 1963 the House and Senate had the following make up;
Senate - .5/2 years
1963 to 1981 - D - 18 years
1981 - 1987 - R - 6 years
1987 - 1995 - D - - 8 years
1995 - 2001 - R - - 16 years
2001 - Half the year R then Jun 2001 to Jan 2003 D
2003 - 2007 - R - 4 years
2007 - - D - 6 years
Totals: D 34 years R 27 years
House -
1963 - 1995 - D - 32 years
1995 - 2007 - R - 12 years
2007 - 2011 - D - 4 years
2011 - 2013 - R - 2 years
Totals: D 36 years R 14 years
So just going by party majority back to 1963 what do you see? I see a clear Democrat dominance there. Don't you? So I am at a loss to what you mean by "Republican Military-Industrial Complex Elitism". Honestly. Democrats start plenty of wars in this list, you see this right? In fact Barky seems dead set on starting a new one any day now in Syria that frankly I do not see the strategic importance of. Ok that's putting it nicely but let's not go off topic. You think Republicans are running this show? The math doesn't add up. Let's continue;
No. Mr. O does not speak for me. Mr. O is just another "Republican Moderate" in allegedly liberal clothing [if he had been a *real* liberal he would have gotten us the "Single Provider" [aka Socialist} version of healthcare like all reasonable western countries have rather than the Capitalist "bend over, here's the bill" Romney-care.
--------------------
Do you really think Obama is a stealth Republican? You can't possibly be serious. Look at this honestly gishzida, tell me what Obama has done that strays from his socialist idealogy. Let's start with Obamacare.
Passing socialized healthcare on the US has been a dream of the progressive - the socialist - for literally generations. It goes back to Medicare and Social Security, all of these things pushed by the Democrats and for the most part these things are based in FDRs new deal; you know this right? The far left, the true hard core socialists, dream of single payer and this has clearly been the goal of the Democrats of Obama. As it is they had to twist arms and make deals and pushed Obamacare through by the skin of their teeth. They wanted single payer but knew they couldn't get it, and Obamacare is the compromise. The plan however is to leverage Obamacare into single payer down the road. The point here is that it wasn't Obama's fault that we didn't get single payer this time around, the truth is that the citizens do not want it and that congress knows that, and they did not have the
Problem is even worse than this modern processors since pentium 4 and above architectures have whats known as a microcode patch area an area where the instructions themselves can be patched/corrected after manufacture and where test programs have indeed managed to update(work was done a couple years ago by a now deceased friend of moi).. the manufacturers are of course aware of this area as they designed it in and its NOT designed for access even by determined assembly language programmers.. BUT grabbing an microcode update program for the processor in question and then careful disassembly by programs such as IDA will reveal the proper bits to twiddle to gain access.. except in very late model processors where such updates hopefully have to be signed with a key know to the TPM(yeah right).
SPARC and older Apple hardware have their firmware boot code written in a dialect/language similar to Charles Moore Forth(ie threaded interpretive language) its called OpenFirmware when I was in Sunsoft.(many years ago)...
A former penetration engineer for Sunsoft :)
If you have any type of social networking account (Facebook, Twitter, Reddit, Pinterest, etc...) then you gave up on your privacy long before the NSA had access to anything. Hell 60% of the FB accounts are fake government accounts anyway. I myself have nothing to hide and the government can read my email, text messages, instant messages, snail mail, all they want. Let them knock themselves out as I don't care. They have been reading your personal data for over a decade (Patriot Act saw to that). This is all old news and there's nothing to see here.
The day Microsoft creates a product that doesn't suck, it will be known as the Microsoft Vaccuum Cleaner!
I disagree with 1, because with an exploit like that any software can become your backdoor.
eg: You want to hack a mail server. You take a look at it with a quick profile and determine it's (hypothetically) a Windows 2003 server running Exchange. It's a big company, so you can be confident this is a 64-bit OS. So you craft your attack email: The trigger sequence, followed by a payload. You know this is running Windows 64-bit, so you can pick a payload accordingly. It'll run with the permissions of the first process to access the data: The network card driver. So all you need is a payload designed to run as Windows 64-bit 2003 kernel mode code, with the function of obtaining and executing the real malware that gives you control.
The good old days, when we hand-compiled our own cmpilers.
Look, if you're reading this news site, and you didn't know that security can only be meaningfully assessed against a threat and that an accurate model of this threat is required in order to assess it and propose countermeasures, you're not going to bring much to this conversation except noob blather.
The observation you appear to be missing is that *both* adversaries in a crypto war have cost-benefit tradeoffs to make. Backdooring a crypto product is cheap, and very valuable. Expect it. The NSA black-bagging your hardware is expensive. If you've never been to an environmental protest, you're not worth this to them. The NSA pwning your router, apparently, is a capability they hope to automatically acquire this year -- expect that.
/. -- the Free Republic of technology.
Either way, that's kind of a strange thing to say about an organization that claims to have completed an awesome new cryptanalytic capability in 2011, after which (according to the black budget leaks) CCP's Microelectronics program shrunk by a factor of six over the next two years... and that slide with that little red box...
/. -- the Free Republic of technology.
Apt Richelieu quote. They are collecting data on every person, but how much is a function of the person (or the data). Consistent sympathizers with incumbent power are uninteresting and not really worth the bandwidth. Sympathizers with any power other than the regime are interesting.
/. -- the Free Republic of technology.
Being one of those liberal hippies you seem to be attempting to blame for "Republican Military-Industrial Complex Elitism As Usual" let me speak on our behalf:
No. Mr. O does not speak for me. Mr. O is just another "Republican Moderate" in allegedly liberal clothing [if he had been a *real* liberal he would have gotten us the "Single Provider" [aka Socialist} version of healthcare like all reasonable western countries have rather than the Capitalist "bend over, here's the bill" Romney-care.
I think that a government that is likely to give you socialist healthcare is also not likely one that is going to disband an agency like the NSA, mainly because it's not one to disband any agency. (If the situation here in Europe can be any indicator.) The "perfect" laissez-faire society would be the one without an NSA. Now granted there is no such thing in the real world and it would just mean going over that civil vs. economic liberty thing again. But still. Hiding away talented mathematicians and engineers like that is just a waste of taxpayer money.
Do you consider *nix be more secure than Win 7? Given the recent leaks about these data collection efforts... Which OS would you say has the most integrity from a privacy prospective? All these stories on /. lately are starting to make me wonder if I should... 1. Always disconnect system's, from the network, when not actively being used. This could lead to issues by not being connected to receive patches & etcetera.
2. Build virtual machines offline and maintaine offline and reverting back to my, somewhat trusted, offline maintained VM images (using snapshots or similar)
Any other ideas, advice or opinion's would be greatly appericated.
/.
I would posit based on what we read in Ken Thompson's attack that the following can be traced back to Godel's problem: Can a secure system be build on systems that have tools that verify their own security? And for the practical minds, is it feasible / possible to trust any system as a starting base for a secure system and build over that? I have never thought about this this way, but I feel we might have hit security theory's rock bottom. Cheers!
From Wikipedia:
Popular choices for the group G in discrete logarithm cryptography are the cyclic groups (Zp)× (e.g. ElGamal encryption, Diffie–Hellman key exchange, and the Digital Signature Algorithm) and cyclic subgroups of elliptic curves over finite fields (see elliptic curve cryptography).
I don't know if that covers all of the widely-available EC algorithms.
Binary blobs are bad, m'kay. No argument there. However, IO-MMUs like VT-d, which is used by Core i* processors, seem to be a pretty strong protection. The approach is simple and therefore should be robust, and it directly handles the root issue, rather than trying to band-aid the symptom as Microsoft Security Essentials and similar do.
It is my understanding that DMA address space is assigned at runtime, but it's allocated at boot time, meaning a device can't gain access to memory not allocated for DMA at boot time. Memory management isn't "my thing", though, the storage stack is, and to some extent early boot is my thing. What you're talking about is handled by the memory management people.
You have a point, Red Hat does a LOT more development than Canonical, so maybe that's not the best example.
Offhand, I don't know what the BEST example is. I think you get the point, though. I've just been reading about the different options for caching disk devices on Flash and I noticed the three developers of different implementations, and the fans of the three implementations, assisted in pointing out weaknesses in competing implementations.
They get source code, but not all of it. It's not like they have access to M$'s private repos or whatever. But yeah, some vanishingly small proportion of people can audit Windows, after (presumably) forking over a ton of cash and signing an NDA in blood. I cannot imagine what their lawyers have put into that NDA, but they're not considered to be bad at their jobs, and this is likely to be one of the more important legal documents that M$ has generated.
I could talk about how incredibly fucked you would be if you violated that NDA, but let's just say that anything like a backdoor is [a] probably not included in the source you get to see, and [b] unlikely to be disclosed if discovered.
tl;dr The terms "auditable" and "publicly auditable" have great differences in definition, purpose, and relevance to this conversation. Frankly, you appear to be an idiot, and probably should avoid any further such demonstrations of your ability to expel nonsense from a text entry device.
Ah, so the NSA doesn't have root access to kernel.org's servers? If they've tweaked the compilers they use to generate the source in the way Thompson suggests, nobody except the tweakers would ever know. You could scan the source from top to bottom and never see anything wrong.
Go to Heaven for the climate, Hell for the company -- Mark Twain
Ok, trying to unserstand this in whole so I can repond on topic. Not sure if your main language is English, but right or wrong it's what I got an I will do my best.
"I think that a government that is likely to give you socialist healthcare is also not likely one that is going to disband an agency like the NSA"
Oh a agree, a very good observation.
"The "perfect" laissez-faire society would be the one without an NSA. Now granted there is no such thing in the real world and it would just mean going over that civil vs. economic liberty thing again."
Yes and no, the US did restrict a lot of this big brother stuff for many many years while wars and many other factors came up to intervene in this and ... wel there we are. A good subject but it is a big subjects for another day.
I find one things that usually makes the pont I am trying to make pretty clear ando do you it's not too hard to explain is this.
Who do you trust to spend your money and make wise savings decions- for your own good, and that of our family?
If you answer the state to the above query it stikes me as rather short sighted. Don't take my word for it,the state steals mah money at a truly alarming rate. Don't take my word for it, if I am wrong, please show me the evidence.
I do wish you good luck.
No to sign off, I hope you consider my words honestly, I meant them as such and with respect and tried to be honest and to present talk I hoped would ring true to you; I do hope you give thiese things thought, we must be able to discuss, not just fight. If we do not hang alone we will surely dis seperately.
Issues originating from kernel.org can and have been seen and fixed because each of the thousands of developers has their own copy and sees all changes. An attacker would need root access to everybody's desktops, or at least they'd need to know who might be interested in that area of the kernel and root those developers machines.
If you're worried about security go do OpenBSD. We know, it's not as well supported and it's under the BSD license. But if your main focus is security that's what works. Otherwise you can read up on the NSA articles for hardening Linux distributions, and don't forget to encrypt!
Knock, knock, ...
The clincher is at the end of the "Computer Forensics for Prosecutors" document. This is not quite the evidence for a Truecrypt back door!
Guess who's coming to dinner for Part 2 and 3?
From the Computer Forensics for Prosecutors pdf, page 17:
"Detective Stu Pitt will take over for Part 2:
and,
"Tomorrow, Detective Laughlin Foo will conduct Part 3"
No, encryption won't get your data back, that's what backups are for. Encryption does mean that the thief cannot skim your passwords and whatnot before fencing your computer at the local pawnshop. You might not have the data anymore but no one else should be able to get it either.