Slashdot Mirror
John McAfee: NSA's Back Door Has Given Every US Secret To Enemies (businessinsider.com)
John McAfee, American computer programmer and contributing editor of Business Insider, explains how the NSA's back door has given every U.S. secret to its enemies. He begins by mentioning the importance of software, specifically meta- software, which contains a high level set of principles designed to help a nation survive in a cyberwar. Such software must not contain any back doors under any circumstances, otherwise it can and may very likely allow perceived enemies of the U.S. to have access to top-secret information. For example, the Chinese used the NSA's back door to hack the Defense Department last year and steal 5.6 million fingerprints of critical personnel. "Whatever gains the NSA has made through the use of their back door, it cannot possibly counterbalance the harm done to our nation by everyone else's use of that same back door." McAfee believes the U.S. has failed to grasp the subtle implications of technology and, as a result, is 20 years behind the Chinese, and by association, the Russians as well.
You are mad. Perhaps even more crazy is the fact that you speak the truth.
When the foot seeks the place of the head, the line is crossed. Know your place. Keep your place. Be a shoe.
I thought he sided with the FBI against Apple. He thinks Apple should include a backdoor in their phones for the FBI...and now he's pointing out how dangereous backdoors are....
with a red crayon.
Isn't this the guy wanted in connection with the mysterious disappearance of a former neighbor? I'm not sure I'd take anything at face value from Mr. Stability.
If he's talking about the Chinese, they don't need an NSA back door to hack systems in the U.S., they've been porking government and contractor systems for years. The Chinese have the designs for every nuclear weapon in our arsenal and the personnel records of hundreds of thousands of government workers, including their security clearance applications. What would they get from an NSA back door that they don't already have?
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
In the 70s there were secure operating systems like Multics. Then the only things allowed for US export were the ones that failed to be secure. That's how we got DOS then Windows. Now everything needs to be rewritten from scratch by people without commercial pressure for there to be any chance. Think about the nave ending up forced to use "Windows for warships". In the meantime the Chinese always knew they couldn't trust software from the West. 20 year head start is probably an underestimate.
Whatever gains the NSA has made through the use of their back door, it cannot possibly counterbalance the harm done to our nation by everyone else's use of that same back door
It's a cultural problem that lies in the realm of personal freedom. NSA has reasons to let people use their backdoor, but they should be morally obligated to let people know that it's unsafe to use their backdoor. Me? I know better. But some people just don't realize whose backdoors are alright to use. But given the amount of people that would like to use NSA's backdoor, it should be obvious that it's harmful to use. So the blame can be sent to those people as well. If I'm being perfectly honest, I don't like using anyone's backdoor; it just doesn't work for me.
Americs has fallen behind in nearly every area. We are a stupid nation a lot of the time.
Well no shit. If it's made by a human, it can be exploited by another.
Just like if a human thought up an electronic board, another can unravel its workings with time and patience.
In the same manner a flaw produced by a human will be seen through by another one way or another.
It's just plain common sense.
Or at least it should be common.
From TFA:
The British spy agency GCHQ, with the knowledge and apparent cooperation of the NSA, acquired the capability to covertly exploit security vulnerabilities in 13 different models of firewalls made by Juniper Networks.
I hope we all understand now what “acquired the capability” means. The NSA planted a programmer within Jupiter Networks. The was no other way to “acquire" this capability.
Except that he just referenced a claim that the British acquired the capability by being told about the backdoor, and he then goes on to say that the Chinese acquired the same capability by discovering the backdoor through reverse-engineering. So there is another way after all.
Which raises the following possibilities, each just as plausible as "The NSA planted a programmer":
1. The Chinese planted a programmer, and the NSA or GCHQ discovered it via reverse-engineering and shared it with the other.
2. The Chinese planted a programmer, and the NSA discovered it during review of source-code shared as a condition of purchasing for sensitive government use.
3. A programmer was paid to create the backdoor by a non-governmental entity interested in corporate espionage, and all the state actors discovered it via reverse-engineering.
4. The backdoor was created unintentionally (e.g. failure to remove white-box test code before going to production), and all the actors discovered it via reverse-engineering and/or source review.
Basically, John presents no evidence whatsoever for his claim that the NSA caused the backdoor.
Ultimately, I do agree with his point he does make is that code inspections can catch and close both intentional and unintentional backdoors. But the rest of the article is FUD.
There is no doubt that McAfee speaks the truth here, but what he doesn't reference is that while the NSA and the FBI are retarded, there are huge numbers of folks in the US who do not subscribe to that policy and HAVE kept up on security and can spin the US Gov'mint up to speed quickly when the need arises, and it will. The US has traditionally been a late riser when it comes to open warfare, we mince in and get bloodied and then, come together in an economic juggernaut, uniting seemingly perpetual fighting sides of our country against any external threat, much like a bickering family consolidates against any outsider. Then when the threat is gone we go back to feuding like dysfunctional hamsters. I just hope we don't wait too long in the face of this more subtle threat...
"I fear all we have done is to awaken a sleeping giant and fill him with a terrible resolve."
"Regardless of the provenance of the quote, Yamamoto believed that Japan could not win a protracted war with the US. Moreover, he seems to have believed that the Pearl Harbor attack had become a blunder even though he was the person who came up with the idea of a surprise attack on Pearl Harbor. It is recorded that "Yamamoto alone" (while all his staff members were celebrating) spent the day after Pearl Harbor "sunk in apparent depression". He is also known to have been upset by the bungling of the Foreign Ministry which led to the attack happening while the countries were technically at peace, thus making the incident an unprovoked sneak attack that would certainly enrage the Americans."
errr....umm...*whooosh* *whoosh* Is this thing on ?
with a red crayon.
Cool fact: John McAfee is a fucking loon, in which the rule of grain-of-salt should apply to any decipherable noise that might escape from underneath his nose.
America's enemies are internal. "Cyberwar" is not near the top of my threat list.
What other FUD ya got?
I'll rip your head off and shit down your neck!
...then eats the crayon.
Do people still have enemies nowdays? First De Loreans, now Cold War again? What's next? Cocaine with your friends? I already know that You're a coward, but You still have to prove that You aren't boring, for more than 1 hour.
...then eats the crayon.
... then eats the napkins.
Socialism: a lie told by totalitarians and believed by fools.
is when I stopped reading. The country with the biggest military on the planet, who has not had its borders breached since briefly during WW2, and has used its "defence" force for nothing but illegal invasion, is crying about "enemies".
He can't possible know what he claims to know. Why does stuff like this make it on Slashdot? I come here because it's smarter news without idiotic sensationalized narratives designed to manipulate people's opinions by targeting their emotions instead of their rational.
Nobody knows how much backdoor get exploited or by who.. that's the fact of the matter. This is a sensationalized claim for the sake of catching headlines and exciting people, the problem is it's also dishonest to do that. Thus when a person tries to market a message with this much exaggeration, regardless of their message or my respect for the cause, I can't trust them. They've destroyed thier own credibility by making sensationalist claims.
That's really something you should never do in life if you want to position yourself as a credible source. I don't believe it happens entirely by accident. It's an attempt to manipulate people and make decisions for people. In this case it's also grossly untrue.
First off... a lot of secrets are still offline and not even digitized, so i doubt a backdoor has let anyone get to them unless it's a backdoor in reality and the laws of physics itself, which if the NSA can do, I must respect. Is Mcafee claiming the NSA can see through walls and pull secrets out of our minds? Bullshit or Not.. YOU DECIDE!
They just make it seem like "enemies" so their nationalists don't get angry with the leaders.
http://www.theguardian.com/world/2007/apr/24/usa.comment>
Assume (and this is hopelessly naive) that any back doors that you leave in the software will never be found and hacked. With the U.S. Government's miserable record on keeping secrets, SOMEBODY on the team will turn out to be a Chinese or Iranian or Russian agent, and the back door will become a SCREEN door, allowing all your data to be stolen and disinformation inserted into your systems.
@apk
You're a lying piece of spamming shit: you said you weren't going to post anymore, cocksucking lying shitfuck.
Just because John wouldn't show up for your Annual Tinfoil Hat Convention doesn't mean you should just lash out in anger and dismiss the entire field. There are still people in Tinfoil Hat land who need leaders like you to press ahead, even if John can't be one of them.
"Stratigraphically the origin of agriculture and thermonuclear destruction will appear essentially simultaneous" -- Lee
if != of
Your lie is subtle, but significant. The FBI did not ask for vulnerable code; the FBI most specifically asked for Apple's assistance. They did not, at all, specify that the FBI should have, at any time, access to the code.
"If you can't attack the message, attack the messenger, eh?" which you fail at too. Originally from-> http://news.slashdot.org/comme...
APK Hosts File Engine 9.0++ SR-4 32/64-bit http://www.start64.com/index.p...
* Gets data for more speed & security via 10 security community sites.
Better on power/cpu/ram+ IO resource use vs. local DNS servers + addons w/ less security issues vs. DNS + routers.
Blocks all ads + bad sites & less complex vs firewalls (they need layered filtering drivers - hosts don't + firewalls block far less used IP addresses, hosts block FAR more used host-domain names) complimenting 'em.
Even Antivirus = reactive. Hosts = proactive, blocking infection BEFORE you get it.
APK
P.S.=> Hosts do more for speed (hardcoded favs + adblocks) & are faster than addons, security (blocking bad sites & dns security issues), reliability (vs. downed & poisoned dns), & anonymity (dns requestlogs) vs. other "so-called -solutions'" w/ what you natively have. Unlike Adblock\UBlock\Ghostery it's not blockable by ClarityRay/BlockIQ + uses FAR LESS RESOURCES & does more
... apk
Is it too much to get the basic facts right?
Who actually cares? Why is this posted on /.? It's even less relevant than the crap people (and "people") complain about...
This shithead should be extradited to Belize, fat chance of that happening.
http://yro.slashdot.org/commen...
http://yro.slashdot.org/commen...
So, your third try at a "last post"?
Which is precisely what the grandparent poster didn't do; here's the irony of the challenge facing an ad hominem arguer: To successfully challenge the message one has to point out how the message is not worth taking seriously. The very thing the arguer tries to get us to ignore is the thing that has to be examined and taken down thus justifying future skepticism. I could see where someone's background would justifiably raise suspicion, but not outright dismissal of all claims such as what you propose. You're making the same mistake that poster made; while white knighting for a bad argument you're claiming "Charles Manson is not going to give you sound advice" without telling us exactly which Manson advice we should dismiss. I can only guess you think we should dismiss everything Manson (and thus McAfee) says on any topic but without any examples of why we should follow that advice. And then you post this anonymously, so as to prevent anyone from understand whom they're reading so we won't dismiss what you've said in the past further now that your own argument has failed to convince and raised suspicions of you.
When one makes an argument like yours and doesn't supply the information we need to justify dismissing someone out of hand, people look into things. For example, people tried arguing this way with Donald Trump, someone whose racist and unfactual screeds have justifiably earned him quite a bit of bad press. But when Trump recently pointed out that in 2003 George W. Bush lied to get the US to invade Iraq, Trump was right and at that time millions of people on the streets of the world in the world's largest anti-war protests knew the Bush government and pro-war sycophants didn't have the evidence they needed to justify war. Trump got booed by seemingly reflexively pro-war Republicans when he pointed out Bush's lies but that didn't make what Trump said in those statements worthless.
Digital Citizen
Hello,
Actually, hosts files are a reactive technology and not a proactive one, since they only block what is already listed in them. That does not mean they are useless, of course, but that they are just a supplemental tool, much like anti-malware software, segmenting administrative and user privilege, auditing logs, etc. There's no one magic bullet for security.
Regards,
Aryeh Goretsky
Dexter is a good dog.
With the articles on them? Now there's food for thought.
Ezekiel 23:20
Hello,
Mr. McAfee has a rich and varied history of stating as fact things which cannot be proven as true or as false, simply because they cannot be verified. It is most certainly not paranoid rantings, nor is it based on any actual information about the current situation. Instead, it is carefully-crafted statements made for one reason and one reason only: To maximize his coverage in the media.
Recent examples of similar behavior include:
Sometimes making comments to the media works to McAfee's advantage, sometimes they don't. But as long as he keeps coming up with new ones, he keeps getting media coverage. This story is just one more example of such continuing behavior.
Regards,
Aryeh Goretsky
Dexter is a good dog.
"Under Deng Xiaoping, the penalty for back doors, and for violating any of the meta- software principles, was death." In the US it's just a mandatory minimum of one-year in federal prison. https://dockets.justia.com/doc...; https://www.fas.org/sgp/crs/mi...
I think this man could make America great again. He is a great man. He is no murderer. Those are stupid lies told by his enemies. I want to be great again.
See subject: Far more efficient as well, no added moving parts necessary & hosts block infection sources, antivirus doesn't (hosts are 1st resolver queried by default over remote DNS calls & operate long before browser based defense does, or antivirus resident (has to 'touch down' onto YOUR system (filesystem or via where hosts stand guard on the MOST used threat vector, host-domain names & 1st before browser based methods in addons work, OR filesystem layered drivers like antivirus uses... Yes, hosts stop that cold before it happens - others, even antivirus, are "late to the game" everytime vs. hosts)..
* Hosts relegate antivirus to a "supplemental tool", as a scanner (that's IF you manage to get infested - hosts stop that before it happens & via my program, it's current (the most important data for it IS that)).
APK
P.S.=> Care to debate any of that? I'd be glad to oblige (though some of my replies MAY be delayed)... apk
The UK was very happy to let the press, courts, authors and historians just wonder about the role of the GCHQ for decades.
If expert help was needed for the courts different front groups could offer decryption or play the role of expert witnesses. No need for any comment in open court or for anyone to even understand any aspect of the UK's signals intelligence. Large bases globally, huge amount of staff had nothing to do with the public, courts, politicians, the press, authors. Funding flowed and collect it all worked to ensure information flowed as needed within the UK mil and gov.
The NSA seemed to have a lot of different budget and growth problems. Size and an expanding budget matters in the US, been seen to get results, leading missions not just helping, showing political leaders and their random staff real time results.
The instant and very public win, an ever expanding budget, more mil/public/private sector work, looking after no bid contractors and attracting a new, expanding workforce.
Weak, junk standard crypto sold by big US brands to the world was the easy key to bureaucratic growth and very public success without too much effort for decades.
Every interesting nation knows their domestic and international networks are totally compromised when fully importing junk products. The problem with the easy path of designing in junk crypto is every other nation soon learns of the same simple weaknesses and can cope with that reality.
Other nations can cope with the US gov having total mastery of every US branded turn key telco and computing product sold, designed or in use.
They can focus on getting their own trusted human staff deep into gov, higher education, industry globally as all focus is on the signals side.
Position loyal staff to shape other nations policy formation for decades with charming humans takes generations and time but they do rise to the very top.
Was a total focus on signals intelligence by the West beyond the 1960's a win? They got to "collect it all" by selling low cost junk encryption globally but the human side was always the way in.
Domestic spying is now "Benign Information Gathering"
"Grain of salt" just means that you don't believe it blindly, you're aware the details may be wrong and you have to check them before believing each one. It applies to everything all the time; the phrase is just a reminder in some cases that checking is prudent.
Checking the details of what he says is important, you might have missed a few of the jokes with just a casual listening.
But I'm not convinced you understand American English cliches very well.
Perhaps adding a back door to the iPhone would do the trick...
I don't understand. This McAfee seems to be implying that the NSA might be doing something wrong.
and thus religion shows it's true and only utility. training young minds to cope with self imposed acute cognitive dissonance that is always the result of ... holding contradictory thoughts.
See subject: ... & I wasn't talking to YOU here was I? No, I wasn't http://news.slashdot.org/comme... so go away, troll!
APK
P.S.=> I'd like to see HIS answer (not yours - yours is just off topic lunatic dribblings, nothing more)... apk
Even a stopped clock gives the correct time at least twice a day.
Even if McAfee has said other stupid things, I think it's very highly probable that any backdoor put into place by the NSA is probably well known by other service in other countries with big means and big budget, and probably exploited by them too (Though smaller player like Switzerland's Onyx probably don't have access).
I wouldn't be surprised if Snowden was far from the first time that China's MSS and Russia's FSB/KGB ever heard about those backdoors (second reason why I suspect Russia speaks the truth when they say they haven't read any document from Snowden. They wouldn't need it: these documents wouldn't contain anything that they aren't already aware of and exploiting actively).
So yup, I think for McAffee has said something sensible: Russia and China have probably had a field's day using backdoors left by the NSA.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Anyone (else) remember how we used to write programs (for the main frame)? The Chinese didn't invent anything, they simply followed the IBM red book. Although the advent of personal computers has certainly changed everything, the very basis upon which they did that eliminated the very thing being touted. Giving the power to process data (write code) to the end user will of necessity remove any impetus for code review.
There are other issues as well that are engendered in the forces driving software development itself. First and foremost is the inclusion of inexperienced programmers. Ones whose only experience is with writing GUI routines who are then promoted to creating systemic code. The two have completely different security needs. Similarly the move to frameworks such as AGILE where code production is valued over code correctness have led to a plethora of routines which only have positive testing, and no review. Finally the creation of both tertiary languages, ones that have to be translated twice before they arrive at machine code, and the rampant use of tools which eliminate the need to actually write code in lieu of dragging and dropping functional blocks, make code review nearly impossible. You aren't reviewing the code itself but rather larger collections of routines. You'll never find the backdoor because it isn't in the code you are reviewing.
What I'd like to see, and it won't happen, is a return to the bad old days. This is when a program update took between 6 mos and several years due to review and rewrite schedules. You can approach the same endpoint with well constructed negative testing, but I have yet to encounter a software firm which performed exhaustive negative testing. Usually if it is done at all it is simply a session using random data. No stress testing. No deliberate failure induction. No code review.
Why do we want to move all of our things to being internet connected (IoT) when we can't even write a decent firewall.
A public key block would flag a back door very obviously. The data has a unique look. It also has a unique profile of use, in that someone would have to initialize a cipher session or whatever. Even a trivial code review would find a fully encrypted back door.
Hiding the public key block within an obfuscation generator adds a huge block of code instead of data, followed by the same need to invoke the cipher system.
To function as a "back door" the door, by definition, has to be pretty damn simple and innocuous enough to go unnoticed.
So "creating a back door that only you can use" is actually creating a separate front door with all the trappings, which kind of moots the point of sneaking it in.
Back doors are, pretty much by definition, mechanisms that only implement security through obscurity.
Fully secure ingress is way too hard to sneak into place and remain hidden.
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press