Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSA Opens GitHub Account, Lists 32 Projects Developed By the Agency (thehackernews.com)

Posted by BeauHD on from the open-up dept.

An anonymous reader quotes a report from The Hacker News: The National Security Agency (NSA) -- the United States intelligence agency which is known for its secrecy and working in the dark -- has finally joined GitHub and launched an official GitHub page. GitHub is an online service designed for sharing code amongst programmers and open source community, and so far, the NSA is sharing 32 different projects as part of the NSA Technology Transfer Program (TTP), while some of these are "coming soon." "The NSA Technology Transfer Program (TTP) works with agency innovators who wish to use this collaborative model for transferring their technology to the commercial marketplace," the agency wrote on the program's page. "OSS invites the cooperative development of technology, encouraging broad use and adoption. The public benefits by adopting, enhancing, adapting, or commercializing the software. The government benefits from the open source community's enhancements to the technology." Many of the projects the agency listed are years old that have been available on the Internet for some time. For example, SELinux (Security-Enhanced Linux) has been part of the Linux kernel for years.

10 of 64 comments (clear)

  1. Not the first by blueg3 · · Score: 4, Funny

    FYI, they've had things on Github for a while. Just maybe not under the NSA name.

    1. Re:Not the first by Dan+East · · Score: 2

      You must be referring to encryption algorithms and commits to help out projects like OpenSSL?

      --
      Better known as 318230.
    2. Re:Not the first by TheRaven64 · · Score: 3, Interesting

      If you want a much better conspiracy theory, consider that there's a whole category of exploit related to null pointer dereferences that was only made possible by SELinux. Either the NSA didn't think about it when they wrote that code, or they intentionally introduced something that made it possible to compromise the systems from a self-selected group of people who care about security.

      --
      I am TheRaven on Soylent News
  2. Honeypot ... by CaptainDork · · Score: 3, Insightful

    ... just sayin'.

    --
    It little behooves the best of us to comment on the rest of us.
    1. Re:Honeypot ... by AHuxley · · Score: 4, Interesting

      More hearts and minds. They have to find new staff. In the past it was at the very best US/UK universities.
      In the very distant past even draft and national service "tests" got used to find low level staff with useful math or language skills.
      Now its all about social media, conventions and been online.
      The other method is to set up long term educational efforts but other nations/cults/faiths tend to notice such public efforts and flood such courses with their own long term agents.
      The mistakes of using new contractors or just trusting people from good universities have been understood over the decades.
      So now its social media and the internet to find and attract skilled, loyal, hard working staff.
      Vetting has to be perfect every generation hired or 1930's UK staff issues return. Other faiths, cults, nations will just game the out reach efforts with computer skills and needed languages.
      East Germany would often place the most low level staff into West German gov/brands. Decades later it was expected that they could rise up to be middle or upper management.
      Other nations have learned from the US need for skills, translators and have taken note of a lack of real vetting due to domestic political considerations.

      --
      Domestic spying is now "Benign Information Gathering"
    2. Re:Honeypot ... by CaptainDork · · Score: 2

      Because the NSA is restricted by jurisdiction, competency, ethics, and the ability to protect its cyber weapons and stuff.

      Oh, wait ...

      --
      It little behooves the best of us to comment on the rest of us.
  3. Late to the party by nickovs · · Score: 4, Interesting

    The British information security services, GCHQ, have been posting interesting and useful stuff to GitHub for a while. In fact if you want to do interesting analytics on graphs with annotations to both arcs and nodes they have released some pretty neat tools, and they're not just useful for finding terrorists on social networks.

    --
    If intelligent life is too complex to evolve on its own, who designed God?
    1. Re:Late to the party by AHuxley · · Score: 2

      All part of a long term political plan to attract any workers.
      The UK worked really hard after the many 1930's-1970's security issues.
      By the 1970's they had finally worked out how to attract staff, keep staff and ensure staff stayed loyal.
      New efforts are more about party political requests to just hire more staff. Any applications have to be considered. Staff to be considered on topics other than security, merit and loyalty. Security issues might again not be a reason not to give someone a job in the "security services".
      So a lot of effort is now been made to attract people to gov work but other nations, faiths will also use the new hiring practices.
      The UK had great success in the 1970-90's in Ireland as it had perfect collection security.
      By having to be fully open to any random gov job seeker that ability to keep secrets will be lost in a generation.
      Not so much late to the party, more political parties changed once secure hiring policies.

      --
      Domestic spying is now "Benign Information Gathering"
  4. Re:backdoors by MangoCats · · Score: 3, Interesting

    Since it's on GitHub, presumably as source, but even some binaries could be analyzed... That would be quite the feather in a White Hat (or Black one for that matter), exposing the NSA backdoor in a supposedly secure module. Plenty of people out there with too much time on their hands and an interest in exposing things like that.

  5. Re:WRONG by TheRaven64 · · Score: 2

    Almost 5% of all IPv4 addresses are FBI honeypots? I find that quite hard to believe somehow. Unless you're counting IPv6 addresses in that number and they're all in one /64...

    --
    I am TheRaven on Soylent News