Slashdot Mirror
Pentagon Creates 'Do Not Buy' List of Russian, Chinese Software (defenseone.com)
An anonymous reader quotes a report from Defense One: The Pentagon is warning the military and its contractors not to use software it deems to have Russian and Chinese connections, according to the U.S. Defense Department's acquisition chief. Officials have begun circulating a "Do Not Buy" list of software that does not meet "national security standards," Ellen Lord, defense undersecretary for acquisition and sustainment, said Friday. The Pentagon started compiling the list about six months ago. Suspicious companies are put on a list that is circulated to the military's software buyers. Now the Pentagon is working with the three major defense industry trade associations -- the Aerospace industries Association, National Defense Industrial Association and Professional Services Council -- to alert contractors small and large. Lord said defense officials have also been working with the intelligence community to identify "certain companies that do not operate in a way consistent with what we have for defense standard." Asked if programs and weapons were compromised by foreign software, Lord said, "These are more widespread issues. I don't think we're focused on one particular system."
Hey, Russia - if you're listening - put all Microsoft products on that list.
Great to know, a list of software that doesn't contain US government sanctioned backdoors. If the Pentagon doesn't like it, then you can be 99% sure it values your privacy and doesn't harvest your private data.
The irony, is that i might sound like a troll, but this is the truth.
A perfectly reasonable idea that will be used for all the wrong reasons. So, standard operating procedure, I guess
Wait, it is 2018 and this list didn't exist already???
US & Israel are good, always good, and will be good forever.
On the other hand, China & Russia are bad, always bad, and will be bad forever.
Stuxnet is good, but anything coming out of China / Russia is bad.
Is that what you are saying??
Man, way to bring me back to /.'s hayday. All we need now is for Netcraft to confirm it.
Facebook, Instagram, Twitter, Snapchat, Whatsapp, and other social media platforms that foreign countries contaminate with ad-buying.
It little behooves the best of us to comment on the rest of us.
... list?
It little behooves the best of us to comment on the rest of us.
Proprietary software cannot be trusted. It must always be treated as potential spyware. Only free-as-in-freedom software can be allowed for critical tasks.
Circumcision is child abuse.
Windows 98 sux. Run Red Hat 4.3 instead.
No, Russia has engaged ISIS at the request of the UN recognized government of Syria. The US is not welcome in Syria because it was supporting terrorists whose stated goal was overthrown of the UN recognized government of Syria.
Good little Chinese propaganda troll. China is many,many,many times more of threat than Russia.
It’s not a wall, it’s anti-hacking by a foreign government. This is long overdue basic digital security for military secrets.
Long overdue and still too relaxed.
Show how not building a wall is the same as unrestricted free-for-all access to all and you are a genius ... but you can't, because you and your "arguments" are dog shit stupid.
Winning friends and influencing people, I see.
I'm looking forward to Russia and China releasing their own tit-for-tat list of consumer products that come with preinstalled NSA/CIA backdoors.
We just got hacked by the Russians and now you whine like a bitch when the government actually does something about it?
Are you fucking stupid or a Russian bot?
Much of this, used in many telephone companies, is developed in Moscow.
-- I ignore anonymous replies to my comments and postings.
There are longstanding US immigration laws and policies. The laws were in place way before Trump was ever elected. All he has done is push for existing laws to be enforced as written. And the way in which people have been detained and separated from their underage children is the direct result of enforcing laws already on the books. Laws and policies that were put into place by the Legislative branch not the Executive branch. Those eager to dump the consequences of those laws are now basically arguing anyone is welcome. Bringing a child along now guarantees entry into the US with no danger of being detained until your individual case is adjudicated. And making an asylum request due to hardships in their home country is just icing on the cake.
And it is not the President who is responsible for the DACA program status. He turned DACA over to Congress so they could create legislation to continue the program. DACA was first implemented as a Executive Order. The constitutionality of that order has been on question since it was first issued. Turning the DACA program over to Congress was the proper thing to do.
Why don't those traveling from Central America to escape their hardships make their final destination Mexico? Surely they would be safe from whatever they were running from in their home country. Why does Mexico allow people across their southern border as long as their final destination is the US? There is a lot of money being made off the people traveling to the US. The human traffickers bribe the Mexican political and law enforcement officials to look the other way.
Of course the real solution is preventing anyone who is not as US citizen, passport, and green card holder from taking one step across the border. There are US consulates in Mexico where you can make your application to enter the US. Those found wandering around in the southwestern deserts can be picked up and escorted back over the border. And if the US is suppose to allow anyone in why can't the US just go into the countries people are running away from, kill all the trouble makers, and claim the country as a US protectorate? Then no one would need to immigrate to the US?
Recall, from another Defense One article, the Russians are using every trick possible to gain ground in cyber warfare. One of their biggest fronts is finding and not disclosing software vulnerabilities. This means that you don't even have to actively install Russian software for them to potentially be able to get into your computer.
I am a security analyst and recently took a trip to Russia. There are a lot of jobs out there. And they pay well. The Russians are looking for every way to "hook" into American systems through social engineering. And they pay REALLY well once you have been working for them for a few years, you gain their trust, and they put you on "assignments" frequently involving US government contracts. I had a few offers when I was in Vladivostok. They knew who I was and still tried even though they knew I wouldn't budge.
The reason that America is attacking Iran is because Saudi Arabia pays well to attack their enemies. And the US Government will happily overthrow a democracy with a good human rights record at the behest of a terrorist spawning (Taliban, ISSIS) oppressive dictatorship any day of the week.
And Albert whatsisname was an immigrant, and he turned out to be a pretty good physicist.
"When the going gets weird, the weird turn pro" -- HST
China wants to be THE superpower, running the entire world. Russia wants to be the major world power ruling their little corner of the world. Treating them the same way plays down the threat posed by China and inflates the one posed by Russia. Russia invaded the Ukrain and stole some land, China invaded the entire South China Sea and is stealing the entire sea. China's One Road initiative is based upon loaning money to foreign countries, stealing it back, then siezing control of those countries when they can't repay the loan. What China is currently doing in the occupied country of Tibet is much worse than what Isreal is doing to the occupied country of Palestine.
"When you think government spyware, Buy American!"
This space for rent
How wrong you are about everything! Especially notice this quote "China has been a united multi-ethnic country since ancient times.", the numerous recognized minority groups listed previous to it, and the detailed history of cooperation that follows it. China's goals are peace for the sake of trade, and if you look at China's actual history it even declined invading Mongolia despite being attacked thousands of times by its closest neighbor. Again, if you look at the actual history Han dominance is relatively recent but every group has accepted the previous and used it for growth, all the way through the Ming.
Since when does slashdot link to stories with tracking on them - ?oref=d-topstory - ? I thought that was against the slashdot code.
Best case scenario Beau just copied the link from somewhere else with the tracking already on there.
Actually the irony is that you can not be sure of that at all precisely for the same reason we can not trust so much of the software on and off this Pentagon list. Your post is currently moderated as "Interesting" but would be better moderated as "Funny" because it might be a joke, but it certainly isn't true.
The way we come to trust a program is by examining its source code, then modifying that program to suit our needs, running the version of the program we trust, and we can help our community by distributing a copy of the program and its source code under a free software license. These are the four freedoms of free software—software users are free to run, inspect, modify, and share for any reason even commercially. Therefore free software is worth trusting; when those who are skilled and motivated to do the vetting do that work, they can come to trust that software. Those who trust their efforts can get copies of programs from them.
Nonfree software (proprietary, user-subjugating software) is frequently malware and is untrustworthy by default. We don't know what's in it and we're unable to inspect its source code. This means we can't "be 99% sure it values your privacy and doesn't harvest your private data". Perhaps it does that but is part of a malware scheme separate from the US Government and American corporate malware schemes we've come to learn about. We also don't know if they have "US government sanctioned backdoors" but direct the spied-upon data somewhere else. If we find out a proprietary program is malware we can't do anything to fix that program (modification is not legally allowed), and even if we modify a copy of the binary we can't legally distribute a copy of that fixed binary to others to help our community.
Therefore this list doesn't help us evaluate trustworthiness at all. At best it uses a proxy for trustworthiness—nationality (if that even means anything, considering software development firms hire worldwide): the nationality of people or an organization that had something to do with writing the code. But that's not terribly helpful. If the NSA hired a contractor to write a program, then released that program as free software, we could vet that program's source code and that code might be useful to us in the free world despite that the code came from the NSA (which is justifiably widely untrusted in so many of their other activities). In another example we're told that Apple's iTunes contained a security flaw that went unpatched for years and "allowed intelligence agencies and police to hack into users' computers for more than three years". I'm guessing people working with both the NSA and Apple come from many countries.
Digital Citizen
Fixed fortifications are a monument to the stupidity of man -- General George S. Patton
The Russians have won. They have made the world a cesspool of distrust, greed, fear and hate.
Immigrants actually add value to the American economy, so it's not clear what you're on about...
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
This was all before the welfare state.
Citation needed. We have always had legal immigration. Please cite your sources for the undocumented immigrants that contributed to the Apollo and Manhattan projects.
Man, way to bring me back to /.'s hayday. All we need now is for Netcraft to confirm it.
... and a Beowolf cluster of Natalie Portman’s hot grits.
#DeleteChrome
Maybe they had trouble finding it because systemd didn't mount the drive correctly?
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Is there some reason why we need to have a competition here? Russia's a little ahead of China in terms of an individual assuming dictatorial power and taking direct action to influence Western democracies. China is a little ahead of Russia in terms of controlling information and maybe slightly ahead in seizing foreign territory. Can we not just agree that they both have merit? Can't that be good enough?
Putin says it's safe so hey, what can we do?
I hate article like that one. I want to see the list!
What value? More profit for the CEO's because they keep the wages low?
It beggars belief that any "power" relies on the software built by other "powers". Even the software from your "friends" is likely to have hidden exploits, because they will want to know what your plans are.
No it won't. The deep state is not fond of Trump, he has not (yet?) started a single war in 2 years. They counted on Hillary for their income.
What walls can we build next? Oh, right: 200-foot walls along all our borders to keep the monsters and zombies at bay....
Which was a campaign promise, which a lot of people want, which would help us economically, and which should be at the very least debated without rancor.
Show us how unrestricted immigration will benefit us and we'll listen.
Debate by insult is not debate.
Show how the wall will benefit, and also while you're at it show how every country without one (so basically every country) has unrestricted immigration. How is the wall coming though? Because you're right, it was a promise, is Mexico still paying?
Wanna buy a shirt?
https://www.redbubble.com/people/stealthfinger/shop?asc=u
It's sad that everything has become political and you cannot be sure that there are any security reasons for these listings.
Assorted stuff I do sometimes: Lemuria.org
When has a wall ever stood the face of time.
The Romans built a wall around my home town of Chester, large parts of it are still there... granted it has been repaired, and maintained, with parts rebuilt over the years.
The Chinese built long stretches of wall centuries ago that are still standing.
Walls can last a long time if properly built and maintained... the question is- is it smart to build the walls in the first place? In the 21st century a wall isn't very much of a barrier anymore.
"That's the way to do it" - Punch
Nonetheless they are the recognised government of syria, and there are many other governments around the world doing terrible things to their own people.
And the syrian government has sufficiently powerful allies (ie russia) that you cannot go and invade them directly.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
> ...don't compare the behaviour of Russia or China to US-Israel-stuxnet.
The attack that legitimized cyber-war, for which the most vulnerable country is the US, and which did not significantly slow down Iranian uranium enrichment for very long ( https://www.tandfonline.com/do... ) ?
China and Russia are perfectly happy to settle for absolute control over the pieces they claim as theirs,
Nonsense. That might apply to Russia (I'm not sure, personally) but China has deliberately pursued policies intended to make it look that way while harboring notions of ruling the world. And as little as I like the USA running around the world bombing brown people for money, I'd like it a lot less if China were running things, and so would most everyone else. Except, of course, people in China. Things would simply not change much for them, since they're already being treated the way everyone would be treated.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Everyone in the defense industry should be required to buy American. It's fucking insane that we let Chinese and Russian technology into the industry at all.
A pathetic comment like this get voted this high; come on slashdot have you really sink this low? Are there that many ignorant and hateful Americans on here?
Try that one again - a German posted a link to a Swiss website. I am amazed at the prideful ignorance and and willful stupidity displayed on Slashdot now. This is basic information that anyone with an education can find easily. As for the Han dominance, I mean the Ming were the last Han dynasty, replaced by Manchu (Mongolian who were a mix of Mongolians and actual Far East Russia natives rather than the transplanted ones in Vladivostok, etc.
It is absolutely disturbing. Slashdot has fallen so far it is now a cesspool compared to its origins as a site where educated people could interact.
I wouldn't know such detail... I stopped watching after the first season when it became obvious it wasn't going to be escapist enough for me.
Russian cyber security firm, Kaspersky Lab, is being investigated by the F.B.I. for possible links to Russian security services. Quote from NY Times 9/12/2017. US govt put out notice to remove this anti-virus from all government not only DOD computers within 90 days ordered by Elaine C. Duke, the acting secretary of Homeland Security. Boxes with embedded code, like routers, cable modems, computers desk & laotop, etc may be infected with backdoor or corrupted software put there in China's production factories by People's liberation army cyber experts. Unless we know the embedded code is pristine, we have given our country's cyber system access to America's enemies. Look at Stuxnet code launched against Iran's nuclear enrichment machines, Iran had no idea that they had been hacked but good. We need AI, machine learning or something to detect the malicious low level code that controls hardware and keep our systems from harm both foreign and domestic sources.