Security via the NSA?

classic Classic list List threaded Threaded
25 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Security via the NSA?

Doug Milam
Reply | Threaded
Open this post in threaded view
|

Re: Security via the NSA?

Felipe Alfaro Solana
On Sat, Nov 21, 2009 at 8:29 PM, Doug Milam <[hidden email]> wrote:

> Will OpenBSD be the next to be 'helped'?
>
> http://www.npr.org/blogs/thetwo-way/2009/11/nsa_microsoft_windows_7.html
>
> NSA also helped Linux with SElinux. As long as OpenBSD remains open source,
I don't see the problem.

Reply | Threaded
Open this post in threaded view
|

Re: Security via the NSA?

AG-21
Felipe Alfaro Solana wrote:

> On Sat, Nov 21, 2009 at 8:29 PM, Doug Milam <[hidden email]> wrote:
>
>  
>> Will OpenBSD be the next to be 'helped'?
>>
>> http://www.npr.org/blogs/thetwo-way/2009/11/nsa_microsoft_windows_7.html
>>
>> NSA also helped Linux with SElinux. As long as OpenBSD remains open source,
>>    
> I don't see the problem.
>
>
>  

Depends on whether one trusts the NSA or not.

Reply | Threaded
Open this post in threaded view
|

Re: Security via the NSA?

Nick Guenther
On Sat, Nov 21, 2009 at 5:32 PM, AG <[hidden email]> wrote:

> Felipe Alfaro Solana wrote:
>> On Sat, Nov 21, 2009 at 8:29 PM, Doug Milam <[hidden email]> wrote:
>>
>>
>>> Will OpenBSD be the next to be 'helped'?
>>>
>>> http://www.npr.org/blogs/thetwo-way/2009/11/nsa_microsoft_windows_7.html
>>>
>>> NSA also helped Linux with SElinux. As long as OpenBSD remains open source,
>>>
>> I don't see the problem.
>>
>>
>>
>
> Depends on whether one trusts the NSA or not.
>
>

It also depends on whether one trusts the OpenBSD devs, and the
OpenBSD packagers, and the upstream ports providers, (and for most
users), the mirror admins.

Like, obviously the NSA's mandate is spying but so long as Linux and
OpenBSD are open source we (or more realistically, someone with the
deep knowledge and time) can check the code for 'bugs'. Intel's binary
blobs should be scarier than the NSA for us (though the situation
might be different for Windows users).

-Nic

Reply | Threaded
Open this post in threaded view
|

Re: Security via the NSA?

Samuel Baldwin-3
In reply to this post by AG-21
2009/11/21 AG <[hidden email]>:
> Depends on whether one trusts the NSA or not.

That's the nice thing about open source software; we don't have to,
because we can verify their code or mathematics ourselves.

--
Samuel Baldwin - logik.li

Reply | Threaded
Open this post in threaded view
|

Re: Security via the NSA?

Henning Brauer
In reply to this post by AG-21
* AG <[hidden email]> [2009-11-21 23:41]:
> Depends on whether one trusts the NSA or not.

right, of course the NSA gets commit access and peer review rules
don't apply. right.

<henning@cvs:2>$ finger nsa
finger: nsa: no such user.

hmmmmmm.

--
Henning Brauer, [hidden email], [hidden email]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Reply | Threaded
Open this post in threaded view
|

Re: Security via the NSA?

Felipe Alfaro Solana
In reply to this post by AG-21
On Sat, Nov 21, 2009 at 11:32 PM, AG <[hidden email]>wrote:

> Felipe Alfaro Solana wrote:
> > On Sat, Nov 21, 2009 at 8:29 PM, Doug Milam <[hidden email]>
> wrote:
> >
> >
> >> Will OpenBSD be the next to be 'helped'?
> >>
> >>
> http://www.npr.org/blogs/thetwo-way/2009/11/nsa_microsoft_windows_7.html
> >>
> >> NSA also helped Linux with SElinux. As long as OpenBSD remains open
> source,
> >>
> > I don't see the problem.
> >
> >
> >
>
> Depends on whether one trusts the NSA or not.
>
> This is about trusting OpenBSD and its developers (which I personally do),
not the NSA. OpenBSD developers do code reviews and audits of all code that
is to be committed (except perhaps the ports tree), so what's the problem
here? Again, I don't see the problem.

Reply | Threaded
Open this post in threaded view
|

Re: Security via the NSA?

Corey-43
In reply to this post by Doug Milam
Doug Milam wrote:
> Will OpenBSD be the next to be 'helped'?
>
> http://www.npr.org/blogs/thetwo-way/2009/11/nsa_microsoft_windows_7.html
>
>  
Only if they Paypal some $$$ to http://www.openbsd.org/donations.html :)

Reply | Threaded
Open this post in threaded view
|

Re: Security via the NSA?

Steven Shockley
In reply to this post by Henning Brauer
On 11/21/2009 6:01 PM, Henning Brauer wrote:
> <henning@cvs:2>$ finger nsa
> finger: nsa: no such user.
>
> hmmmmmm.

Perhaps they use a less obvious user name, like 'henning'...

Reply | Threaded
Open this post in threaded view
|

Re: Security via the NSA?

Jacob Yocom-Piatt-2
In reply to this post by Doug Milam
Doug Milam wrote:
> Will OpenBSD be the next to be 'helped'?
>
> http://www.npr.org/blogs/thetwo-way/2009/11/nsa_microsoft_windows_7.html
>
>  


can we stop these dumb posts about the NSA and windows 7? it's really
not related to openbsd.

spend less time being preoccupied with the fact that windows is likely
backdoored and be more preoccupied with important stuff like what goes
into the BIOS for various cpus and what your cell phone is or is not
recording.

Reply | Threaded
Open this post in threaded view
|

Re: Security via the NSA?

Marc Espie-2
In reply to this post by Samuel Baldwin-3
On Sat, Nov 21, 2009 at 05:42:48PM -0500, Samuel Baldwin wrote:
> 2009/11/21 AG <[hidden email]>:
> > Depends on whether one trusts the NSA or not.
>
> That's the nice thing about open source software; we don't have to,
> because we can verify their code or mathematics ourselves.

Anything can be backdoored. An agency that wants to do so would probably
be less obvious about it.

I don't know the current state of NSA mathematical research, obviously,
but it used to be THE biggest employer of mathematicians on the planet,
and there was a point when it had a considerable advance in cryptography
to about anybody else.

It's a well-documented story that the NSA suggested changes to the DES
initialisation vector before it became a standard.

Backdoor ? no.

Resistance to differential cryptanalysis ? you bet.

The fun thing about that is that, at that point, differential cryptanalysis
hadn't been invented... and wouldn't be for roughly ten years. For the
general public, that is.

I don't know if they still have this kind of advance. Probably less.


Good luck verifying the mathematics yourself, though.

Reply | Threaded
Open this post in threaded view
|

Re: Security via the NSA?

Peter Hessler
In reply to this post by Samuel Baldwin-3
On 2009 Nov 21 (Sat) at 17:42:48 -0500 (-0500), Samuel Baldwin wrote:
:2009/11/21 AG <[hidden email]>:
:> Depends on whether one trusts the NSA or not.
:
:That's the nice thing about open source software; we don't have to,
:because we can verify their code or mathematics ourselves.
:

http://www.c-program.com/kt/reflections-on-trusting.html

If you're going to be crazy-paranoid, please do it correctly.


--
Never let your sense of morals prevent you from doing what is right.
                -- Salvor Hardin, "Foundation"

Reply | Threaded
Open this post in threaded view
|

OT Re: Security via the NSA?

Diana Eichert
I am now adding to the noise.

c'mon folks, stop this.  there are ways to insert holes into any O/S
that allows loading of firmware blobs.  how many end users have torn
one apart to see what it really does?

IO processors have access to your data at a very intimate level,

think about it

then stop chatting about the evil orgs and windows on this mailing
list.

g.day

Reply | Threaded
Open this post in threaded view
|

Re: OT Re: Security via the NSA?

Marco Peereboom
google we are talking to you!

On Sun, Nov 22, 2009 at 09:02:19AM -0700, Diana Eichert wrote:

> I am now adding to the noise.
>
> c'mon folks, stop this.  there are ways to insert holes into any O/S
> that allows loading of firmware blobs.  how many end users have torn
> one apart to see what it really does?
>
> IO processors have access to your data at a very intimate level,
>
> think about it
>
> then stop chatting about the evil orgs and windows on this mailing
> list.
>
> g.day

Reply | Threaded
Open this post in threaded view
|

Re: Security via the NSA?

Internet Retard
In reply to this post by Jacob Yocom-Piatt-2
> Date: Sat, 21 Nov 2009 23:07:31 -0600
> From: [hidden email]
> To: [hidden email]
> Subject: Re: Security via the NSA?
>
> can [sic] we stop these dumb posts about the NSA and windows [sic] 7?



Only if you stop these dumb posts asking others to stop their dumb posts.



Sincerely,

IRT

_________________________________________________________________
Windows Live: Keep your friends up to date with what you do online.
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/soci
al-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_1:092010

Reply | Threaded
Open this post in threaded view
|

Re: Security via the NSA?

bofh-6
In reply to this post by Henning Brauer
That just means NoSuchUser is well hidden!! :)

On 11/21/09, Henning Brauer <[hidden email]> wrote:

> * AG <[hidden email]> [2009-11-21 23:41]:
>> Depends on whether one trusts the NSA or not.
>
> right, of course the NSA gets commit access and peer review rules
> don't apply. right.
>
> <henning@cvs:2>$ finger nsa
> finger: nsa: no such user.
>
> hmmmmmm.
>
> --
> Henning Brauer, [hidden email], [hidden email]
> BS Web Services, http://bsws.de
> Full-Service ISP - Secure Hosting, Mail and DNS Services
> Dedicated Servers, Rootservers, Application Hosting
>
>

--
Sent from my mobile device

http://www.glumbert.com/media/shift
http://www.youtube.com/watch?v=tGvHNNOLnCk
"This officer's men seem to follow him merely out of idle curiosity."
-- Sandhurst officer cadet evaluation.
"Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks
factory where smoking on the job is permitted."  -- Gene Spafford
learn french:  http://www.youtube.com/watch?v=30v_g83VHK4

Reply | Threaded
Open this post in threaded view
|

Re: Security via the NSA?

patrick keshishian
On Sun, Nov 22, 2009 at 8:51 AM, bofh <[hidden email]> wrote:
> That just means NoSuchUser is well hidden!! :)

rather, henning must be running badfinger.

-pk


> On 11/21/09, Henning Brauer <[hidden email]> wrote:
>> * AG <[hidden email]> [2009-11-21 23:41]:
>>> Depends on whether one trusts the NSA or not.
>>
>> right, of course the NSA gets commit access and peer review rules
>> don't apply. right.
>>
>> <henning@cvs:2>$ finger nsa
>> finger: nsa: no such user.
>>
>> hmmmmmm.
>>
>> --
>> Henning Brauer, [hidden email], [hidden email]
>> BS Web Services, http://bsws.de
>> Full-Service ISP - Secure Hosting, Mail and DNS Services
>> Dedicated Servers, Rootservers, Application Hosting
>>
>>
>
> --
> Sent from my mobile device
>
> http://www.glumbert.com/media/shift
> http://www.youtube.com/watch?v=tGvHNNOLnCk
> "This officer's men seem to follow him merely out of idle curiosity."
> -- Sandhurst officer cadet evaluation.
> "Securing an environment of Windows platforms from abuse - external or
> internal - is akin to trying to install sprinklers in a fireworks
> factory where smoking on the job is permitted."  -- Gene Spafford
> learn french:  http://www.youtube.com/watch?v=30v_g83VHK4

Reply | Threaded
Open this post in threaded view
|

Re: Security via the NSA?

Christian Weisgerber
In reply to this post by Nick Guenther
Nick Guenther <[hidden email]> wrote:

> Like, obviously the NSA's mandate is spying

Actually, that's only half the NSA's mandate.  The other half is
protecting the US government from spying.

--
Christian "naddy" Weisgerber                          [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Security via the NSA?

Doug Milam
In reply to this post by Felipe Alfaro Solana
--"Good luck verifying the mathematics yourself, though."

No small statement, that


On Sat, Nov 21, 2009 at 05:42:48PM -0500, Samuel Baldwin wrote:
> 2009/11/21 AG <[hidden email]>:
> > Depends on whether one trusts the NSA or not.
>
> That's the nice thing about open source software; we don't have to,
> because we can verify their code or mathematics ourselves.

Anything can be backdoored. An agency that wants to do so would probably
be less obvious about it.

I don't know the current state of NSA mathematical research, obviously,
but it used to be THE biggest employer of mathematicians on the planet,
and there was a point when it had a considerable advance in cryptography
to about anybody else.

It's a well-documented story that the NSA suggested changes to the DES
initialisation vector before it became a standard.

Backdoor ? no.

Resistance to differential cryptanalysis ? you bet.

The fun thing about that is that, at that point, differential cryptanalysis
hadn't been invented... and wouldn't be for roughly ten years. For the
general public, that is.

I don't know if they still have this kind of advance. Probably less.


Good luck verifying the mathematics yourself, though.

Reply | Threaded
Open this post in threaded view
|

Re: Security via the NSA?

Bob Beck-4
In reply to this post by Samuel Baldwin-3
Like everyone verifies SSL.. right?


2009/11/21 Samuel Baldwin <[hidden email]>:
> 2009/11/21 AG <[hidden email]>:
>> Depends on whether one trusts the NSA or not.
>
> That's the nice thing about open source software; we don't have to,
> because we can verify their code or mathematics ourselves.
>
> --
> Samuel Baldwin - logik.li

12