[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How NSA access was built into Windows



On Mon, 2007-01-15 at 00:23 -0500, Claude Jones wrote:
> On Mon January 15 2007 12:06 am, Peter Gordon wrote:
> > The thing about Windows is that it is entirely proprietary: Only
> > Microsoft and select others can look at the source code (and perhaps not
> > even the whole of it).
> >
> > SELinux, on the other hand, is entirely Free. It, like other
> > kernel/security projects, is scrutinized by a great many (several
> > hundred? thousand(s)?) developers from around the globe; not just one
> > owner. Had anything similar found its way into SELinux, it would be
> > quickly removed and the committing developer removed from the project
> > most likely. :)
> 
> I would think that you're right, but that's just surmising on my part. I did 
> check just now for the supposed offending "ADVAPI.DLL" in the c:
> \windows\system directory on my XP vm that's running on this machine. It's 
> not there - there's an advapi32.dll in the c:\windows\system32 folder, but, 
> that certainly raises a flag in my mind about the article. 
> 
> I really cited that article more to raise the issue of Selinux and the NSA. 
> I've never seen any discussion on this list about that,
As you meanwhile noticed this incident took place in 1999.

May-be you're too young, may-be it had escaped you, but it had shattered
earth then ...

Googling still provides many links originating from this time reflecting
this. For example:
http://www.cnn.com/TECH/computing/9909/03/windows.nsa.02/

>  and I've wondered 
> why. Being an American, and living in my country under the current 
> administration, the matter has certainly raised questions in my own mind. I'm 
> not personally concerned about who sees what on my machines, but the broader 
> issue involved is still relevant concerning questions of over-reaching govt. 
> and erosion of civil liberties, and protections against unsupervised 
> warrantless surveillance
Well, then you probably will have difficulties to imagine the impact
this incident had on MS outside of the US. 

It's not an exaggeration to state it had shattered trust into Microsoft
products and had been one reason amongst others which had caused major
institutions (e.g. governments) to switch away from Microsoft products.

> I mostly find it curious that the matter just hasn't even come up...
I recall it (and the fact the NSA is involved into SELinux + RH
promoting it actively) having come up several times before on this list.

One thing I can tell for sure: There is still a noticible group of Linux
users in Europe, for whom this incident and the NSA's involvement into
SELinux is an argument for "not choosing" Fedora.

Ralf



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]