How NSA access was built into Windows
Lyvim Xaphir
knightmerc at yahoo.com
Wed Jan 17 14:55:27 UTC 2007
On Tue, 2007-01-16 at 09:15 -0600, Steve Siegfried wrote:
> On January 14'th, Claude Jones kicked off this thread with a question
> about the NSA'a involvement (if any) in SELinux.
>
> I'm a subscriber to Bruce Schneier's CRYPTO-GRAM newsletter (currently
> in its 10'th year of publication), the January 15'th edition of which
> contained:
> CGNL>
> CGNL> ** *** ***** ******* *********** *************
> CGNL>
> CGNL> NSA Helps Microsoft with Windows Vista
> CGNL>
> CGNL>
> CGNL>
> CGNL> The NSA "helped" Microsoft with Windows Vista. They're not disclosing
> CGNL> what they did, of course, but Microsoft insiders have told me that it
> CGNL> was nothing more than assisting with assurance testing.
> CGNL>
> CGNL> But I am suspicious.
> CGNL>
> CGNL> It's called the "equities issue." Basically, the NSA has two roles:
> CGNL> eavesdrop on their stuff, and protect our stuff. When both sides use
> CGNL> the same stuff -- Windows Vista, for example -- the agency has to decide
> CGNL> whether to exploit vulnerabilities to eavesdrop on their stuff or close
> CGNL> the same vulnerabilities to protect our stuff. In its partnership with
> CGNL> Microsoft, it could have decided to go either way: to deliberately
> CGNL> introduce vulnerabilities that it could exploit, or deliberately harden
> CGNL> the OS to protect its own interests.
> CGNL>
> CGNL> A few years ago I was ready to believe the NSA recognized we're all
> CGNL> safer with more secure general-purpose computers and networks, but in
> CGNL> the post-9/11 take-the-gloves-off eavesdrop-on-everybody environment, I
> CGNL> simply don't trust the NSA to do the right thing.
> CGNL>
> CGNL> http://www.washingtonpost.com/wp-dyn/content/article/2007/01/08/AR2007010801352.html
> CGNL> or http://tinyurl.com/ycgv9f
> CGNL>
> CGNL> Another opinion:
> CGNL> http://www.computerworld.com/blogs/node/4330
> CGNL>
> CGNL>
> CGNL> ** *** ***** ******* *********** *************
> CGNL>
>
> I should point out that Mr. Schneier is founder and CTO of BT Counterpane,
> a well respected computer security company, invented the Blowfish and
> Twofish algorithms and is often the "go-to guy" for media on computer
> security issues.
>
> Now here's the fun part: If you read the two articles Schneier points to,
> you'll also find this nugget in the first (from the Washington Post's
> online site):
>
> WP>
> WP> Other software makers have turned to government agencies for security
> WP> advice, including Apple, which makes the Mac OS X operating system. "We
> WP> work with a number of U.S. government agencies on Mac OS X security and
> WP> collaborated with the NSA on the Mac OS X security configuration guide,"
> WP> said Apple spokesman Anuj Nayar in an e-mail.
> WP>
> WP> Novell, which sells a Linux-based operating system, also works with
> WP> government agencies on software security issues, spokesman Bruce Lowry
> WP> said in an e-mail, "but we're not in a position to go into specifics of
> WP> the who, what, when types of questions."
> WP>
> WP> The NSA declined to comment on its security work with other software
> WP> firms, but Sager said Microsoft is the only one "with this kind of
> WP> relationship at this point where there's an acknowledgment publicly."
> WP>
>
> So it would seem that MS is farther in cahoots with the NSA than most, but
> also that Linux (via Novell) isn't exempt from NSA "oversight", either.
>
> Just trying to inject some facts'idly,
>
> -S
>
Thank you Steve, that was an enlightening post. It also fits in well
with the big picture.
LX
More information about the fedora-list
mailing list