NSA motives

alex at milivojevic.org alex at milivojevic.org
Tue Jul 5 13:58:40 UTC 2005

Quoting Peter Magnusson <iocc at fedora-selinux.lists.flashdance.cx>:

> What if some with evil reasons uses SELinux? Or have NSA realized 
> that the old tactic doesnt work and its better to secure so many 
> systems as possible instead. To help millions to have a more secure 
> system is worth more than to possible prevent a few bad guys to also 
> have secure systems. Probably leading that it will be more 
> complicated or impossible for NSA to break in?

Actually, the NSA came to correct conclusion that if they give out the 
tool (be
it SELinux or encryption algorithm), most people don't have technical 
(and will never bother to obtain it) to use it in a secure way.  So basically,
their systems (or communications) are not that much more secure (or harder to
break) than they were before they were given the tool.  They will have false
sense of security, so they will store more sensitive information on their
systems (or transfer it through communication channels).

Bruce Schneier wrote something similar in one of his books (I believe it was
"Secrets and Lies: Digital Security in a Networked World").  From what I
remember (somebody with a copy of the book can correct me if I remembered
wrong), he wrote that his biggest mistake was publishing the book "Applied
Crypthography".  While the algorithms in the book and the math behind 
them were
perfect, the way people were implementing them made systems actually less

To summarize, if somebody has false sense of security (he has perfect 
tools, but
used in a wrong way), it will be actually easier for you to spy on him. 
  This is
especially true with complex subsystems such as SELinux (what do you 
think, how
many system administrators out there *really* understand it?).  I'm not 
sure if
this is the actual (real) backdoor Vladis was refering to in his reply ;-)

This message was sent using IMP, the Internet Messaging Program.

More information about the fedora-selinux-list mailing list