Re: NSA enhancing Linux security?
From: Paul (well_at_not.really.net)
Date: 02/28/04
- Next message: Jem Berkes: "Re: NSA enhancing Linux security?"
- Previous message: NeoSadist: "Re: Prevent stealing IP numbers"
- In reply to: Skorpion (CET): "Re: NSA enhancing Linux security?"
- Next in thread: Bill Laut: "Re: NSA enhancing Linux security?"
- Reply: Bill Laut: "Re: NSA enhancing Linux security?"
- Reply: Bill Unruh: "Re: NSA enhancing Linux security?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 28 Feb 2004 06:02:02 GMT
"Skorpion (CET)" <troutman(removethis)@mesh.net> wrote in message
news:Xns949CEE89D2FFCSkorpionCET@216.168.3.44...
> On 27 Feb 2004, in news:7RU%b.3722$6K.1880@nwrddc02.gnilink.net, Bill
> Laut <wlgen@verizon.net> scrawled:
>
> > Carlos Moreno wrote:
> >>
> >> [...]
> >>
> >>
> >> Yes, I know I may sound overparanoid... But, let's face
> >> it: the NSA? There is no such thing as being too paranoid
> >> when we're talking about the NSA.
> >>
> >> Any comments?
> >>
> >> Carlos
> >> --
> >
> > Since you asked for comments, I will give you some. As I'm typing this
> > in, the NSA--either directly or under contract from other intel agencies
> > like the FBI--is currently:
> >
> > (1) recording every telephone call that originates or terminates
> > within
> > the USA, including all local phone calls.
> >
> > (2) logging ALL email and web-browsing on all USA backbones.
> >
> > (3) transcribing all credit-card, banking, and Fedwire transactions.
> >
> > (4) Ditto for faxes, telegraphs, and satellite communications.
> >
> > All of this--and LOTS more--are currently being warehoused in an obscure
> > NSA basement where the true TIA program is digesting it. (The
> > "official" TIA program that Congress shot down was only an expendable
> > decoy sent out to let the privacy advocates score a kill.)
> >
> > Oh, and, by the way, as for all of the "civilian-grade" ciphers like
> > AES, 3DES, Blowfish, etc., they are breaking those in realtime (or near
> > realtime, depending on what the cleartext data was), so don't delude
> > yourself into thinking that buys you any -real- security. Dittos for
> > so-called "quantum encryption" that tries to use the Heisenberg
> > Uncertainty Principal to detect if someone has tapped the line. The NSA
> > discovered that back in the mid-70s and has since developed methods to
> > circumvent it.
> >
> > And if you think the FBI snooping at libraries and booksellers is bad
> > enough, they've also been demanding the customer databases of
> > grocery-store chains to see what you've been buying with your "Valued
> > Customer" discount card (Sam's Club or CostCo, anyone?), as well as
> > demanding certain video rental agencies install their software so they
> > can monitor what DVDs you've been renting.
> >
> > God only knows what they've installed into Windows...
> >
> > As regards Linux, in the words of one knowledgeable source, "it isn't
> > all that secure." Remember, this is coming from an agency that has an
> > unlimited budget to hire the very brightest techies--the kind of people
> > you put in a darkened room, chained to their PCs, and pass food to
> > through a slot in the door and through which they pass PoCs and working
> > attacks--to relentlessly analyze and attack every possible facet of
> > every possible feature and in every possible configuration. From this
> > formidable pool of talent they log every possible weakness in every
> > possible version of every possible software package they find, from the
> > device drivers on up, so if they want to break into your system they
> > simply go to the logs, match what they know about your system and then
> > call up the appropriate attack modules to step their way,
> > "labyrinth"-style, into your system.
> >
> > By comparison, when was the last time YOU analyzed the Linux kernel
> > source code with such finesse? Do you use a cable modem or DSL? If so,
> > when was the last time YOU exhaustively analyzed your NIC's driver to
> > see if a specially-malformed Ethernet packet could cause a cascading
> > ripple through your system?
> >
> > And that's just a humble NIC driver. Imagine what treasures they found
> > in xfree86....
> >
> > We are talking way, WAY beyond the FBI's toothless "Carnivore."
> >
> > And you're worried about SELinux? You have a number of NSA analysts
> > laughing at your naivite right now.
> >
> > As for SELinux, it is merely a research project intended to install
> > Mandatory Access Controls (MACs) into the Linux kernel. For what it's
> > worth, as an erstwhile SELinux contributor (I was working on securing
> > X-Windows at one time) I personally reviewed the code, line-by-line, and
> > there's nothing in it except for the MAC stuff. In fact, SELinux is so
> > damned good it ought to be held up as an example of how to properly
> > implement system security. Gone are the days that the computer is a
> > "smorgasbord of resources" from which a program can freely pick and
> > choose to access (within the limits of the Discretionary Access
> > Controls). With SELinux the Security Administrator can establish
> > so-called "domains" around every program and explicitly state what
> > aspects of which resources that program is allowed to access--and to
> > log/block anything that's not authorized. Furthermore, the
> > architectural design of SELinux is such that it can be the engine of an
> > amazing Intrusion Detection System (and which is another project I'm
> > working on).
> >
> > So, I wouldn't sweat SELinux if I were you. Especially when there's so
> > much more about Linux to be frightened of.
> >
> > Cheers.
> >
>
> Whew...
>
> That is one serious "conspiracy theory" rant...
>
> Not to mention you are attributing the NSA with some really serious
hardware
> and data storage capabilities...
>
> That's some bitchin' hard disk they have there.
>
> --
> Skorpion (CET)
>
> -------------------------------------------------------------
> People who wear Halloween costumes are sometimes mistaken for
> monsters.
> -- Bruce Sterling
> -------------------------------------------------------------
I look at it this way. Whatever the NSA has to do to keep our country free
and safe, so be it. I have nothing to worry about. I'm not one of their
targets. There's nothing going on here that I wouldn't want anybody to see.
The NSA is not looking to peek at my computer system, they have more
important things to do. I think they should have every capability they need
to get the job done. Heck, they might even prevent me from losing any more
loved ones as in the WTC attack.
If you have nothing to hide you have nothing to worry about.
As for NSA recording EVERY phone call in the USA...get real, they only need
to capture what's important. I doubt they would waste resources doing what
you suggest. I sleep good at night knowing the NSA, CIA FBI are doing all
they can....
- Next message: Jem Berkes: "Re: NSA enhancing Linux security?"
- Previous message: NeoSadist: "Re: Prevent stealing IP numbers"
- In reply to: Skorpion (CET): "Re: NSA enhancing Linux security?"
- Next in thread: Bill Laut: "Re: NSA enhancing Linux security?"
- Reply: Bill Laut: "Re: NSA enhancing Linux security?"
- Reply: Bill Unruh: "Re: NSA enhancing Linux security?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
