NSA and backdoors in Linux

Here wizards, magicians, sorcerers and everybody can rest a bit and talk about anything they like.

Just remember to respect the rules.

Re: NSA and backdoors in Linux

Postby jiml8 » Mar 1st, '15, 23:09

I agree with you about the US newspapers.

I routinely use duckduckgo, and I have not noticed a US-centric bias, but since I am in the US possibly I would not notice such a bias easily.

I browse through TOR routinely, and I have noticed that Yahoo, in particular, seems to respond to that; I get local news for my exit portal when I go to Yahoo. Whether this is good or bad just depends on whether I can either read or translate the local language.
jiml8
 
Posts: 1028
Joined: Jul 7th, '13, 18:09

Re: NSA and backdoors in Linux

Postby ChuangTzu » May 8th, '15, 17:41

Even though this is very possible. It is unlikely given a few factors: 1) the nature of open source projects makes it harder, not impossible, to hide so called back doors. Much easier in proprietary software/devices etc... 2) Most government computers in the US are powered by Linux as well as their servers, in particular RedHat/CentOS and if you can believe Ubuntu, openSUSE and SUSE is also beginning to move into the US Gov. and business market. I believe the USPS uses SUSE. This makes backdoors unlikely, since most backdoors swing both ways for people who have the knowledge. It would be much easier for NSA to just put the "backdoor" into the harddrive on a manufactures level, or into the WIFI etc..., would also be harder to detect. But keep in mind that they are not likely to screw up the very systems they rely on. Now Microsoft, Apple, Google etc... that is another topic, because there is little incentive for them not to exploit it. Especially since most people use one or more of those systems.

Now, even after saying this, I do think a healthy skeptism towards SELinux is a good thing and the code of anything contributed by the gov. or even the big companies for that matter should be thouroghly and independently reviewed.
User avatar
ChuangTzu
 
Posts: 38
Joined: May 6th, '15, 04:24

Re: NSA and backdoors in Linux

Postby doktor5000 » May 8th, '15, 18:00

ChuangTzu wrote:It is unlikely given a few factors: 1) the nature of open source projects makes it harder, not impossible, to hide so called back doors.

Wrong argument. Think about heartbleed and openssl, or the recent 23 years old X11 bug
It makes it easier for others to take a look and verify/modify code in question, but it does not really make it harder per se to hide backdoors or similar stuff.
Remember, there are bugs in open source projects that can stay hidden for 10 or 20 years, so this kinda defeats your argument.
Cauldron is not for the faint of heart!
Caution: Hot, bubbling magic inside. May explode or cook your kittens!
----
Disclaimer: Beware of allergic reactions in answer to unconstructive complaint-type posts
User avatar
doktor5000
 
Posts: 15017
Joined: Jun 4th, '11, 10:10
Location: Leipzig, Germany

Re: NSA and backdoors in Linux

Postby ChuangTzu » May 8th, '15, 18:05

Very true...but a bug, persay, is different than a strategically placed backdoor.

Agreed though, however, at least with opensource the code can be reviewed, with proprietary who knows what is in it. I would rather have a system with some bugs that can be patched etc... than a system where its entire design is a bug.

Thousands of eyes on a problem is generally better than just a few....But, it is not fool proof, and nothing ever will be...goal would be general safety not living in a vault etc... :)
User avatar
ChuangTzu
 
Posts: 38
Joined: May 6th, '15, 04:24

Previous

Return to The Wizards Lair

Who is online

Users browsing this forum: No registered users and 1 guest