|
Posted by Roy Schestowitz on March 5, 2008, 3:25 am
If you were Registered and logged in, you could reply and use other advanced thread options
> On 5 Mar, 00:19, plenty...@yahoo.com wrote:
>> I've learned that there are bits of NSA's SELinux in various
>> places in kernel 2.6. How can I be sure that Big Brother isn't
>> using back doors or bugs to break into my computer?
>> Especially with all the illegal spying done these days...
>> How much safer would it be to just switch back to 2.4 or 2.5?
>
> OK, people are making fun of you. Most seriously, the SELinux bits are
> open source and recompilable, so there are good chances to review it:
> I don't consider it a big risk. No, the big SELinux risk is that lots
> of people turn it *off* and don't bother to use it, because it
> interferes with all sorts of reasonable tools in unpredictable ways
> and the configuration tools for it suck really, really hard. So if
> you're in a hurry to get work done, many folks simply turn it off to
> eliminate the burden of maintaining it.
>
> This is particularly true with webtools, many of which scatter their
> writable directories and utilities all over your file system and
> refuse to acknowledge the UNIX File System Hierarchy, much less any
> security practices. I once went through conniptions trying to get
> Bugzilla working, and rejoiced when it was finally packaged up into a
> clean RPM that worked well with SELinux.
>
> If I see one more utility that says "download the latest CVS from here
> and just run it iin place on your system!" and the CVS blatantly does
> not work, much less have any way of detecting which particular verson
> of the software it contains.....
Nico,
It might be more complicated than this. They are said to have back doors in
*standard protocols* (Linux included) [1,2,3,4] and these are hard to get by
unless you are a security professional (I'm not). What about hardware-based
hacks [5] (in which case "Intel" might be just an abbreviation)? Remember that
they just need to sniff packets and then decrypt successfully in order to gain
remote access.
Those whose role is to deny these things will of course attack the messenger,
but I haven't seen Bruce S getting attacked just yet.
___
[1] Did NSA Put a Secret Backdoor in New Encryption Standard?
,----[ Quote ]
| Which is why you should worry about a new random-number standard that
| includes an algorithm that is slow, badly designed and just might contain a
| backdoor for the National Security Agency.
`----
http://www.wired.com/politics/security/commentary/securitymatters/2007/11/securitymatters_1115
[2] NSA Backdoors in Crypto AG Ciphering Machines
,----[ Quote ]
| We don't know the truth here, but the article lays out the evidence pretty
| well.
|
| See this essay of mine on how the NSA might have been able to read Iranian
| encrypted traffic.
`----
http://www.schneier.com/blog/archives/2008/01/nsa_backdoors_i.html
[3] Dual_EC_DRBG Added to Windows Vista
,----[ Quote ]
| Microsoft has added the random-number generator Dual_EC-DRBG to Windows
| Vista, as part of SP1. Yes, this is the same RNG that could have an NSA
| backdoor.
|
| It's not enabled by default, and my advice is to never enable it. Ever.
`----
http://www.schneier.com/blog/archives/2007/12/dual_ec_drbg_ad.html
[4] Duh! Windows Encryption Hacked Via Random Number Generator
,----[ Quote ]
| GeneralMount Carmel, Haifa – A group of researchers headed by Dr. Benny
| Pinkas from the Department of Computer Science at the University of Haifa
| succeeded in finding a security vulnerability in Microsoft's "Windows 2000"
| operating system. The significance of the loophole: emails, passwords, credit
| card numbers, if they were typed into the computer, and actually all
| correspondence that emanated from a computer using "Windows 2000" is
| susceptible to tracking. "This is not a theoretical discovery. Anyone who
| exploits this security loophole can definitely access this information on
| other computers," remarked Dr. Pinkas.
|
| Editors Note: I believe this "loophole" is part of the Patriot Act, it is
| designed for foreign governments. Seriously, if you care about security,
| privacy, data, trojans, spyware, etc., one does not run Windows, you run
| Linux.
`----
http://www.linuxelectrons.com/news/general/14365/duh-windows-encryption-hacked-via-random-number-generator
[5] Chip Design Flaw Could Subvert Encryption
,----[ Quote ]
| Shamir said that if an intelligence organization discovered such a flaw,
| security software on a computer with a compromised chip could be "trivially
| broken with a single chosen message." The attacker would send a "poisoned"
| encrypted message to a protected computer, he wrote. It would then be
| possible to compute the value of the secret key used by the targeted system.
|
| Trouble with Design Secrets
|
| "Millions of PCs can be attacked simultaneously, without having to manipulate
| the operating environment of each one of them individually," Shamir wrote.
`----
http://www.crm-daily.com/story.xhtml?story_id=11200BH5USIO
--
~~ Best of wishes
Roy S. Schestowitz | Watch your step, that soapbox is very slippery
http://Schestowitz.com | GNU/Linux | PGP-Key: 0x74572E8E
Mem: 515500k total, 444876k used, 70624k free, 5120k buffers
http://iuron.com - next generation of search paradigms
| 
XML site map