Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Privacy Security United States

Richard Stallman Speaks About Back Doors After NSA Documents Leak 332

An anonymous reader writes "Companies such as Microsoft, Facebook, Apple, and Google are scrambling to restore trust amid fresh litigation over the PRISM surveillance program. Richard Stallman, the founder of the Free Software Foundation and a newly-inducted member of the 2013 Internet Hall of Fame, speaks about not only abandoning the cloud, which he warned about 5 years ago, but also escaping software with back doors. 'I don't think the US government should use operating systems made in China,' he says in this new interview, 'for the same reason that most governments shouldn't use operating systems made in the US and in fact we just got proof since Microsoft is now known to be telling the NSA about bugs in Windows before it fixes them.'"
This discussion has been archived. No new comments can be posted.

Richard Stallman Speaks About Back Doors After NSA Documents Leak

Comments Filter:
  • by vikingpower ( 768921 ) on Friday June 28, 2013 @03:13AM (#44130135) Homepage Journal
    Stallman is right, in sofar that any sensible engineer should never have had his works, artefacts, algorithms and data "in" the cloud. Period.
    • by ls671 ( 1122017 ) on Friday June 28, 2013 @04:40AM (#44130485) Homepage

      Duh ;-)

    • by Tom ( 822 ) on Friday June 28, 2013 @04:41AM (#44130491) Homepage Journal

      Disclaimer: I am an IT Security professional.

      It all depends on your thread scenario. Most of the smaller side-projects I work on are of no interest to any entity able to intercept the data transfers, so I don't mind storing stuff in, say, Evernote or Dropbox where it is more convenient to do so.

      The stuff that the survival of my small company depends on, running my own servers is worth the effort. For my holiday pictures, iCloud is perfectly acceptable.

      • by RabidReindeer ( 2625839 ) on Friday June 28, 2013 @07:12AM (#44131081)

        Disclaimer: I am an IT Security professional.

        It all depends on your thread scenario. Most of the smaller side-projects I work on are of no interest to any entity able to intercept the data transfers, so I don't mind storing stuff in, say, Evernote or Dropbox where it is more convenient to do so.

        The stuff that the survival of my small company depends on, running my own servers is worth the effort. For my holiday pictures, iCloud is perfectly acceptable.

        I might go along with that except for the fact that the US Government is heavily involved with metadata. Metadata is still data and there are things that can be done with that data or they wouldn't be be collecting it. You may not like some of the things they do with that data.

        And, for your sake, I hope that your holidays were all spent in good solid loyal patriotic places in the USA so that there's nothing treasonous that they can infer from the pictures once they use the metadata to get a FISA warrant to look at the actual data.

        In an era when almost everyone either deals with offshore companies or has immigrant friends or neighbours, the assurance that "only foreign communications are examined" doesn't give much comfort.

        • by SirGarlon ( 845873 ) on Friday June 28, 2013 @07:41AM (#44131203)

          In an era when almost everyone either deals with offshore companies or has immigrant friends or neighbours, the assurance that "only foreign communications are examined" doesn't give much comfort.

          In an era where the NSA lied about the existence of the program, lied about the level of oversight, lied about the effectiveness of the program, and lied about what data was collected, ANY assurance from the executive branch doesn't give much comfort.

        • by iamwahoo2 ( 594922 ) on Friday June 28, 2013 @06:06PM (#44138459)

          I would like to point out that the assertion that the NSA collects metadata is a strawman. A fictitious scenario that was constructed by relabeling plain data as "metadata", because it is perceived to be not as awful as pilfering through personally identifiable information. In fact, phone numbers, Identifying numbers, account numbers, names, times, and dates are all just data. An example of metadata would be something describing the format of a displayed phone number, but the number itself is just pure data. I only bring it up it up because I see even people here on slashdot, who are normally smarter on these issues than the mainstream, are starting to take these falsehoods at face value.

      • by RobertNotBob ( 597987 ) on Friday June 28, 2013 @07:24AM (#44131127)
        Tom,

        With all due deference to a slashdotter with a 3 digit UID, I'd like to point out the danger of your last statement.

        Primarily, the risk is that your smaller, side-projects may indeed pan out to be your primary revenue stream in the business environment of the future. But the consolidation affect is at least as dangerous. The conclusions that can be drawn by a talented analysts from the sum total of your small, seemingly insignificant data leaks can be staggeringly powerful. And if you think that your company is not worth the time of a talented analyst, then you may not have been paying attention to the cultural make-up of our current competitors in the world today. -- They take the time to analyze everything they can.

        Now, I don't want to go off on a rant... but I did want to throw that out.

        ...

        That said... Sure. Holiday pics fit nicely into a cloud.

        • Sure. Holiday pics fit nicely into a cloud.

          Actually even pictures can be a security risk depending on who sees them. If they are recent holiday pics in the snow, while your house is in a location with no snow, it may tell people you are not home and they may decide to rob you.

          If there are no tell tale signs of your location in the picture, are you sure you cleaned the metadata? Even a mythbuster can be caught leaving gps information [nytimes.com] in their pictures.

          Even discounting the "Please Rob Me" mentality for a minute... What if you play hooky from work? Is

      • by Arkham ( 10779 )

        Disclaimer: I am an IT Security professional.

        It all depends on your thread scenario. Most of the smaller side-projects I work on are of no interest to any entity able to intercept the data transfers, so I don't mind storing stuff in, say, Evernote or Dropbox where it is more convenient to do so.

        The stuff that the survival of my small company depends on, running my own servers is worth the effort. For my holiday pictures, iCloud is perfectly acceptable.

        I don't have any data under my personal control that I care if the government intercepts. My email is boring as hell. The most interesting thing in my email is when Blizzard locks my Battle.net account because I tried to log in from work and they think my IP changed. My Dropbox is full of junk I want to transfer between computers and nightly binaries that I want to share with our Ukrainian QA team. Really exciting stuff. Hack away, people, hack away. I care not. The pieces of data that I wouldn't wan

        • by SuricouRaven ( 1897204 ) on Friday June 28, 2013 @08:12AM (#44131411)

          If you include embedded devices, quite a lot of it uses OS from China. Anything from Huawei for a start - that alone has some people in Congress and the military concerned.

        • I don't have any data under my personal control that I care if the government intercepts.

          Really? Are you certain of that? Here's the thing. Information you have can look circumstantially damning for reasons beyond your control. Sometimes people's identity is mistaken or they are in the wrong place at the wrong time. Messages that are entirely innocent can at times be used against you in a court of law. Maybe you have communicated with someone you don't know

          Is it likely that the government will come after you? Of course not. Like you say your information probably is completely uninterest

      • by IDtheTarget ( 1055608 ) on Friday June 28, 2013 @07:53AM (#44131293)

        Disclaimer: I am an IT Security professional.

        It all depends on your thread scenario. Most of the smaller side-projects I work on are of no interest to any entity able to intercept the data transfers, so I don't mind storing stuff in, say, Evernote or Dropbox where it is more convenient to do so.

        The stuff that the survival of my small company depends on, running my own servers is worth the effort. For my holiday pictures, iCloud is perfectly acceptable.

        I am also a security professional, and I mirrored your attitude until just a few weeks ago. Silly me, I figured that nobody cared to which political party I belonged, nor what religious group, nor that I am military and actually believe in the constitution. Unfortunately, it turns out that in our government, you may indeed be targeted based upon any of the above.

        And now, there are indications (I can't find the article), that you will be targeted if you attempt to maintain your privacy from the government on these things by using encryption, etc. (And I'll probably go up on several watch-lists due to this post. *sigh*.)

        To be honest, I'm not really sure what to do. You're damned if you do, and damned if you don't.

      • by mlts ( 1038732 ) *

        Even if one has an insecure, but reliable service, that can come in handy, factoring in a threat model:

        1: Before sending files to a cloud provider with an archival service, I use an archiving program, split the files up into segments (100-200 megs), then encrypt the segments with GPG and a decent passphrase. Not 100%, but it would force someone who manages to get access to have to try to compromise my endpoint or me (not hard, but it is a lot tougher than just passively guzzling out goodies.

        2: TrueCrypt

    • Are you kidding? The cloud is just a rebranding of networked systems. If you fear the cloud you might as well disconnect your networks.
      • by vikingpower ( 768921 ) on Friday June 28, 2013 @04:47AM (#44130519) Homepage Journal
        I do not "fear" the cloud. I do hate, however, the hype, with stratospheric hate.
        • by ls671 ( 1122017 )

          Well, I do not "hate" the hype, I just find it funny. Along the same way as the GP has said, and one poster above disclaiming he was an " IT Security professional":

          If you are planning doomsday scenarios, then don't have you computers connected to anything. I have been running my systems for 20 years without any intrusion that I am aware of. This doesn't mean I am not owned. So yes, you could put some stuff on the cloud. From an "IT Security professional" point of view: you categorize the levels of security

      • by martin-boundary ( 547041 ) on Friday June 28, 2013 @05:03AM (#44130593)
        No it's not. A classical networked system belongs to a single company, and there's a clear separation between the inside (which is mostly trusted) and the outside (which is not trusted). A cloud system blurs the distinction, so you never know if the stuff you're accessing is actually being used by untrusted people who are going to steal your secrets, blackmail you, etc.
      • by Lumpy ( 12016 )

        Anyone that has a secure network does just that.

        It's not fear, it's trust. and no, I do not TRUST the cloud with things that if they are lost I lose money. Only a complete fool would trust another company with their critical data and a TOS that says ,"we are not liable"

      • by RabidReindeer ( 2625839 ) on Friday June 28, 2013 @07:17AM (#44131099)

        Are you kidding? The cloud is just a rebranding of networked systems. If you fear the cloud you might as well disconnect your networks.

        No it isn't. Cloud servers - excepting the in-house clouds - are owned and operated by third parties. Who can be silently descended on by grim suit-wearing individuals with badges and pried open without your permission. Or your knowledge, since many of these programs make it a criminal offense to even mention the prying.

        You don't even have to be the primary target, since you are sharing the resources with who knows what other questionable characters. More than one innocent business has been bitten because it turned out the next rack over leased space to Arab charities or hosted some sort of downloading service.

    • by Anonymous Coward on Friday June 28, 2013 @04:43AM (#44130501)

      I remember Microsoft's denials about intercepting Skype, yet the PRISM leak shows they can fully intercept everything:

      http://gizmodo.com/what-is-prism-511875267

      There are two worlds here, companies that cooperated with NSA illegal spying and those that didn't. They chose their sides, they chose the side against the constitution. That's not my side, I need to secure my data against NSA and its corporate allies.

      Skype leak shows they can intercept voice communications, the files you sent, the text messages, the video of your conversations, the lot, and it's a live intercept, so its a live connection too. I bet they can even turn on the camera and mic remotely on Skype.

      Then we find out Stuxnet is confirmed as NSA. So no doubt where all those zero day exploits came from, Microsoft themselves:

      http://www.guardian.co.uk/world/2013/jun/28/general-cartwright-investigated-stuxnet-leak

      So all the scary hackers out there making Stuxnet? They're the NSA itself.

      I don't trust this Windows box in front of me currently, my server is being moved out of the USA, this Windows box is next.

      • by Anonymous Coward

        Remember this?
        http://yro.slashdot.org/story/13/05/14/1516247/microsoft-reads-your-skype-chat-messages?utm_source=commentcnt&utm_medium=feed#comments

        A german user noticed that if he passed a link in a skype message, the link was accessed by Skype servers?

        Microsoft claimed it was to protect from malware. But now we know they're in the NSA's pocket, and the NSA is data mining all communications and storing them in the big database, the obvious conclusion to come to, is that this is part of NSA's data minin

      • by Lumpy ( 12016 )

        Want secure skype?

        SIP software, point to point VPN. Good luck NSA decoding that encrypted tunnel.

        • by bill_mcgonigle ( 4333 ) * on Friday June 28, 2013 @09:23AM (#44132055) Homepage Journal

          SIP software, point to point VPN.

          Heh, I set my parents up with Jitsi a few months ago and configured their gateway to openvpn to mine - at the time purely for reliable addressing and networking ports, but it turns out to be pretty secure as well.

          Now then, the traffic consists almost entirely of my kids telling their grandmother about a new bike or that girl at school who is sooooooo mean, but that's none of the NSA's damn business either. I don't want some creep analyst in Hawaii watching my daughter any more than I do some creep on a park bench.

          Oh, the point - Jitsi is perfectly usable for an AOL grandmother. We actually started on this path when the Microsoft version of Skype became unstable on their Mac (the pre-MS version was pretty decent).

    • by Yvanhoe ( 564877 )
      Linus is thinking otherwise : "Only wimps use tape backup: _real_ men just upload their important stuff on ftp, and let the rest of the world mirror it"

      Actually, the cloud is perfect for any open development.
  • by Anonymous Coward on Friday June 28, 2013 @03:14AM (#44130141)

    His record for being correct is rather unusual.

    • by Anonymous Coward on Friday June 28, 2013 @05:00AM (#44130577)

      No, his record for being correct is not unusual.

      It's pathetic.

      And by that I mean that it is pathetic that you need to be a pessimist and paranoiac to even get halfway to predicting government and industry trends.

      We need to work towards a world where Stallman is wrong more often.

      • by ls671 ( 1122017 )

        What you are suggesting is a global waking up. Be careful, posting as anon ain't that safe ;-)

      • by dpilot ( 134227 ) on Friday June 28, 2013 @08:04AM (#44131369) Homepage Journal

        The thing being missed in the current privacy fuss is that right now everyone is only worrying about the US government. That leaves out two other classes of players...

        1 - I know that the US government is far from perfect, but compared to some other governments out there they're downright benign. That's not to excuse their behavior in any way, that's just to point out that there are bigger threats to be aware of.

        2 - Don't forget corporations, particularly multinational corporations. At some theoretical level, the US government has the best interests of US citizens as its motivation. (I'll agree that it may be "theoretical" and one may have to say "SOME US citizens', but there is still that element there.) Corporations have their own profit and revenue as their primary motivation, the good of their customers is secondary, important as a continuing source of profit and revenue. As for non-customers, their importance is as a future source of profit and revenue. Nothing there about peoples' best interests if they don't align with the companies'.

        While the boogeyman of the US government is certainly present, one should not forget that they are probably not the worst boogeyman, there are probably much worse out there. In other words, it's worse than you think.

        On backdoors, don't forget this one:
          http://scienceblogs.com/goodmath/2007/04/15/strange-loops-dennis-ritchie-a/ [scienceblogs.com]

        • by 7-Vodka ( 195504 ) on Friday June 28, 2013 @09:49AM (#44132307) Journal

          Your post displays a naiveté so stunning that I would think you have never been around people.

          For you to even say aloud that your stasi government is less of a threat than xyz really shows how ignorant you are of the fact that information is power and a monitored human is not a Free human.
          Not to mention how you have no fucking concept that your economic Freedom is worse than a peasant in the 1300's.

          A percentage of the harvest went to the lord of the manor (the land's lord, or landlord) the amount varied, but it was between 10% - 25% - an additional 10% went to the local church as a tithe. Compare that 20-35% tax rate to the combined 50-80% tax rate many in the developed world pay (the ones that don't suck on the government's tits).

          How you doin' Eloi? is the food good? are you happy and eating well? Hey what do you care if we take some people away every now and again, it's not you!
          Just keep grazing on your grass like a fat happy cow all the way to the slaughter, telling other people around you how it's not so bad after all, it could be worse.

    • by Anonymous Coward on Friday June 28, 2013 @05:29AM (#44130689)

      What I respect about Stallman is his persistence. He just keeps hammering home the same message, over and over again, decade after decade. As opposed to politicians or talking-heads, he doesn't budge nor compromise. And then, ten or twenty years later, people realise he was right all along. And what does he do? He keeps hammering on the same message still, because people still didn't act, even when they know exactly what they ought to do. I think that is what makes him unusual.

      • by Anonymous Coward on Friday June 28, 2013 @07:09AM (#44131057)

        He keeps hammering on the same message still, because people still didn't act, even when they know exactly what they ought to do.

        Next time you're out and about, go ask some random person who is Richard Stallman.

        Now ask yourself, if they never heard of him, what makes you think they're getting the message?

        WE have heard of him and his message, but the general public hasn't. AND his warnings and claims come across as paranoia. I mean, before the NSA leaks, no one would ever believe our government would do such a thing - even here on Slashdot. How many times have folks said that the government is watching us only to have someone "point out" that it's "impossible" - here on Slashdot - supposedly the home of the most knowledgeable people on the Internet.

        How can we expect John Q. Public to act when WE don't even believe half of it?

        I'm telling you next we will find out that the NSA/FBI has the ability to create instantaneous dossiers on people by just hitting the: Medical Information Bureau, Credit Bureaus, Google (I don't a shit wtf they say in public!), ChoicePoint, state DMVs, IRS, state tax departments, and I bet quite a bit of internal databases, too. All through those backdoors.

        FUCK! Anyone of us could code that!

    • Re: (Score:3, Funny)

      by operagost ( 62405 )
      It must be the nutrition he gets from eating his foot skin.
  • No surprises (Score:5, Interesting)

    by cold fjord ( 826450 ) on Friday June 28, 2013 @03:18AM (#44130167)

    Stallman's position isn't a surprise. I expect him to advocate open source software over any proprietary software. He has for thirty plus years. Why would he change now? There is one thing he overlooks when he says:

    'I don't think the US government should use operating systems made in China,' ... 'for the same reason that most governments shouldn't use operating systems made in the US

    Stallman overlooks the fact that various foreign governments already have access to the Windows source.

    Microsoft to Share Source Code With Governments [washingtonpost.com]

    Microsoft Corp. announced this week it is making the programming code for its Office 2003 software suite available to government agencies around the globe, a move partly aimed at allowing them to inspect the product for flaws and security problems.

    Though Microsoft usually guards such software coding tightly, the step is an extension of an initiative the company began in January 2003 giving about 60 governments access to the inner workings of the Windows operating system. This is the first time the software giant has shared the source code for Office, which includes the Word text processing, Excel spreadsheet, and PowerPoint presentation programs.

    Microsoft Grants Governments Access to Windows [techhive.com]

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      If current state-of-the-art software engineering methodologies are not sufficient for producing bug free code, what makes you think a government can spot "bugs" that were planted there as backdoors?

    • by Anonymous Coward on Friday June 28, 2013 @03:33AM (#44130217)

      You're not allowed to build your own version of the software from the source. This is why one of the FSF rights is the ability to compile the program for use.

      Seems in pointing out what Stallman "forgot", you forgot something yourself.

      • by cold fjord ( 826450 ) on Friday June 28, 2013 @04:49AM (#44130531)

        I'm afraid you've got it wrong. At least Australia can build from source. I doubt they got a special deal.

        Australia to see Windows source code [cnet.com]

        The ability to build from source would seem to be a key aspect of verifying the code. I'm not sure why you think they wouldn't be able to do it. What they probably can't do is distribute the binaries for free - they still have to pay Microsoft for the distribution of software.

        Also, it seems likely that by providing their code to foreign governments, Microsoft is picking up what to them is free services of what are no doubt some of the best software engineers in government looking over their code, and probably sending in the occasional bug report. What's that saying? Many eyes makes for shallow bugs? Or maybe not.

        • I'm afraid you've got it wrong. At least Australia can build from source. I doubt they got a special deal.

          Australia to see Windows source code

          The ability to build from source would seem to be a key aspect of verifying the code. I'm not sure why you think they wouldn't be able to do it. What they probably can't do is distribute the binaries for free - they still have to pay Microsoft for the distribution of software.

          do they have access to the source code for the entire toolchain?

        • by AHuxley ( 892839 )
          Cold you have to understand Australia.
          They love MS, MS giving them code to look over at after generational buy in is just a trinket.
          What was Australia going to do if it finds a project related hole? File it with MS and hope its fixed in weeks? Months? Many months?
          Australia was just feeling bad over its lack of sufficient software source code and IP to allow its airforce to understand some aircraft systems.
          Source code became a political and defence issue with huge political efforts to try and get the US
    • Re:No surprises (Score:5, Insightful)

      by Anonymous Coward on Friday June 28, 2013 @03:41AM (#44130255)

      Your point about source code is interesting enough on the surface, but how many organizations compile Windows from source code?

      I'm not convinced that what's in the [quasi-public] source code matters a lot when pretty much everyone runs the distributed binaries. Those are the things that need to be analyzed from a security perspective, along with the rest of the functional system that ends up in place. C'mon, you don't test food for poison by obtaining the recipe.

      • It looks like at least Australia can build the source. I doubt they got a special deal. Also, the governments receiving the source code didn't get the "recipe," they got the ingredients - that's what source code is.

        Australia to see Windows source code [cnet.com]

        The agreement will enable Australian government officials to view the source code for Windows 2000, XP, Server 2003 and CE. They can also use the code to build those versions of Windows, see Microsoft security documentation the company doesn't otherwise share, speak with Microsoft developers and perform their own tests on the code.

    • Yes, but (Score:5, Informative)

      by Anonymous Coward on Friday June 28, 2013 @03:43AM (#44130261)

      While it is true that Microsoft is agreeing in certain cases to give access to the source code to Windows, it appears actually getting your hands on the code is sometimes harder than expected.

      Point in case, Éric Filiol, an ex French intelligence officer from DGSE (the Directorate-General for External Security) recently explained that
      “The French State can't obtain certain pieces of technical information on the WIndows kernel. A country that has nuclear fire and is a member of the UN's Security Council can't make Microsoft reveal necessary informations on a système that is absolutely everywhere.”

      ("L’État français n’arrive pas à obtenir certaines informations techniques précises sur le noyau Windows. Un pays doté de l’arme nucléaire et membre du conseil de sécurité des Nations-Unies ne peut pas contraindre Microsoft de lui donner des informations nécessaire sur un système qui est absolument partout".)
      Source:
      http://www.numerama.com/magazine/26360-la-france-n-arrive-pas-a-avoir-des-informations-sur-le-noyau-windows.html

      So there seems to be a difference between what is announced and what happens.

      • To build windows, you have the use the windows compiler, I guess. Well, that's that then:

        Self-referencing C Compiler [scienceblogs.com]

      • While it is true that Microsoft is agreeing in certain cases to give access to the source code to Windows, it appears actually getting your hands on the code is sometimes harder than expected.

        “The French State can't obtain certain pieces of technical information on the WIndows kernel.

        Is that referring to getting the source code? I interpreted it to mean getting some additional technical information, or perhaps a clarification, on the functioning of the kernel.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Having access to source code is not enough. You need access to ALL the source code and data AND the build tools for converting it to the final binary the computer will run. And the source for the tools too. Then you have to actually BUILD that source code and VERIFY that the binaries match (or use only what you build).

      With Linux or BSD this is routine. There are thousands (millions?) of people that build their OS from scratch (Arch and Gentoo are two popular Linux distributions that work like this). With Wi

      • Linux has such an un-even and scattershot userland that I doubt it's regularly built all the way up from source as a unified system in that many instances. BSD, on the other hand (or, at least NetBSD which I am most familiar with) can be built, the whole kernel and core userland, from a single CVS tag checkout.

    • Re:No surprises (Score:4, Informative)

      by stephanruby ( 542433 ) on Friday June 28, 2013 @04:46AM (#44130511)

      So what? Those governments don't have the right to compile the code.

      However, government users will not be allowed to make modifications to the code or compile the source code into Windows programs themselves, Simon Conant, a Microsoft security specialist based in Munich, said.

      "Governments under the GSP are allowed to view the code in a debugger, but not compile, redistribute, or actually modify the code," Conant, said. A debugger is a tool used to evaluate software code.

      If you can't compile the code, there is no guarantee that you'll be auditing the right code base. If you dig down deep enough, the debugger will start taking you to the wrong lines (as it happens with most software projects, even open source ones), but Microsoft will just explain away those discrepancies by saying that they had to remove some of their testing code and some of their logging statements (an explanation which is sensible enough, but that you can't workaround, because you're not allowed to compile the code yourself, nor have you been provided the exact compiling recipe/code snapshot they've used for their official release).

      So whatever you do audit of the code base, Microsoft or the NSA can then modify before it gets compiled for your own citizens, and the chain of custody will have been broken thereby completely circumventing your audit in the first place.

      • Apparently the Australians are allowed to compile the code. Maybe there is more than one set of terms.

        • Do you have a citation for that?

          Australia, the UK, the US, and Canada are all senior partners in the NSA ECHELON [nsawatch.org] program, so the fact that any of those countries are allowed to compile the code (but other countries are not) wouldn't inspire much confidence in me in either case.

  • I recall reading about a hushed up brouhaha ages ago concerning backdoored USA compiled software run on Australian government systems in the 80's or early 90's. Google seems to disavow all knowledge damnit.
  • You know, like, sending NSA agents to get cover jobs in Microsoft, and purposely plant in obscure security bugs, that can only be exploited by the NSA . . . ? I know that they are not supposed to do that, but the new description of work for the NSA seems to be something like:

    Question: "What does the NSA do?

    Answer: "Things that it is not supposed to do."

  • by some old guy ( 674482 ) on Friday June 28, 2013 @04:12AM (#44130365)

    RMS's comments about OS back-doors are rather dated, since M$ made Win2K source available to governments many years ago. It gave a whole new meaning to the Windows joke, "That's not a bug, that's a feature!"

    He is, however, spot on about "the cloud". No engineer or admin in his right mind would entrust his/her organization's data to a medium riddled with security, privacy, and reliability flaws.

    Bean counters are all for the cost savings of "the cloud" until you clearly spell out the risks involved. Accountants and executives hate taking big risks for only a tiny commensurate potential for gain.

    • by Anonymous Coward

      This wasn't about the win2k NSA key, it is about Microsoft passing info about zero day exploits to the NSA instead of fixing them, so the NSA can use them to break into people's computers and spy on them. This came out in the news in just the past few days (not sure if revealed by Snowden or someone else). It would seem to explain why Microsoft is so damn slow about fixing bugs.

  • CPUs on the other hand (Loongson) are kosher!

  • Closed source, open source, it doesn't matter when you can just give them access to a database, an admin account or access to logs.

    The fear of backdoors into your OS is out of date in today's society. Why would they need wait for you to be online then risk detection by using a backdoor when they can just make a call to facebook, your ISP or your mobile phone network and probably get far more valuable information?

    It's also very naive to think that intelligence organisations don't have a catalogue of un
    • by mcgrew ( 92797 ) *

      Why would they need wait for you to be online then risk detection by using a backdoor when they can just make a call to facebook, your ISP or your mobile phone network and probably get far more valuable information?

      Neither Facebook nor your ISP has any information about your network that you didn't volunteer. Unless you're not smart enough to put a hardware firewall between your modem and router (as well as other measures) they're not going to easily get your private data. Data you give your ISP, facebook,

  • by erroneus ( 253617 ) on Friday June 28, 2013 @04:20AM (#44130403) Homepage

    Some Microsoft bugs take a ridiculous amount of time to get fixed and all the reports seem to fall on deaf ears. We bash Microsoft for this behaviour but doesn't having a reporting relationship with the NSA help it all to make sense? Taking a long time to fix? Well, they may not be done exploiting it yet. Falls on deaf ears? Well maybe it's not a "bug" but a back door that no one was supposed to know about and Microsoft cannot comment on it without NSA approval.

  • by strstr ( 539330 ) on Friday June 28, 2013 @06:48AM (#44130963)

    Microsoft has been installing the NSAKey in Windows since Windows 98; a special root key that grants them access to Windows cryptography services, ability to generate their own keys, decrypt things, and maybe install rootkits, bypassing the user. Some people think it's Trojan that even gives them stealth remote control capabilities. Microsoft has always been working with the NSA, and in turn, the NSA has always been getting into whatever they could possibly get their hands into. Welcome to the ultimate rootkit in society, next to Remote Neural Monitoring and Electronic Brain Link.

    http://www.washingtonsblog.com/2013/06/microsoft-programmed-in-nsa-backdoor-in-windows-by-1999.html [washingtonsblog.com]

    and nsa.pdf @ http://www.oregonstatehospital.net/ [oregonstatehospital.net]

    • by strstr ( 539330 ) on Friday June 28, 2013 @06:59AM (#44131019)

      there are also those famous secret debug modes in AMD and Intel's chips, that grants above operating system level control, and unlocks hidden CPU resources. this has got to be the under workings of a secret NSA toolkit for full hardware and software control. I give you the AMD CPU password, which was exposed and documented in 2010:

      http://hardware.slashdot.org/story/10/11/12/047243/hidden-debug-mode-found-in-amd-processors [slashdot.org]

      don't you think this was all put in there for a reason? The NSA gets what they want and they want it all, they want to know everything going on inside everyone's home, in every square inch of America - this was all done by design. no one is doing anything to challenge or stop them. look at how none of these companies bothers to complain before years later something about the program they're running, which they now claim to have been against, is exposed. it's crazy, and we're not even getting to the half of it. most of this was done without warrants or any involvement from any court...

  • by Theovon ( 109752 ) on Friday June 28, 2013 @07:35AM (#44131175)

    One thing people keep neglecting to mention is that for the stuff we WANT to be public (e.g. source code), the cloud is a GREAT place to put it (but certainly not the only place we should put it).

    BTW, "the cloud" is far too nebulous of a term for this discussion.

  • Turn About (Score:3, Interesting)

    by Anonymous Coward on Friday June 28, 2013 @07:58AM (#44131325)

    Since Microsoft and other companies are telling the NSA about bugs before they fix them, then Microsoft and those other companies will no longer need a grace period when Anonymous or other hackers find vulnerabilities. They should be published right away for all to see.

  • Made in China? (Score:5, Insightful)

    by Fuzzums ( 250400 ) on Friday June 28, 2013 @08:11AM (#44131407) Homepage

    Given recent developments I have no reason to trust made in usa either...

If all else fails, lower your standards.

Working...