U.S. code-cracking agency works as if compromised

U.S. code-cracking agency works as if compromised

This is a discussion on U.S. code-cracking agency works as if compromised within the Law Enforcement, Military & Homeland Security Discussion forums, part of the Related Topics category; http://tinyurl.com/2ujvq5a (Reuters) - The U.S. government's main code-making and code-cracking agency now works on the assumption that foes may have pierced even the most sensitive ...

Results 1 to 6 of 6

Thread: U.S. code-cracking agency works as if compromised

  1. #1
    VIP Member
    Array DaveH's Avatar
    Join Date
    Feb 2008
    Location
    SW Virginia
    Posts
    5,036

    Thumbs down U.S. code-cracking agency works as if compromised

    http://tinyurl.com/2ujvq5a

    (Reuters) - The U.S. government's main code-making and code-cracking agency now works on the assumption that foes may have pierced even the most sensitive national security computer networks under its guard.

    "There's no such thing as 'secure' any more," Debora Plunkett of the National Security Agency said on Thursday amid U.S. anger and embarrassment over disclosure of sensitive diplomatic cables by the web site WikiLeaks.

    "The most sophisticated adversaries are going to go unnoticed on our networks," she said.
    SNIP
    Μολὼν λαβέ

    I'm just one root in a grassroots organization. No one should assume that I speak for the VCDL.

    I am neither an attorney-at-law nor I do play one on television or on the internet. No one should assumes my opinion is legal advice.

    Veni, Vidi, Velcro


  2. #2
    Senior Member Array Phillep Harding's Avatar
    Join Date
    Apr 2008
    Location
    Alaska
    Posts
    821
    Check the rumor that OpenBSD had a backdoor installed? Search on:

    openbsd FBI

  3. #3
    Member Array mkphillips's Avatar
    Join Date
    Dec 2009
    Location
    Knoxville, TN
    Posts
    121
    The code for OPenBSD gets looked at so much I would not expect to see a backdoor there, it would be too easy to find IMHO. I would be more concerned about the binary only driver for things like wireless cards and video drivers.

  4. #4
    Member Array Cornelius's Avatar
    Join Date
    Sep 2010
    Location
    Orlando, FL
    Posts
    140
    Quote Originally Posted by mkphillips View Post
    The code for OPenBSD gets looked at so much I would not expect to see a backdoor there, it would be too easy to find IMHO. I would be more concerned about the binary only driver for things like wireless cards and video drivers.
    The OpenBSD backdoor was not the first case of malicious code getting committed to the main trunk of a major open source project.

    In many kernel modules, you have to be an expert for that particular module to even understand what gets checked in. On large projects that have specialists who "own" modules, you have to trust every single maintainer to be not only vigilant of what gets committed, but also be on their best behavior themselves. This is what happened in OpenBSD- Theo claims that one of the kernel maintainers actually got paid off by the FBI to do this for them!

    It basically comes down to: who do you trust, if not the OSS community? I don't know of many people who single-handedly audit every line of code of every open source software they use- not even Richard Stallman is that obsessive. 99.99% of software developers are neither that talented nor do they have the time anyway.

    Check out the Underhanded C Contest. They show some pretty nasty exploits that look like innocent bugs at first glance.

    Not trying to bash open source software- I myself use and support many OSS projects, and have even contributed code to a few. I'm just being pragmatic.
    Ek = 1/2 (m*v^2)

  5. #5
    Senior Member Array Phillep Harding's Avatar
    Join Date
    Apr 2008
    Location
    Alaska
    Posts
    821
    If OpenBSD can get a back door installed, then so can any other OS.

    I'm sooooo happy at this bit of news. (Where are the wire cutters?)

  6. #6
    VIP Member Array livewire's Avatar
    Join Date
    Jun 2010
    Location
    Washington State
    Posts
    2,054
    Woa. . . I wasn't expecting to find this kind of conversation here. . . fellow geeks unite :-D

    This has been a common practice among communications security people since radio and Morse Code were developed though. You always assume that your super secret communication can be compromised and find a new code, because you don't know how long until it actually happens. It's the classic Alice and Bob problem.

Sponsored Links

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Similar Threads

  1. Cracking Kydex
    By Biomortis in forum Defensive Carry Holsters & Carry Options
    Replies: 15
    Last Post: April 16th, 2014, 12:34 AM
  2. GA Gun Code (long... it's gun code!)
    By j21blackjack in forum Concealed Carry Issues & Discussions
    Replies: 6
    Last Post: December 13th, 2007, 11:36 AM
  3. Been compromised in public?
    By AirMech74 in forum Concealed Carry Issues & Discussions
    Replies: 40
    Last Post: July 9th, 2007, 10:14 PM
  4. Aluminum Frames Cracking
    By pirate252 in forum Defensive Carry Guns
    Replies: 15
    Last Post: May 28th, 2007, 10:52 PM
  5. Is your cover garment compromised?
    By glembe in forum Concealed Carry Issues & Discussions
    Replies: 79
    Last Post: April 27th, 2007, 02:42 PM