Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation
 
PerlMonks  

(redmist) Re: Secure Linux

by redmist (Deacon)
on Sep 17, 2001 at 05:39 UTC ( [id://112794]=note: print w/replies, xml ) Need Help??


in reply to Secure Linux

I can't imagine why an agency of the US government whose sole purpose is breaking other parties' security (cryptographically or otherwise) would release to the public a mechanism with which to increase the level of security on an individuals computer to a non-trivial level.

Why would an organization that spies (see Echelon Project) on the citizens who fund it, give away a product to make even one aspect of security easier for the common man and woman?

It just doesn't follow...

If it was not a "patch," and was instead it's own distibution, I would be highly suspect of the particular binary of GCC that came with said distribution. (Read Ken Thompson's thoughts on Trust and compilers. I will bet dollars to donuts that something sneaky is going on here.

redmist
Purple Monkey Dishwasher

Replies are listed 'Best First'.
Re: (redmist) Re: Secure Linux
by ChemBoy (Priest) on Sep 17, 2001 at 08:05 UTC

    I can't imagine why an agency of the US government whose sole purpose is breaking other parties' security (cryptographically or otherwise) would release to the public a mechanism with which to increase the level of security on an individuals computer to a non-trivial level.
    Well, I can't either, but since the agency you describe is not the NSA, I'm willing to assume (subject to verification by those who are better kernel hackers than I) that it is in fact what it claims to be.

    While I can't comment on the way their budget is divided internally between departments (and neither can anyone else who's not on one of the Select Committees on Intelligence*), NSA's ostensible principal task is assuring the security of U.S. Government communications. As such, they do, in fact, have a vested interest in producing computer products that are hard to compromise. And since government computers do communicate with other computers, NSA also has a vested interest in improving overall computer security (public-interest issues like internet worms aside).

    Note that this would not be inconsistent with the allegations related to their using overseas portions of Echelon system to monitor U.S. communications: other than at a broad public-interest level (countering corporate espionage, for instance), they don't have a vested interest in improving the security of civilian communications, and you are unlikely to see them release a communications encryption scheme any time soon (see also "Clipper Chip").

    Oh, and frankly, dollars don't compare nearly as well to Donuts as they used to ;-)

    *This is a separate, and serious, concern, which I don't intend to go into at the moment.



    If God had meant us to fly, he would *never* have given us the railroads.
        --Michael Flanders

      Well, I can't either, but since the agency you describe is not the NSA, I'm willing to assume (subject to verification by those who are better kernel hackers than I) that it is in fact what it claims to be.

      Well, at the danger of falling into a political (as opposed to security-related) discussion, I do believe that the NSA is only one of the US government agencies that keeps tabs on United States citizens. Before you write me off as a crackpot (which I very well might be), extrapolate into the present the past behavior of the NSA, FBI, etc. Remember the 80's 60's? Well J. Edgar Hoover had a program called COINTELPRO which disrupted social/political action groups through social engineering and insurrection. Remember the Crypto Wars (some informative links) and CLIPPER? One of the main reasons the NSA didn't/doesn't want US citizens (and obviously foreign nationals) to have crypto is because the the NSA/FBI/CIA knows that a threat against government computer and information security can, and does, come from anywhere.

      An attack against US government cryptographic methods, practices and algorithms may very well come from a United States citizen or entity, and the NSA knows that! And I'll bet you dollars to very cheap, stale, moldy donuts that the NSA will be damned if a silly charter will stop them. It certainly hasn't in the past.

      redmist
      Purple Monkey Dishwasher
      NOTE: This post brought to you by the <i> tag...

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://112794]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others admiring the Monastery: (5)
As of 2024-03-28 20:34 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found