Re: How NSA access was built into Windows

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2007-01-19 at 22:26 -0800, David Boles wrote:
Hi, David,
	I assume that I am included in this, so I have to reply.  You don't
know me, and you don't know my background.  To say that I or any of the
others don't know what SELinux does is fair, but then I am willing to
bet that you don't either.  I understand all the concepts that are
espoused on the notes provided by the NSA website, and I like Dr.
Smalley, but I also believe that the NSA has more dogs in this hunt than
just system security, and that Dr. Smalley is not the only one there,
nor is he the one with his hand on the tiller.  The ship of state has
many stops to make and there are many routes to those stops.

	From one of the articles posted, it can be seen that bad code can be
placed into a program without being self evident.  From my own
experience I can tell you that programs can be written to manage very
complex conversion issues between machines, languages and even hardware
attached to the machine.

	The size of modern operating systems permits many things to go into the
OS that are not part of the function of the OS, like easter eggs, secret
keys, backdoors and trigger code to name just a few.  You may trust our
government, I do, but with some reservations, and I recommend that all
governments be trusted to make their own lives easier.  This is not a
condemnation of anyone, but a simple observation of human nature.
Computers exist to make many jobs easier.  I do not believe that the
folks tasked with the security of our nation should be required to fore
go such enhancements to their work environment.  However, the sanctity
of my own life is of much greater value to me than to those tasked with
more global concerns.  And while I don't believe they target specific
individuals with all sorts of penetration logic, I do believe that if
they figured out a way to make it easier to penetrate the systems of
folks they have identified, that it would be relatively simple to
install that capability everywhere.  

	The rub comes when you or I or anyone else becomes critical of
government, or some issue, that we may then be "selected", and with the
ability to penetrate our personal space, vulnerable in ways that we may
not be able to prevent without action up front.  

	Yes, the article was dated 1999.  And it was available.  I read
prodigiously, but I was unaware of this particular article.  There are
many technical articles that I am not aware of.  However, it is not due
to lack of effort.  I subscribe to several professional journals, I am
on line (A LOT), and still I don't know all possible developments.  Do
you?  So when I do become aware, then I begin to try to understand the
implications and to hopefully raise awareness.  Not "FUD", but fact
based as much as I can, supported by my own research, and backed by my
own prior experience and skills.

	I am not a resourceful idiot, and removing SELinux was an exercise that
was attempted to discover just how it was invested into the system.  

	So, please educate my friends and I.  What does SELinux do?  How does
it do it?  Why is it so tightly bound to the OS?  And by the way, what
do you want it to do for you?

Regards,
Les H

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux