Re: NSA motives

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Quoting Peter Magnusson <iocc@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>:
What if some with evil reasons uses SELinux? Or have NSA realized that the old tactic doesnt work and its better to secure so many systems as possible instead. To help millions to have a more secure system is worth more than to possible prevent a few bad guys to also have secure systems. Probably leading that it will be more complicated or impossible for NSA to break in?
Actually, the NSA came to correct conclusion that if they give out the tool (be it SELinux or encryption algorithm), most people don't have technical knowledge 
(and will never bother to obtain it) to use it in a secure way.  So basically,
their systems (or communications) are not that much more secure (or harder to
break) than they were before they were given the tool.  They will have false
sense of security, so they will store more sensitive information on their
systems (or transfer it through communication channels).

Bruce Schneier wrote something similar in one of his books (I believe it was
"Secrets and Lies: Digital Security in a Networked World").  From what I
remember (somebody with a copy of the book can correct me if I remembered
wrong), he wrote that his biggest mistake was publishing the book "Applied
Crypthography". While the algorithms in the book and the math behind them were 
perfect, the way people were implementing them made systems actually less
secure.
To summarize, if somebody has false sense of security (he has perfect tools, but used in a wrong way), it will be actually easier for you to spy on him. This is especially true with complex subsystems such as SELinux (what do you think, how many system administrators out there *really* understand it?). I'm not sure if 
this is the actual (real) backdoor Vladis was refering to in his reply ;-)

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.


--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux