Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Have a Privacy-Invasion Wishlist? Peruse NSA's Top Secret Catalog

timothy posted about 10 months ago | from the after-christmas-specials dept.

Government 259

An anonymous reader writes with a link to Der Spiegel, which describes a Top-Secret spy-agency catalog which reveals that the NSA "has been secretly back dooring equipment from US companies including Dell, Cisco, Juniper, IBM, Western Digital, Seagate, Maxtor and more, risking enormous damage to US tech sector." Der Spiegel also has a wider ranging article about the agency's Tailored Access Operations unit.

Sorry! There are no comments related to the filter you selected.

And that ain't all (5, Funny)

NoNonAlphaCharsHere (2201864) | about 10 months ago | (#45811417)

The NSA has been "secretly back-dooring" the American people for years.

What are you going to do about it? (1)

Anonymous Coward | about 10 months ago | (#45811741)

Strangely, complaining about government misbehavior doesn't fix anything.

Also, complaining to your elected representatives doesn't fix anything, since they're part of the problem, right?

So do you have any options left? Yes: one. Remove the elected representatives and build a consensus-based form of governance. [metagovernment.org] While that is extremely difficult and time-consuming to do, it is the ONLY practical answer.

(I'll bet slashdotters can come up with 50 other potential solutions: but none that can be done without the help of politicians. So none of those count.)

So what do you say? Keep getting nailed from behind by your own government, or start working on the only possible solution. Which appeals to you more?

Re:What are you going to do about it? (4, Insightful)

Anonymous Coward | about 10 months ago | (#45811779)

Well, if you put it that way... it certainly sounds easier to just let the government keep fucking me up the ass.
By now I'm used to it. And your way sounds like work. Yuck.

Re:What are you going to do about it? (1)

Anonymous Coward | about 10 months ago | (#45812065)

Hey now! this ain't New York.

Re:What are you going to do about it? (2, Funny)

Anonymous Coward | about 10 months ago | (#45812005)

Let's compromise. How about every now and then we turn over and let the government look us in the face while they fuck us?

And Ultimately (5, Insightful)

mrspoonsi (2955715) | about 10 months ago | (#45811427)

The NSA will achieve the opposite for the USA, not more security but less, with the rest of the world now keen to do their own thing, the NSA are a loose cannon on a rolling ship.

Re:And Ultimately (0)

marcroelofs (797176) | about 10 months ago | (#45811435)

Nice metaphor, regards.

Re:And Ultimately (-1, Flamebait)

Deadstick (535032) | about 10 months ago | (#45811943)

Nice metaphor

Please don't tell me it's new to you...

Re:And Ultimately (5, Insightful)

Anonymous Coward | about 10 months ago | (#45811857)

The NSA has already achieve the opposite for the USA

There FTFY... Talking to non IT people, the thing that most people don't seem to have understood is that Snowdon and hundreds of administrators from private contractors like him had uncontrolled access to all of the data. Those people will for 100% sure include some spies from hostile powers like Russia, China and North Korea. Some of those people will have already extracted data. People working for the NSA and DOD wrote the orange book [wikipedia.org] about this. They have no excuse to pretend they didn't know that gathering all this data together would be dangerous.

The real thing that the NSA and GCHQ are trying to hide, is not the spying. It is that they were caught seriously endangering their countries for profit.

Re:And Ultimately (0)

cold fjord (826450) | about 10 months ago | (#45811981)

The NSA will achieve the opposite for the USA, not more security but less, with the rest of the world now keen to do their own thing, the NSA are a loose cannon on a rolling ship.

Since the public record indicates that the vast majority of terrorist attacks that the NSA has helped stopped are overseas, outside the US, that probably means more successful terrorist attacks around the world. I assume that is what you refer to by "less" security?

Re:And Ultimately (1)

Anonymous Coward | about 10 months ago | (#45812033)

Since the public record indicates that the vast majority of terrorist attacks that the NSA has helped stopped are overseas

You could even say 100% of them are overseas and be correct. 100% of zero is still zero, though.

The NSA has not stopped any attacks [slashdot.org] .

Re:And Ultimately (1, Informative)

cold fjord (826450) | about 10 months ago | (#45812127)

You are quite wrong about that.

NSA helped foil terror plot in Belgium, documents, officials say [cnn.com]

The Belgium plot, though not confirmed to be one of the 50 that relied on the recently revealed secretive NSA program to monitor online messages, appears to fit the bill.

On December 11, 2008, Belgian authorities arrested an al Qaeda cell in Brussels that they feared had been planning a suicide bombing attack.

An intercepted e-mail from one of the cell members to his ex-girlfriend indicated he was about to launch a suicide attack. A defense lawyer in the case told CNN that prosecutors at trial acknowledged that the United States intercepted the communication and passed it to the Belgians.

Re:And Ultimately (1)

paiute (550198) | about 10 months ago | (#45812153)

Belgian authorities arrested an al Qaeda cell in Brussels

They could have arrested four taxi drivers playing cribbage in the back room for all we know.

Re:And Ultimately (1)

gweihir (88907) | about 10 months ago | (#45812213)

The NSA has also pointed out this way how atrociously bad commercial "security elements" typically are. I foresee that the market will change and not for the better for the US. But overall, I disagree. This is going to make us all more secure (well, maybe not anybody in the US), because economic espionage by the NSA is now a clearly visible reality that everybody has to defend against. And the NSA is not using any magic, just standard criminal practices on a large budget. That commercial firewalls are not that secure has been obvious to experts for a long time.

Don't buy from US companies (2, Insightful)

Anonymous Coward | about 10 months ago | (#45811437)

Don't use US service providers. It should be obvious by now, but the reason why the US warn about all kinds of subversion and attacks is that they know what they themselves are doing to the rest of the world.

Re:Don't buy from US companies (5, Informative)

Desler (1608317) | about 10 months ago | (#45811483)

Huawei and Samsung are US companies? Because if you read the article these things are not limited to US companies despite the implication of the summary.

Re:Don't buy from US companies (0, Flamebait)

noh8rz10 (2716597) | about 10 months ago | (#45811807)

i wonder if many companies were listed from around the world, but spiegel focused on US companies because the anti-american angle works well for them.

Re:Don't buy from US companies (1)

fatphil (181876) | about 10 months ago | (#45811497)

Alas it's rather hard to avoid intel & AMD for those who are tied to the architecture.

Now my Alpha's long dead, and my POWER is getting rather long in the tooth, I suspect my next purchase will be a Loongsoon-powered box.

Note that the mention of Samsung in the article is a little bit wrong - they sold their HDD division to Seagate (a US company, modulo tax-evasion) in 2011. Whether their SSDs are compromis{ed,able} is another matter.

Re:Don't buy from US companies (1)

Lunix Nutcase (1092239) | about 10 months ago | (#45811509)

How is it wrong? The article is about a 2008 document. It was merely reporting what was in it.

Re:Don't buy from US companies (2)

fatphil (181876) | about 10 months ago | (#45811701)

OK, the article itself is not wrong. I just didn't want people to jump to the conclusion that because a modern HDD says "Samsung" on it, it's not a US device. (In the context of "Don't buy from US companies", i.e. this sub-thread.)

It was unfortunate that the article mentioned the US-iness of those manufacturers, so I conflated the two sentences and caused confusion.

Re:Don't buy from US companies (1)

Desler (1608317) | about 10 months ago | (#45811533)

Because all Samsung HDDs poofed out of existence once they sold the division? So, as mentioned this is a 5-year-old document being written about which clearly predates that sale.

Re:Don't buy from US companies (2, Informative)

Anonymous Coward | about 10 months ago | (#45811953)

Samsun's SSD & HDD firmware was written jointly in US & Korea, with US code patches coming from Samsung Information System America (SISA) in Silicon Valley. This ended in 2013 when Seagate bought Samsung's HDD division in 2013 and fired all the HDD engineers at SISA. Samsung's SSD firmware is still a joint effort.

Re:Don't buy from US companies (2)

mikael (484) | about 10 months ago | (#45811545)

From what I remember, Samsung disk drives didn't implement SMART (Self-Monitoring, Analysis and Reporting Technology)
It would tell you useful things like how many times your disk drive had been powered up and down, longest seek time, number of bad sectors, highest temperature, longest spin-up time. Just about everything a sys-admin would ever want to know.

http://en.wikipedia.org/wiki/Comparison_of_S.M.A.R.T._tools [wikipedia.org]

Re:Don't buy from US companies (1, Interesting)

nurb432 (527695) | about 10 months ago | (#45811619)

Get a clue, its not just the US/NSA that does this. They are just the ones that are getting beat up in the press.

Re:Don't buy from US companies (1)

Desler (1608317) | about 10 months ago | (#45811659)

No, they aren't the only ones. Just the most insidious party.

Re:Don't buy from US companies (4, Insightful)

noh8rz10 (2716597) | about 10 months ago | (#45811817)

naive. if US is doing this, then Chinese and Russians are doing it too.

Re:Don't buy from US companies (2)

ebno-10db (1459097) | about 10 months ago | (#45812031)

Or at least they're trying to. I wonder how good at it they are. The stuff described in the article seems mostly like sophisticated malware, which requires brains but no sophisticated hardware. That sort of thing is a traditional Russian strength, but I wouldn't be surprised if China is good at it too. It would be interesting if we could compare the capabilities.

Re:Don't buy from US companies (1)

Deadstick (535032) | about 10 months ago | (#45811955)

No, they aren't the only ones. Just the most insidious party.

No, just the ones who got caught.

Re:Don't buy from US companies (1)

AHuxley (892839) | about 10 months ago | (#45811769)

For this to work you would need a world wide network for the ability to get your code in and the information out. Very few countries have access to the telco networks globally to do that, to hide and keep upgrades in place.
Where is the "beat up" in the press? The exploit news? The way it gets in, the data out past firewalls? The ability to get past reinstalls/rebooting?

Re:Don't buy from US companies (1)

Anonymous Coward | about 10 months ago | (#45811785)

Get a clue, its not just the US/NSA that does this. They are just the ones that are getting beat up in the press.

Yeah. Cut them some slack. Everyone else is doing it. A real patriot would understand that they, unlike the foreign agencies, are doing it for the good cause anyway.

Re:Don't buy from US companies (1, Troll)

noh8rz10 (2716597) | about 10 months ago | (#45811821)

cmon. nobody saying it's right what the NSA did, we're just saying that it is naive to think that US is alone in this regard.

Re:Don't buy from US companies (-1)

Anonymous Coward | about 10 months ago | (#45811867)

Nobody think that the US are the only one doing it, but taking them off the spot light is cutting them some slack. Don't be a fascist-enabler.

Beside, their turn will come too. Or has come. We have been bashing on China and Russia/URSS for a very long time. It is time the US get some love too.

P.S: Fuck you.

Re:Don't buy from US companies (0)

Anonymous Coward | about 10 months ago | (#45811831)

Get a clue, its not just the US/NSA that does this. They are just the ones that are getting beat up in the press.

You are comparing the parenting of Belle Gunness to that of Bette Davis here.

Re:Don't buy from US companies (3)

houghi (78078) | about 10 months ago | (#45812043)

The rest of the world does not go around shouting how they are the land of the free and that they are the world police that will bring said freedom to others. (By force other any other means.)

Dell (2)

mfh (56) | about 10 months ago | (#45811453)

I own a Dell system and since purchase, once in a while, the hard drive starts churning. Perhaps this is why.

Jokes on them, though. I use the system for work and often read the news -- and that's about all I do.

Re:Dell (1)

K. S. Kyosuke (729550) | about 10 months ago | (#45811515)

How would a disk go about compromising my system? Does it contain a secret radio transponder?

Re:Dell (5, Insightful)

Anonymous Coward | about 10 months ago | (#45811585)

I'm surprised you couldn't come up with at least some possibilities on your own, K. S. Kyosuke. I always thought that you were a smart cookie.

One obvious one is that the disk's firmware is updated to detect and modify critical Windows executables, DLLs or drivers with some additional code to send out information to remote servers once a network connection is detected, or perhaps to introduce flaws that can be exploited easily. The same could be done for Linux kernel binaries or modules, too, of course.

Another pretty obvious one is that the disk's firmware alters log files to remove any traces of intrusions, making it appear as though no intrusion has occurred.

I'm sure there are many, many other ways that I haven't thought of.

Re:Dell (1)

peragrin (659227) | about 10 months ago | (#45811737)

randomly sends data to the network card without going through the CPU first.?

My 2009 macbook randomly wakes up and processes some data for about 5 seconds and shuts off.

two reinstalls, and I still can't track it down. fortunately I just turn off the wifi when I put the machine to sleep. it still does it, but at least I know it isn't sending anything to anyone.

Re:Dell (2)

ColdWetDog (752185) | about 10 months ago | (#45811905)

My 2009 macbook randomly wakes up and processes some data for about 5 seconds and shuts off.

two reinstalls, and I still can't track it down.

Just watching a little TV while you sleep. You have a problem with that? It works hard for you all day and you're hassling it for getting a little R&R?

Re:Dell (1)

AHuxley (892839) | about 10 months ago | (#45811799)

Its depend if your air gapped or networked. if you are networked, the code enters, easily getting past very expensive 'protective' firewalls and hides deep avoiding any reformatting, reboots.
Later information is passed back out the now 'open' network as with any malware.
If your air gapped, physical access might replace a USB cable (keyboard) that RF (transits) the data.

Re:Dell (1)

daem0n1x (748565) | about 10 months ago | (#45811521)

Have you been working in "questionable" things? Have you been reading "improper" news? If you did, they know it.

Re:Dell (1)

worf_mo (193770) | about 10 months ago | (#45811529)

Jokes on them, though. I use the system for work and often read the news -- and that's about all I do.

I'm not sure who the joke's on, though. Now they know where you get your news from. And let me tell you, those commie articles don't go down too well with them!

Re:Dell (1)

noh8rz10 (2716597) | about 10 months ago | (#45811827)

"commie" -> "slashdot

Fedora Linux Question (1)

Anonymous Coward | about 10 months ago | (#45811475)

I know this is likely a done deal, but what thoughts do any of you have on Fedora Linux and its SELinux internals? This is worrisome because Fedora is the upstream for Red Hat and CENTOS and the basis for several distros. Can it be trusted despite the code being open? What about OpenBSD or FreeBSD. The BSD guys like Theo seem loathe to participate in anything approaching this kind of thing.

Thoughts?

Re:Fedora Linux Question (0)

Anonymous Coward | about 10 months ago | (#45811501)

The security of your OS means jack if the hardware itself is compromised. And that's even before addressing the childishly naive notion that Linux is secure from malware.

Re:Fedora Linux Question (1)

slew (2918) | about 10 months ago | (#45811561)

Nearly all the stuff they are talking about requires your machine to be compromised somehow (virus/malware allowing malicious code execution). Once that happens, it's game over. It's just that the NSA has considerable resources to both attack a OS network access (looking for zero-day equivalent exploits to do that), and open source probably just makes it easier to look for likely problems in the source code (instead of trying to steal the source code from some company or disassembling the code).

The way to protect yourself is to make your own distribution that doesn't show up on their radar (they don't have infinite resources to attack everything, just the most common stuff).

The thing that they are actually talking about in this article is once the OS is compromised, the NSA has developed attacks on the firmware of many commonly available peripherals (e.g., routers, drives, etc) to insert compromises that live underneath the OS (and thus undetectable by the OS). The other articles talk about intercepting packages and actually physically compromising the firmware of these peripherals in transit.

Re:Fedora Linux Question (1)

zAPPzAPP (1207370) | about 10 months ago | (#45811809)

Assuming that the OS in question is often Microsoft Windows, what makes you think a virus/malware is required in order for the NSA to compromise it?

Re:Fedora Linux Question (1)

mikael (484) | about 10 months ago | (#45811717)

Where do you start explaining? You have a huge stack of software going from the GUI applications with plugins at the top, going all the way down to the NIC device drivers and firmware at the bottom. You can easily inspect network device drivers, they don't do much except read and write data out to ring buffers, but even then they had some issue with automatic scattering of data via virtual memory (an optimization that kernel security people didn't like). You can add hardware firewalls to your system, but then this article says they can be tunneled through.

Some PC hardware even has a wake-up feature using magic packets. The network card remains powered up even though the rest of the PC is powered down:
  http://en.wikipedia.org/wiki/Wake-on-LAN [wikipedia.org]

You can disable all the server applications that open listening ports on your PC, but it's easy enough for hackers to tunnel network traffic through essential procotols like Ping and DHCP via a remote proxy server. Since the BIOS itself can be rewritten, any built-in system monitoring software could be compromised as well (game PC motherboards have a hardware based network traffic monitoring overlay that shows upload/download times).

Malware doesn't even need to be any particularly sophisticated. There are dozens of Linux applications that allow you to set up your own server for personal data (your video library available across the Internet) and are script controlled. It only takes one mis configured variable such as the root directory and anyone can take control of your PC. Even if an application is clean and has no bugs, the availabilty of a plugin service, allows anyone to write malware.

Misleading Summary (5, Informative)

the eric conspiracy (20178) | about 10 months ago | (#45811491)

If you actually go to the referenced article and read it you will see that these are exploits, not backdoors, and they apply to equipment from non-US manufacturers as well as from US manufacturers, for example Samsung and Huawei.

Good job slashdot. NOT. A nice raspberry for Der Spiegel too.

Re:Misleading Summary (0)

AHuxley (892839) | about 10 months ago | (#45811549)

So we are down to exploits vs backdoors? A mix of US manufacturers and non-US manufacturers makes it all 'fine' in some way?
Malware that gets programs past firewalls and then work after reboots and software upgrades... to BIOS, to USB plug news

Re:Misleading Summary (2)

Desler (1608317) | about 10 months ago | (#45811573)

A mix of US manufacturers and non-US manufacturers makes it all 'fine' in some way?

Well except that the GP made no such implication that either was 'fine'. They were simply correcting the summary because the article mentions the exploits cover equipment from non-US companies.

Re:Misleading Summary (1)

AHuxley (892839) | about 10 months ago | (#45811599)

The summary had: "companies including"

Re:Misleading Summary (4, Informative)

Desler (1608317) | about 10 months ago | (#45811609)

No the summary had: "US companies including" and failed to mention any of the non-US companies that the article explicitly called out.

Re:Misleading Summary (0)

Anonymous Coward | about 10 months ago | (#45812091)

"US security services are spying on Chinese companies and attempting to break their security" is hardly news. Huawei, to name one example, has been explicitly mentioned in Congressional discussions. I have no idea if it's true, however I definitely expect the NSA to be working to find out, if nothing else. Going further, there are clearly attacks coming out of China and which China doesn't attempt to rein in when discovered.

"US security services are compromising the security of US companies and products" is something different. The NSA is directly connected to CERT; different people, same organisation. An unfixed vulnerability that they know about is a backdoor.

"US security services are compromising the security of companies and products from US allies" is possibly even more serious. It starts an open season between groups who should otherwise be cooperating in our defence. Any such action should be based on specific evidence such as earlier French or Israeli spying on US interests.

The entire discussion about foriegn companies is just a distraction from the main message. US and allied security service are involved in attacks on US and allied interests. US security services know about weaknesses in US and allied defences and are not working to fix these weaknesses.

Re:Misleading Summary (1)

the eric conspiracy (20178) | about 10 months ago | (#45811647)

Uh... "US companies including".

Re:Misleading Summary (1)

Desler (1608317) | about 10 months ago | (#45811653)

Yeah AHuxley apparently thought we were illiterate and wouldn't notice his obvious quote mining.

The summary is not wrong. (0)

Anonymous Coward | about 10 months ago | (#45811655)

How is the summary wrong, though? U.S. companies were apparently affected, and so the summary lists U.S. companies. That's perfectly correct. Omitting the fact that non-U.S. companies were also affected doesn't make the summary incorrect in any way. You can't "correct" a completely truthful statement like that in the summary.

And backdoors are merely a form of exploit. Really, "the eric conspiracy", and you to a lesser extent, are merely being pedantic dickwads with your comments, weeping like little nancies because your sense of nationalistic pride has been bruised. Get over it.

The summary is perfectly fine, and "the eric conspiracy"'s comment should not be at 4, Informative. It's -1, Flamebait at best.

Re:The summary is not wrong. (5, Insightful)

Desler (1608317) | about 10 months ago | (#45811675)

Didn't say the summary was wrong. What it said was perfectly correct, but leaving out the fact that the article didn't just talk about US companies made it misleading.

Re:The summary is not wrong. (0)

Anonymous Coward | about 10 months ago | (#45811833)

Cut the bullshit, Desler. You did imply that the summary is wrong. In your very own words, you said that it supposedly needs "correcting". Only something that you hold to be wrong would need to be corrected.

Of course, the summary isn't wrong. It isn't misleading, either. The article claims that U.S. companies were among those affected. The summary states that U.S. companies were affected, too. There's nothing "wrong" there. There's nothing "misleading" there.

The summary makes a factual, 100% correct and non-misleading statement about the article, yet here we have you and "the eric conspiracy" bitching and moaning about something that just isn't an issue. This kind of crap from you guys might be fine over at reddit, where everybody else is a whining nancy hipster. But we're at Slashdot, friend, and we don't have time for your semi-autistic pedantry. We're adults who want to have adult conversations, and you clearly are not capable of doing this.

Save it for when the summary actually is wrong. That does happen now and then. This is not the case with this summary, however. Your boy-who-cried-wolf outburst just makes you look unintelligent, and we won't be able to trust you the next time you make any sort of a claim.

Re:The summary is not wrong. (1)

Desler (1608317) | about 10 months ago | (#45811693)

Really, "the eric conspiracy", and you to a lesser extent, are merely being pedantic dickwads with your comments, weeping like little nancies because your sense of nationalistic pride has been bruised. Get over it.

Riiight except neither of us believe that. And from eric's post below he even says:

The NSA is seriously a problem.

Poor trolling is poor.

Re:Misleading Summary (5, Insightful)

the eric conspiracy (20178) | about 10 months ago | (#45811623)

Do you think the NSA is somehow unique in possessing tapping and forensic tools for IT equipment?

Every police agency in the world will have some of this stuff. Heck, when I accidentally repartitioned a hard drive a couple of years ago I used some software to recover files by carving them. One of the items listed in the article was a splitter cable for crying out loud.

Backdoors are seriously different from exploits. One implies collusion between a national security agency and a manufacturer. An exploit is the work of somebody independent of the manufacturer.

The NSA is seriously a problem. However this summary states US equipment manufacturers are in collusion with them. Without presenting any evidence, and filters out information that contradicts that statement from the reference it cites.

This is not journalism. It's a troll.

Re:Misleading Summary (-1)

Anonymous Coward | about 10 months ago | (#45811995)

A classic logic fallacy. You divert attention to something else. Why? Are you a fascist? You read 1984 and thought, yes I want that, let's support that when it happens. Jesus.

Let me rephrase that in an alternative OJ tactic. Judge to OJ: Are you guilty of murder? OJ: Yes, but look, there are other murderers. So why talk about ME?

Re:Misleading Summary (1)

vpness (921181) | about 10 months ago | (#45812053)

If there was a 10+ points score - and I had any mod points - I'd vote em all to this post. Try, slashdot, to at least maintain the appearances of impartiality. First, I'd like to know who wrote this article, and why the inaccurate meme of 'ooo, tech companies are f'd by NSA spying' was promoted as the lede. Second, I'd like to see the catalog or other evidence. Der Spiegel says 'you can't trust the gov but trust us to be unbiased.' I guess I'd accept something like "we'd share this catalog, with you but .... " and tell us why. I clicked through the Der Spiegel links and didn't find a link to the catalog, or a pic of it ...

Re:Misleading Summary (0)

Anonymous Coward | about 10 months ago | (#45812227)

THE NSA WORKS WITH THE COMPANIES. This is known.

They have BOTH exploits AND backdoors to choose from, with different levels of detectability.

The fact that open holes are left into products that the NSA is directly partnering with the companies that make them, then exploiting them?

It's a LITTLE BEYOND NAIVE to think they have nothing to do with making sure they exist in the first place, in some instances at least.

Re:Misleading Summary (0)

Anonymous Coward | about 10 months ago | (#45811711)

Yes it is a very big difference. Inserting a backdoor makes the company an accomplice. An exploit of an honest mistake makes the company a victim.

Re:Misleading Summary (2)

Desler (1608317) | about 10 months ago | (#45811747)

How dare you point out that difference! It clearly means you're trying to excuse the NSA!!! At least that's what AHuxley and his AC sockpuppet [slashdot.org] would have people believe.

Re:Misleading Summary (0)

Anonymous Coward | about 10 months ago | (#45811891)

My god, Desler... I think you're a bit batshit crazy and not totally "with it" mentally, but these false accusations you're making are completely laughable.

"AHuxley" is not my account. I know this may be hard for you to believe, but there are, get this, more than one person here who sees how wrong you are, and then calls you out on it.

Son, your credibility is swirling down the shitter with each additional comment that you make.

You were wrong about the summary. Just face it. The summary is correct, and it is not misleading. What it says matches the article perfectly fine. If it hurts your sense of Americanism, then so be it, but that's completely separate from the summary's correctness. The summary is right, it is not misleading, and I think you need to come to terms with this. Accept it, apologize to us for your ignorance and idiocy, and then move on with your life.

The summary is indisputably consistent with the article it refers to. That's just how it is, friend.

Re:Misleading Summary (1)

cold fjord (826450) | about 10 months ago | (#45812003)

So we are down to exploits vs backdoors?

Other people have discussed the rest of your post, so I'll just point out that there are different implications to the two possibilities.

Re:Misleading Summary (1)

AHuxley (892839) | about 10 months ago | (#45812077)

The way in past expensive hardware and software is going to exist for some time. This is not good for network security. The ability to get data out without been tracked or logged is also not good for network security. The ability for code to exist past reinstalls and re emerge is not good for network security...
The basic networking security implications seem clear as presented in the summery and the linked story.

Infidelity (-1, Offtopic)

FridayBob (619244) | about 10 months ago | (#45811507)

Yes, I cheated on my wife, but I blame Edward Snowden for the mess I'm in now, because if he hadn't told my wife then everything would have been just fine! Besides, things are different for me these days and I need the extra sex.

Re:Infidelity (0)

cold fjord (826450) | about 10 months ago | (#45812035)

Do you want to nudge us when Snowden delivers something on China (regarding which he has claimed considerable expertise), Russia, or Iran?

Re:Infidelity (0)

Anonymous Coward | about 10 months ago | (#45812141)

I wondered why you hadn't joined the forces of people whining about how the antiamerican summary only refers to US companies while other countries' were listed (including China), but I guess if you harped on that you wouldn't be able to whine about how Snowden only releases dirt on Americans.

Man, it must suck to be wrong all the time, doesn't it?

Re:Infidelity (0)

Anonymous Coward | about 10 months ago | (#45812197)

Who cares about China? They can't send a SWAT team to my house. The US government can.

What it means that is a catalog (2)

gmuslera (3436) | about 10 months ago | (#45811511)

Even the delusionals that thinks of this is ok because "it is the NSA after all", it means that more people and agencies have access to those backdoors too, and more chances that it end in the hands of the guys with bad intentions, wherever they are or work for, using them for fun, profit or whatever.

I wonder what will do companies where their first line of "protection" is tools and hardware from cisco, juniper, dell or IBM (or engineers certified on them), now that is official that they are remote access tools for others, bury their heads on the sand or try something else.

Re:What it means that is a catalog (1)

AHuxley (892839) | about 10 months ago | (#45811637)

Re more people and agencies have access to those backdoors too:
http://en.wikipedia.org/wiki/SISMI-Telecom_scandal [wikipedia.org]
An illegal domestic surveillance program in Italy, 5,000 persons (including politicians, magistrates, football players and referees)
http://en.wikipedia.org/wiki/Greek_wiretapping_case_2004 [wikipedia.org] –05
Illegal tapping of more than 100 mobile phones of Greek government and top-ranking civil servants.

A good example to the lawmakers needs to be given (2, Insightful)

Anonymous Coward | about 10 months ago | (#45811523)

At earlier convenience we need to tell to IT non-savy senators and congressmen. The backdoor is like an all purpose key. Now all the criminals and agencies will exploit this.

Such a simple explanation and analogy should be adequate to deliver the point.

This will be a boon to other countries (3, Interesting)

sandbagger (654585) | about 10 months ago | (#45811541)

I was working for a software company specializing in network security back in the post 2001 period. I recall that we had more than a few discussions with the unskilled egomaniac in charge of the marketing of that firm that many competitors were using their Canadian branch office addresses 'front and centre' in their marketing to the European market.

Why? Because one doesn't always want to be perceived as an American.

The myth of Americans with Canadian flag stickers on their passports is not completely false.

Well, he was horrified at the notion. In fact, if you want to see how existential angst can be suddenly manifest in someone's behaviour in an unexpected setting, try this. I expect that we'll see more of the same in the next year. Ultimately, countries will roll their own code, and have their own Silicon Valleys because of the national security issue. A few years ago I remember seeing an ad from I believe a Swedish firm selling routers and switches that were 'designed and built' in Europe with each unit only delivered to a physical address in Europe. Does anyone else remember this outfit?

Re:This will be a boon to other countries (1)

Desler (1608317) | about 10 months ago | (#45811555)

How so? These exploits also cover non-US companies.

Re:This will be a boon to other countries (1)

AHuxley (892839) | about 10 months ago | (#45811967)

Re other countries will roll their own code, and have their own Silicon Valleys because of the national security issue..
This really depends on the support and power of their top staff and gov.
The privatised telco networks, domestic and foreign policies, mil, special forces, police, gov (political and bureaucracy), armament manufacturers (exporters) might all have a say in any hardware import policy changes.
Some might be very beholden to decades of signals intelligence sharing and the hardware/software and rank/clearance levels.
Some might be very concerned about decades of total domestic telco sharing with other countries, a few more countries, contractors and ex staff.

BIOS (3, Insightful)

Anonymous Coward | about 10 months ago | (#45811603)

Looks like this is a loud and clear call for more intensive open source BIOS development.

Re:BIOS (3, Insightful)

couchslug (175151) | about 10 months ago | (#45811945)

That and for UVPROM BIOS or other flashing method which cannot be done by the PCs own software.

Remote management = remote exploitation.

coin, sides, same (5, Interesting)

PopeRatzo (965947) | about 10 months ago | (#45811611)

Don't think for a second that these back-doors that companies put in at the behest of the NSA aren't also being used to the benefit of those companies.

So, if the NSA were shuttered tomorrow, what makes you think those back-doors are going to go away? How much is it worth to those tech companies to know exactly what their customers are doing? How much is it worth to their institutional shareholders?

See, the ugliest part of this is that it's a two-headed monster. Fight one head and the other one will come around and bite you. Both government and corporations have come to believe that they are beyond our reach, above reproach and entitled to everything you have.

Re:coin, sides, same (3, Insightful)

PPH (736903) | about 10 months ago | (#45811999)

How much is it worth to those tech companies to know exactly what their customers are doing?

And to the Chinese? Or Russians?

Snowden may have a guest pass in any one of these countries just to keep information surrounding these capabilities quiet. Russia did say he could stay so long as he quit spilling secrets.

It might be a mistake to think in terms of a 'them vs us' race. If the NSA says, "Backdoor the chips" to US companies and then shares that information with our 'enemies' in return for their backdoor exploits, that is worth more to all then trying to keep the capabilities to ourselves. They know we do it, we know they do it. But its still useful technology for keeping our respective populations under control. And that's what each of these governments fears more than an attack from the outside. The FBI/CIA/NSA might miss the occasional 9/11 or Boston bombing. But get on Twitter and try to amass public support for a "throw the bums out" movement and see how long that lasts.

Coreboot BIOS (5, Interesting)

chill (34294) | about 10 months ago | (#45811657)

Unfortunately I don't have the skill set and there doesn't seem to be any other way to support them.

If you have a machine that supports it, Coreboot could be a very interesting solution. [coreboot.org]

Re:Coreboot BIOS (0)

Anonymous Coward | about 10 months ago | (#45811969)

MOD PARENT UP!

It's a A fun game- try it (-1, Offtopic)

WOOFYGOOFY (1334993) | about 10 months ago | (#45811689)

Please god not me. Please god not me....Please god ....

They're hiding under the floorboards!

They're hiding under the floorboards!

My kids are hiding under the floorboards !!!!!!

Damn, the movies have been right all along (4, Funny)

QuantumRiff (120817) | about 10 months ago | (#45811703)

So all those shows we have mocked, like 24, csi, etc, because their tech "hacks the firewall" in 15 seconds were actually accurate? Crap. That changes some things..

Re:Damn, the movies have been right all along (0)

Anonymous Coward | about 10 months ago | (#45811893)

That's why I chain multiple firewalls together in a loop. They'll never know what hit them!

Western Digital, Seagate, Maxtor (0)

citizenr (871508) | about 10 months ago | (#45811709)

All HDDs support ATA security. Its standard, its in hardware and it appears to be secure. ALL HDDs on the marked have those curious "bugs" that let you recover or bypass this password. All by accident Im sure :)

De- & Redamaged (4, Interesting)

Rotworm (649729) | about 10 months ago | (#45811723)

I'm not sure if the NSA seeking to exploit technology is particularly damaging to US firms. The NSA is seeking to exploit all technologies, not just American-based ones.
I think the part that does damage American firms, was the end of the second article. It read that the NSA has been redirecting the shipping of some computers to their address, installing software or hardware, repacking the device, and shipping it to the purchaser.

Re:De- & Redamaged (1)

the eric conspiracy (20178) | about 10 months ago | (#45811871)

Why would shipping re-direction be restricted to American hardware? The critical step in the operation is interception of the shipment, which is independent of the hardware manufacturer.

Re: De- & Redamaged (2)

Rotworm (649729) | about 10 months ago | (#45811939)

It would be resource consuming for the NSA to redirect a computer assembled in Britain and shipped to a Brit, but it would be trivial for the NSA to redirect a computer shipping from America. Therefore, this news is more damaging to US firms.

Re: De- & Redamaged (1)

the eric conspiracy (20178) | about 10 months ago | (#45812055)

In Britain people buy from British distributors. They don't generally have equipment shipped directly from the US.

The NSA would have its partner in Britain implant whatever needed.

Redirection of shipped equipment for the purpose of installing bugs is not new or restricted to IT equipment. It's one of the oldest espionage techniques known.

Re: De- & Redamaged (1)

swillden (191260) | about 10 months ago | (#45812117)

Not a problem. GCHQ will be happy to take care of that for them.

The problem is (0)

Anonymous Coward | about 10 months ago | (#45811753)

I didn't know about the backdoors in any of these so why would I know about the backdoors in anything else. I have no real problem assuming there are backdoors in anything and everything.

I think you guys deserve praise for fighting the good fight trying to expose and stop all the nefarious activity that the NSA partakes in but this is too exhausting for me. I care, but not enough to alter my buying decisions. Good luck to you guys but I'm out.

the biggest exploit (1)

slashdime (818069) | about 10 months ago | (#45811791)

The biggest exploit the NSA ever created was a time portal back to the cold war.

Every country modernize their infrastructure will look inward to build their own because of paranoia of "the other side".

The Swiss connection (1)

Anonymous Coward | about 10 months ago | (#45811841)

Those who think the answer is to not buy American should think again. For decades after WWII, a host of countries bought their teletype-like encryption gear from a Swiss company, thinking that as a neutral, it had to be free of backdoors.
Not so, many say. Money speaks very loudly. The U.S. and others apparently bought off the company's owners and were reading the coded traffic of dozens of countries. You can find a few details at:
http://en.wikipedia.org/wiki/Crypto_AG

Act of War (1)

Rant-a-Holic (2700617) | about 10 months ago | (#45811947)

Slashdot Poll: Which country is going to be first to call all the US/NSA actions by their true name?

NSA appears to be kicking butt... (0)

Anonymous Coward | about 10 months ago | (#45812001)

I'd rather have the world's best spy agency than second or third best... You go NSA......

China, Russia, and the EU (0)

Anonymous Coward | about 10 months ago | (#45812155)

They, along with the Koreas and Japan , and all other nation-actors, are completely irrelevant to the internal domestic threat that the NSA and their alphabet cohorts pose to our Constitutional rights and liberties.

Saying, "Everybody else does it." is absolutely no excuse. "Everybody else" can't attach my assets, get me fired, send thugs to ransack my home, or throw me in prison without trial.

We have lost the tech war. All our hardware are belong to them.

The only war left to wage is the legal/political one, and China and Russia have nothing to do with that.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?