National Security Agency beefed Win 7 defenses
The National Security Agency helped Microsoft harden Windows 7 against attacks and is providing similar assistance to Apple, Sun Microsystems and Red Hat too, an agency official said. The admission came in prepared remarks delivered Tuesday by Richard Schaeffer, the NSA's information assurance director, at a hearing before the …
This topic is closed for new posts.
Your backdoor man, in black.
As a suspicious person, I've long held that MS did a deal with the US gov back in the day. I take this as confirmation. Whatever other vulnerabilities 'windows' might have, I bet you it has an 'official' back door.
Are you kidding me?
Microsoft invites the NSA (of all orgs) to ?help? harden Windows 7? Oh, and we're already seeing zero-day bugs in W7....or are they really badly written back-doors.
(why can't i choose two icons: grenade and fail)
In further news
MS shuts down its internal security improvement programme.
Why design something right when Uncle Sam can pick up the problem because of our need to get something new and shiny out the door.
MS has a tradition of buying in new tech. Why should this change.
No mention of the back door they've inserted
Who can trust any securiity agency, from whatever country?
"guide"
What is the word "guide" doing in that statement from the NSA? As it reads just now, all they did was improve the security manual. Is that seriously it?
They didn't do a great job
I may never quite trust a Red Hat distribution again.
[redacted]
...and we're also putting in secret back doors for us (and only us) sos we can spy on everyone secretly behind their backs. Oh yes.
[/redacted]
State subsidy
If the EU did this (there is no EU NSA) then the US would shout that this was a State Subsidy and was uncompetitive. Alas, there is no mainstream EU OS.
Backdoor keys
One remembers previous help by the NSA a decade ago, when Microsoft accidentally left the NSAKEY debug symbol in NT4.
Sounds like a bit of PR Nonsence to me.
Exactly what could the NSA help them with, one wonders, that any half way decent CLAS consultant couldn't. Was the NSA actually helping them, or were they just testing stuff. An interesting word Help. The Police use the term "Helping with Enquiries" quite a lot over here when they really mean "We'll interrogate the scrote until he coughs to it" I suspect Apple, Sun et al. neded far less "Help" than MS.
Read the article ...
It seems most commenters didn't read the article closely before commenting.
I quote:
"NSA leveraged our unique expertise and operational knowledge of system threats and vulnerabilities to enhance Microsoft's operating system security guide ..."
The NSA evidently just wrote a *guide*, in cooperation with Microsoft, on how to harden Windows 7.
There's nothing new here. There are, and have been for some time, joint NSA-MS guides on how to harden XP, joint NSA-Apple guides on how to harden OS X Tiger, and so on.
IOW, these are guides which say stuff like if you are running such-and-such an OS in a critical situation do the following:
Shut down unnecessary dæmons; change the umask from the default; disable input from microphones, etc., etc.
They're good guides and worth reading -- though not all the hardening recommendations will be necessary for all of us. They're here:
http://www.nsa.gov/ia/guidance/security_configuration_guides/operating_systems.shtml
All previous commenters should STFU
The NSA security guides are usefull, look them up. There are also some NSA guide based security scanner tools. They are far beyond a simple port scanner or exploit notification tool. They give you exaustive reports of file system, service and authentication threats. If you can get your hands on one, try it out.
http://www.nsa.gov/ia/guidance/security_configuration_guides/operating_systems.shtml
And by the way, NSA recomends using Apple's own security guide, so I gues that means Apple is in bed with NSA by design? You all need to grow the hell up and use your brain for more than paranoid anti M$ hate.
Linux too?
OK, I'm running Ubuntu, but this stuff still could make it back along the source tree.
At least with Linux, there's a pretty good chance that backdoor code will be noticed by someone. I HAVE stopped building my own kernels though...
The Spooks are all over this one.
Lets go back to 1998 for just a moment.
This is a link to some postings by Ellen Messmer of Network World, dating back to July 20, 1998 about the NSA involvement in software development.
http://jya.com/nsa-lsa.htm
So you can see that they have been at this for quite a while now and yet they claim that it's not true.
Those so called back doors are in there, like it or not but as to whether it was put in there by Microsoft or the NSA remains a mystery.
Not really important as to who or how it just remains a fact that they are there.
"Those who would sacrifice liberty for security deserve neither."
~ Benjamin Franklin~
"None are more hopelessly enslaved than those who falsely believe they are free"
~Johann Wolfgang von Goethe~
"Now" Red Hat?
Red Hat, and by now all other Linux distros have had work contributed by NSA for ages now - it's called SELinux. Lookie here: http://en.wikipedia.org/wiki/Selinux#Overview
But it's all open source, so rather hard to hide back doors. Any security-related bug could possibly be considered a deliberate attempt to allow circumvention.
This topic is closed for new posts.
