Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×

Submission + - How worried should we be about NSA backdoors in open source and open standards? 1

Submitted by quarrelinastraw
quarrelinastraw writes: For years, users have conjectured that the NSA may have placed backdoors in security projects such as SELinux and in cryptography standards such as AES. However, I have yet to have seen a serious scientific analysis of this question, as discussions rarely get beyond general paranoia facing off against a general belief that government incompetence plus public scrutiny make backdoors unlikely. In light of the recent NSA revelations about the PRISM surveillance program, and that Microsoft tells the NSA about bugs before fixing them, how concerned should we be? And if there is reason for concern, what steps should we take individually or as a community?

History seems relevant here, so to seed the discussion I'll point out the following for those who may not be familiar. The NSA opposed giving the public access to strong cryptography in the 90s because it feared cryptography would interfere with wiretaps. They proposed a key escrow program so that they would have everybody's encryption keys. They developed a cryptography chipset called the "clipper chip" that gave a backdoor to law enforcement and which is still used in the US government. Prior to this, in the 1970s, NSA tried to change the cryptography standard DES (the precursor to AES) to reduce keylength effectively making the standard weaker against brute force attacks of the sort the NSA would have used.

Since the late 90s, the NSA appears to have stopped its opposition to public cryptography and instead (appears to be) actively encouraging its development and strengthening. The NSA released the first version of SELinux in 2000, 4 years after they canceled the clipper chip program due to the public's lack of interest. It is possible that the NSA simply gave up on their fight against public access to cryptography, but it is also possible that they simply moved their resources into social engineering — getting the public to voluntarily install backdoors that are inadvertently endorsed by security experts because they appear in GPLed code. Is this pure fantasy? Or is there something to worry about here?

Submission + - Why speaking English can make you poor when you retire (bbc.co.uk)

Submitted by
dhaen
dhaen writes: "BBC Business News reports that speaking English can significantly affect your savings philosophy. It seems that languages with strong future time reference (such as English) detach us from the future, thus making us care less about it. Languages with a weak future time reference (such as Mandarin) treat the present and future as being much more closely related, making people more likely to care and this save for it. The article goes further to suggest the degree we care about the future is language related."
Microsoft

Submission + - Microsoft hacked by same cyberattack as Apple and Facebook (telegraph.co.uk)

Submitted by Tequila Dave
Tequila Dave writes: The Telegraph reports: "Microsoft has revealed it is the latest high-profile internet company to have its computer system hacked.
The software giant said it experienced a "security intrusion" similar to those suffered by social media site Facebook and technology company Apple earlier this month.
In a blog posted on its website, Microsoft insisted that there was no evidence of customer data being taken.
It said a small number of computers, including some of its Apple Mac computers – which are reputed to be targeted less by viruses compared to Windows computers.
Matt Thomlinson, general manager of Microsoft's trustworthy computing security team, said: "This type of cyberattack is no surprise to Microsoft and other companies that must grapple with determined and persistent adversaries."
Last week Apple announced it had been hit by malicious software, known as malware, which took advantage of a vulnerability in a Java program used as a plug in for web browsing programs.
EU

Submission + - France Plans 20 Billion National Broadband Plan (techweekeurope.co.uk)

Submitted by
judgecorp
judgecorp writes: "France is planning a €20 billion programme to get super-fast broadband to its rural population About half the funds will come from government investment, and President Holland believes the work will create 10,000 jobs. Half the population should have fast broadband in the next five years, and the whole country in ten years. France is at a disadvantage for broadband as it is a large country with a lot of rural areas. However, it also has a more left-leaning government willing to take on infrastructure projects."

Comment Re:Heh (Score 1) 348

by dhaen (#42380463) Attached to: Ask Slashdot: Do You Test Your New Hard Drives?
I've deployed hundreds of enterprise Seagate drives over the last 5 years as they're my maker of choice. I stick to these as I trust Seatools. Overall the failure rate has been lower than expected, none failed prematurely and one was D.O.A - a 3TB drive. Whilst I haven't had cause to graph the failures, I'm pretty sure the failures are closer to random that bathtub.

Slashdot Top Deals

A boss with no humor is like a job that's no fun.

Close