Skip to main content

View Diary: The MSFT-NSA conspiracy theory (40 comments)

Comment Preferences

  •  Yup (4+ / 0-)

    And that's why there are still known exploits of MacOS X, Java, and GNU/Linux.

    Give it up -- it's a debunked CT, and has been so for years.  Do you honestly think that I haven't seen it before?  If you do, then you're wrong.

    •  Redhat, NSA, have given us security-enhanced linux (0+ / 0-)
      In today's world of high speed Internet connections, coffee shops with free wireless access, and way too many root kits floating around on the Web, thinking about computer security has become commonplace. To combat this issue, National Security Agency (NSA), with the help of Linux community, has developed an access control architecture to confine processes to only the files they need to complete their actions. This architecture is called security-enhanced Linux, or SELinux for short.

      An illusion can never be destroyed directly... SK.

      by Thomas Twinnings on Sat Jun 15, 2013 at 07:41:29 PM PDT

      [ Parent ]

      •  Actually, RedHat had little to do with it (1+ / 0-)
        Recommended by:
        Johnny Nucleo

        But that's kind of irrelevant.

        Don't you think that the NSA could provide backdoors in it's ACL system in SE/Linux?  Do you know how big that patch was? Have you read the code?  Has Theo read the code?  I mean, he's a jerk, but he's a good security reviewer.

        Seriously, if they were going to go to the trouble to get Microsoft to do anything, why not exploit the holes they could have far-more-easily have put in every major web server on the net?

    •  As somebody who worked in softwware (4+ / 0-)

      for over a decade, you are absolutely correct.

      And I can confirm, known exploitable bugs go uncorrected all the time. Literally, all the time.

      Bugs in functionality that are key to selling the software ALWAYS get priority. ALWAYS!

    •  Debunked simply means argued against - your (2+ / 0-)
      Recommended by:
      Jim P, kurt

      argument is feeble beyond words.

      Fact - not all security vulnerabilities are readily exploitable. Corresponding fact, some are, and some are semi-readily exploitable.

      Fact - The NSA has trained hackers who would try brute force, etc. Corresponding fact - said hackers would be beyond stupid if they didn't take a shot at a readily exploited vulnerability.

      Do I honestly care if you've seen it before - is there any reason I should?  

      Would you take the same position if MS was giving notice of security vulnerabilities to Anonymous in advance of issuing patches - that it is im[possible that it could ever facilitate a hack?

      Do you have a clue what impossible means, or that you are arguing tht it is impossible for the NSA or CIA or FBI or anybody else in the universe to ever exploit a security vulnerability that the average end users know nothing about? Think about that position - it is kind of silly.

      That, in its essence, is fascism--ownership of government by an individual, by a group, or by any other controlling private power. -- Franklin D. Roosevelt --

      by enhydra lutris on Sat Jun 15, 2013 at 07:46:32 PM PDT

      [ Parent ]

      •  Not really. (2+ / 0-)

        Yes, not all vulnerabilities are easy to exploit the first time. That said, unless you're Tavis Ormandy, you have never seen a truly hard-to-exploit vulnerability -- anything you find, he will have found two years before and published working exploit code. After that, it won't be hard to exploit ever again.  Hell, it'll be in Metasploit the next day, so any skr1pt kiddie can use it or its friends.

        (And, that, by the way, is why I don't lose sleep over the...ummm...fact that Microsoft pre-releases vulnerabilities to people I -- and others, presumably including NSA itself -- know to be members of Anonymous.)

        As to "said hackers would be beyond stupid" -- well, all I can say is that you're wrong.  Anyone with a secret worth keeping -- sorry, you ain't got none -- has a honeypot.

        •  You are arguing against history, sorry - (2+ / 1-)
          Recommended by:
          Jim P, kurt
          Hidden by:
          Johnny Nucleo

          1. Vulnerabilities have been exploited and systems have been hacked, time and again.

          2. It is sometimes easier to hack a system if you know a security weakness of that system - that's why they're called security vulnerabilities.

          3. Our various spook groups, NSA, CIA, FBI, DEA, etc. have some hit lists, and many of those on them are simple citizens, not IBM or Apple or even script kiddies.

          4. None of them are above hacking or any other form of B&E.

          5. You hand them the keys to the house and the combination to the safe, they will get into the safe with them.

          6. You give them an endless string of security vulnerabilities, in advance of warning the general public, they will be busting into some systems using some of those revealed flaws - it is practically a given.

          That, in its essence, is fascism--ownership of government by an individual, by a group, or by any other controlling private power. -- Franklin D. Roosevelt --

          by enhydra lutris on Sat Jun 15, 2013 at 08:22:10 PM PDT

          [ Parent ]

          •  You're all the way out to CT now (6+ / 0-)

            Think about it.

            (1) Microsoft would have to keep this operation secret.  I live in Redmond, man, and...MSFT leaks like a sieve.  At one of my son's Lacrosse games, where I was wearing a piece of Google logowear that absolutely identified me as an employee, I had to walk over to two parents from the other team who were talking at the top of their lungs about MSFT's ad server system and ask them to please shut up.

            (2) You don't need to hand them the keys to the house; they already HAVE them.  NSA can do exactly what every vulnerability seeker does: they have the machines and they have the personnel.

            I know, I know, you want to hate MSFT, and you're looking for an excuse.  Great, you go on looking.  This dog won't hunt.

            •  It ain't CT unless there is significant & (0+ / 0-)

              substantial evidence against it. Therer is no evidence against it.

              Point 1 is irrelevant and false. There is no need for secrecy. Most people still wouldn't find out, figure out the implications or see through blather like yours.

              Point 2 is simply silly. They do not have infinite resources. In case you haven't noticed, vulnerability seekers do not have a 100% success rate. That they exist and seek openings is not evidence that if you give them the keys to the house, they are ahead of the game. No, they do not already have keys to everybody's house.

              I don't need reasons to hate on MS, I was a very early user of PCs, using non MS products, who saw them intentionally break all of the competing products that they could, which is why I run Ubuntu.

              That, in its essence, is fascism--ownership of government by an individual, by a group, or by any other controlling private power. -- Franklin D. Roosevelt --

              by enhydra lutris on Sun Jun 16, 2013 at 08:20:59 AM PDT

              [ Parent ]

              •  I'm done (1+ / 0-)
                Recommended by:
                Johnny Nucleo

                Your comment should really be HR'ed, both for ad hominem and for advocating a CT, but since I'm engaged in a thread with you, I am forbidden from dropping the donut.

                •  Sorry, once again you fail to present a rational (0+ / 0-)

                  argument for your thesis.

                  There is absolutely no ad hom in my comment.  There is also no advocacy of CT in my comment.

                  MS for good and innocent reasons gives information as to certain flaws to large customers, including  US govt agencies in advance of giving it to the hoi polloi - you admit this.

                  According to you, however, our government spooks, the NSA, CIA, FBI, DEA and all others of that ilk, would never, ever even consider exploiting any exploitable flaws so received because blather, blather, blather.

                  I disagree with the theory that some morals or magik keeps the spooks in line, that is not CT, because there is not one logical reason nor any evidence to support the assertion that they are above that sort of thing.

                  It would not be CT even if there were some support for your theory, because I advance no assertion of the existence of a conspiracy. That is a pre-requesite for a conspiracy theory.

                  That, in its essence, is fascism--ownership of government by an individual, by a group, or by any other controlling private power. -- Franklin D. Roosevelt --

                  by enhydra lutris on Sun Jun 16, 2013 at 02:21:36 PM PDT

                  [ Parent ]

          •  HR for CT. (0+ / 0-)

            You have to have some evidence to

            support
            it.  

            "Anyone can support me when they think I'm right. What I want is someone that will support me when I am wrong." Sir John A. MacDonald

            by Johnny Nucleo on Sun Jun 16, 2013 at 01:20:03 PM PDT

            [ Parent ]

            •  Bullshit, bogus HR. You cannot HR stuff (0+ / 0-)

              just because you dislike it.

              Look up the word conspiracy, I allege none to exist and hence indulge in no CT.

              That, in its essence, is fascism--ownership of government by an individual, by a group, or by any other controlling private power. -- Franklin D. Roosevelt --

              by enhydra lutris on Sun Jun 16, 2013 at 02:55:30 PM PDT

              [ Parent ]

              •  Do you think foul language helps your case? (0+ / 0-)

                "Anyone can support me when they think I'm right. What I want is someone that will support me when I am wrong." Sir John A. MacDonald

                by Johnny Nucleo on Mon Jun 17, 2013 at 03:35:10 AM PDT

                [ Parent ]

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site