Hacker News new | past | comments | ask | show | jobs | submit login

I doubt the NSA needs or desires a backdoor in Windows. If they were going to put that kind of pressure on Microsoft, they'd demand access to source code or perhaps a backdoor in its TLS implementation. These investments would pay off much better. I think you also vastly underestimate how much effort it would take. I sincerely doubt Microsoft would comply with a smile, and even after they won the (secret) court case keeping the operation under wraps would be even more laborious. Snowden is proof that people who sign contracts are still capable of disclosing secrets.

It is worth it for the NSA to backdoor crypto because, if the implementation is solid and the keys can't be stolen, then no matter how many resources they pour into cracking it the math will remain inflexible.

There is no computer in the world with that kind of security. If it is smartly configured, they'll use 0day. If its airgapped, they'll compromise a sysadmin's computer and wait for them to connect to it (think Stuxnet.) If that isn't feasible, they'll walk into the data center and put malicious hardware into a PCI slot.

If we persist in thinking of the NSA as a boogeyman logging every packet and backdooring every OS, rather than discussing their real capabilities and motivations - what they are, what they should be - we will become paralyzed to act against them, they will continue to operate without meaningful oversight, and our rights to privacy and to secure software will languish.




I don't doubt the NSA has Windows source code; many companies already do have it (as well as a small number of individuals actually). It's not unusual to have access to the Windows source code TBH.

Saying that the NSA backdoored windows is not a boogeyman type claim; it's exactly within their real capabilities and seems like a very plausible path for them to have taken.

Nor does it mean we can't fight against it. We can use OpenBSD and have a higher confidence that it's not backdoored.

The first step to reeling in the unchecked power of the NSA is not to claim that they would not have done such a simple thing but to realize exactly how atrocious the scope of their acts are - not to become paralyzed with fear, but to incite change.


>We can use OpenBSD and have a higher confidence that it's not backdoored.

Why? As a non-technical user, from my POV I'm simply trading my trust that NSA hasn't backdoored MS with trusting that your, or De Raadt's authority is meaningful. I can't review the source code I'm running (without a prohibitively large time investment), and as we saw with Heartbleed, the "many eyes" theory is flawed as well.

As an individual, non-technical user I have no reason to be anymore confident in OpenBSD than in Windows. At some point you have to rely on a chain of trust (or develop the silicon yourself) and I view the "NSA paid/forced MS" boogeyman just as likely as the "NSA paid/forced OpenSSL" to merge heartbleed. Am I to believe that the NSA gagged with thousand or so developers who work on windows, or just the 10 who manage OpenSSL?

The parent post has a very important point, and the history better aligns with what he/she said. The NSA didn't coerce Google into giving up user data - they simply took advantage of the fact that their inter-DC traffic was unencrypted and use their resources to attack that fact. It didn't take a secret court nor did it take a gag order. They experienced an attack that could have been done by anyone dedicated enough - government or blackhat - and its likely that keeping your software secure against such attacks is very effective at protecting user privacy.


>as we saw with Heartbleed, the "many eyes" theory is flawed as well.

I don't think Heartbleed counts as some sort of evidence against the "many eyes" paradigm. There are so many better bugs for that, as Heartbleed is really low hanging fruit. OpenSSL is a total nightmare. I've posted elsewhere about this at length - but in short OpenSSL is really an example of what a good program _shouldn't_ do. How a good program _shouldn't_ be written. There is a list of sins a mile long on http://opensslrampage.org/.

The truth is that there is no guarantee that Windows, Linux, or BSD are not backdoored by the NSA, GCHQ, or FSB. There's no guarantee you didn't get owned and Chuck Blackhat installed a backdoor on your computer. The real reason to use OpenBSD is because it's had less remote exploits in the past 15 years than Windows has had in the past year. The real reason to use Linux and BSD is because that software respects your freedom. If you don't care about things like software freedom or if you feel the security of Windows is "good enough" for what you're doing then of course you don't care about Linux and BSD.


They also coerced Google as a part of PRISM. The NSA likes redundancy.


Your argument makes no sense.

> I have no reason to be anymore confident in OpenBSD than in Windows

Past statistics show that OpenBSD is safer. It's had far fewer security issues and has a much cleaner codebase. If you don't place faith in past statistics then you're willfully ignoring the best means of predicting future behavior.

In addition, OpenBSD has far fewer lines of code, and the most reliable correlation with security holes is lines of code. Simply by having fewer LoC, OpenBSD is already statistically less likely to contain a security hole.

> chain of trust

Yeah, with microsoft your chain of trust is microsoft employees and the word of other people reverse engineering the code (e.g. the people who said the _NSAKEY thing was legit after reverse engineering a small portion of the code).

With OpenBSD your chain of trust includes me, the developers, and other eyes that have looked at the code. The "many eyes" theory is not flawed. It never stated that having many eyes eliminates all bugs, merely that it's better to have more eyes than fewer eyes and increases the chance a bug is noticed. There's no sane way to argue against that statement unless you turn it into a ridiculous strawman of "many eyes means heartbleed couldn't have happened QED".

> Am I to believe that the NSA gagged with thousand or so developers who work on windows, or just the 10 who manage OpenSSL

It's much easier to believe that the NSA could gag one or two of a thousand developers than one or two of 10. Believe me, you don't have to get all MS employees to futz windows security. Just getting one at random already gives you a decent probability of getting a kernel level exploit, and selecting five or so specific employees can get you a hell of a lot more.

> the "NSA paid/forced MS" boogeyman

Evidence in this post-Snowden era indicates the NSA has worked to backdoor commercial software. It's also quite possible heartbleed was an NSA inspired hole, though I don't think that would be a productive discussion to have.

If you read leaked NSA slides and look at what they have done (such as the Verizon MITM closet) then backdooring operating systems is not a bogeyman, it's quite reasonable. You cite that they have intercepted data without the consent of the parties involved, but that ignores the fact that they also coerce parties as well; just because they have used the tactic you mention does not mean it's the only tactic they use.

If you're going to argue that BSD is no more secure than Windows and the NSA is not in fact using gag-orders and subverting software you'll need a heck of a better argument.


I guess what I meant was, "We now have a huge amount of evidence about what they really are doing, lets talk about that and where the line should be drawn; speculating gets us nowhere."


I agree we're not doing enough with the information we do have to curb this, but speculation also has value. Speculating is a way to explore what the line might be and also could bring attention to an unknown infringement since the NSA surely isn't telling us everything yet.


"A backdoor in Windows' TLS implementation" absolutely falls under the definition of "A backdoor in Windows".


Fair enough.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: