a.x61.sh

NSA Asked Linus Torvalds To Install Backdoors Into GNU/Linux [2013] (falkvinge.net)
from awiteb@lemmy.4rs.nl to privacy@lemmy.ml on 15 Aug 2024 21:08
https://lemmy.4rs.nl/post/2520

repost from: falkvinge.net/…/nsa-asked-linus-torvalds-to-insta…

#privacy

threaded - newest

GolfNovemberUniform@lemmy.ml on 15 Aug 2024 21:18 next collapse

But nobody’s going to give them any sentence for that unfortunately.

awiteb@lemmy.4rs.nl on 15 Aug 2024 21:23 next collapse

I wouldn’t be surprised if I knew that the backdoors that appear in Windows were designed by someone. I didn’t know they were this brazen.

sunzu2@thebrainbin.org on 15 Aug 2024 21:25 next collapse

chips too

Kyrgizion@lemmy.world on 15 Aug 2024 22:07 next collapse

Yeah, when the actual mobo and cpu can be taken over remotely, what does the OS even matter?

LEVI@feddit.org on 15 Aug 2024 22:35 collapse

Examples ?

sunzu2@thebrainbin.org on 15 Aug 2024 22:37 collapse

exploits regularly found in AMD and intel consumer chips

didn't apple chips get spotted with a vulnerability also? m2s?

LEVI@feddit.org on 16 Aug 2024 00:00 collapse

That’s not a hard proof, people keep saying Intel ME and AMD PSP are potential backdoors ( key word: potential ) and this argument is good if we’re arguing about: which is the best ISA, an Open ISA ( RiscV ) or closed ISA ( x86 )

I was asking for a general example, I know that Mediatek chips included a backdoor but I only found one article that talked about it … In french…

Mobos : I think it’s MSI ( I could be wrong ) that installed a piece of software through a Bios update, which showed they have privileged remote access capabilities ( I couldn’t find that source, sorry )

Another example would be ASUS and Gigabyte Mobos, now the initial source says it came from the second hand resellers, but no one confirmed that… which is scary… because that would mean it came straight from ASUS and/or Gigabyte

I was asking for incidents that you came across that could demonstrate the presence of firmware backdoors, saying having too many bugs is not a good argument, because all software has bugs.

FreudianCafe@lemmy.ml on 15 Aug 2024 21:56 collapse

I didn’t know they were this brazen.

Oh boy i remember when i was this innocent

awiteb@lemmy.4rs.nl on 15 Aug 2024 22:04 collapse

I’m not innocent, but this is unbelievable, that they would ask the main developer to plant a virus in it!! This is really rude

sunzu2@thebrainbin.org on 15 Aug 2024 22:11 next collapse

He is lucky he is no a US national... that convo could have gone down differently. People telling US spooks no, don't live long.

chicken@lemmy.dbzer0.com on 16 Aug 2024 01:08 collapse

tbf the article only assumes he told them no because of how implausible it seems the task would be, the actual details of what if anything was discussed and what happened are unknown.

sub_ubi@lemmy.ml on 15 Aug 2024 22:13 collapse

of all the things the nsa has done this is probably the nicest

einkorn@feddit.org on 15 Aug 2024 21:31 collapse

For what? Destabilizing the whole technological ecosystem of the planet is not a crime. ¯\(ツ)/¯

mox@lemmy.sdf.org on 15 Aug 2024 21:21 next collapse

Here’s where Linus did/said the thing. (He is the second person from the right.)

www.youtube.com/watch?v=7gRsgkdfYJ8

Icalasari@fedia.io on 15 Aug 2024 21:34 next collapse

I somehow misread that as NBA, and was very confused what basketball had to do with OS backdoors

NSA makes

WAY more sense

[deleted] on 15 Aug 2024 21:40 next collapse

chottomatte@lemdro.id on 15 Aug 2024 21:45 next collapse

I read it NASA at first

Steamymoomilk@sh.itjust.works on 16 Aug 2024 00:49 next collapse

Michel jordan want to look at your browser history :D

cmbabul@lemmy.world on 16 Aug 2024 00:52 next collapse

Nope this has Kareem written all over it

WhiskyTangoFoxtrot@lemmy.world on 16 Aug 2024 06:57 collapse

Roger Murdock?

WhiskyTangoFoxtrot@lemmy.world on 16 Aug 2024 06:56 collapse

No, that’s Mark McGwire.

lockhart@lemmy.ml on 16 Aug 2024 01:45 next collapse

they wanted to cut to the basket behind the defense

IllNess@infosec.pub on 16 Aug 2024 01:46 collapse

A OS backdoor is very simular to a backdoor cut, which allows a player to sneak behind defenders when they are focused on the ball or player with a ball.

NBA coaches have taken inspiration from many different places to perfect their plays. Computer security is just another step.

hemko@lemmy.dbzer0.com on 15 Aug 2024 22:08 next collapse

The story does not tell us how Linus Torvalds responded to the NSA, but I’m guessing he told them he wouldn’t be able to inject backdoors even if he wanted to, since the source code is open, and all changes to it are reviewed by many independent people.

Yeah I’m guessing the answer would be more colorful based on the historical data we have

reisub@discuss.tchncs.de on 15 Aug 2024 22:41 next collapse

based on the historical data

github.com/corollari/linusrants

bitfucker@programming.dev on 16 Aug 2024 00:41 next collapse

There aren’t enough swear-words in the English language, so now I’ll have to call you perkeleen vittupää just to express my disgust and frustration with this crap.

Beautiful

zbyte64@awful.systems on 16 Aug 2024 07:07 collapse

It’s like our very own Gordon Ramsay

UniversalMonk@lemmy.world on 26 Aug 23:16 collapse

github.com/corollari/linusrants

This is beautiful. Thank you! lol

floofloof@lemmy.ca on 16 Aug 2024 04:05 next collapse

Also experience shows that it’s possible to backdoor software in very subtle ways that could go years without anyone spotting them. So if he had decided to he probably could have done it, despite Linux being open source.

Sylvartas@lemmy.world on 16 Aug 2024 13:34 next collapse

I would pay money to see daddy Linus flip off some big shot intelligence official

iAvicenna@lemmy.world on 16 Aug 2024 23:56 collapse

Oh man would die to see his reply. It would probably start with something like

“The fact that I have to explain this to a person who works in a national security agency makes me really worried…”

[deleted] on 15 Aug 2024 22:14 next collapse

Naich@lemmings.world on 15 Aug 2024 22:27 next collapse

Who pissed on your chips, Mr. Grumpy?

whodatdair@lemmy.blahaj.zone on 15 Aug 2024 22:52 collapse

You really took the time to comment and complain that you’ve already seen this? You’re… upset that your time was wasted?

Buddy. Cmon.

BmeBenji@lemm.ee on 15 Aug 2024 22:40 next collapse

This incident will be reported

ragica@lemmy.ml on 16 Aug 2024 01:27 next collapse

As long as the backdoor is licenced GPL what’s the problem?

scorp@lemmy.ml on 16 Aug 2024 01:30 next collapse

good thing he’s not an American citizen

DacoTaco@lemmy.world on 16 Aug 2024 08:10 collapse

Except he is. He lives in portland now afaik

scorp@lemmy.ml on 16 Aug 2024 14:17 collapse

it’s over

jjlinux@lemmy.ml on 16 Aug 2024 04:24 next collapse

If you want t see Mr. Torvalds questioning this in the video in the link, go straight to minute 43.

geoma@lemmy.ml on 16 Aug 2024 12:50 collapse

What Mr torvalds is that?

jjlinux@lemmy.ml on 16 Aug 2024 13:12 collapse

Dad.

Hugin@lemmy.world on 16 Aug 2024 04:31 next collapse

Years ago there was a commit to the Linux kernal that strangly had no author. This got some attention of several of the developers.

Looking into the code that had to deal with network transmission. there was a section that if you tried to get network access in a unusual way had a check that was written something like this.

If (usr_permission = ROOT) … Instead of If (usr_permission == ROOT) …

The first giving the user root if invoked and the second checking to see if the user was root.

It’s widely thought this was the NSA or some other intelligence agency trying to backdoor lin Linux.

possiblylinux127@lemmy.zip on 16 Aug 2024 05:21 next collapse

Or it could of been any person or country. It was a nothing burger and is still a nothing burger

Hugin@lemmy.world on 16 Aug 2024 13:03 next collapse

It was clearly an attack. By who is unknown.

Notably this was in 2003 before git (2005) so linux source was in a central bitkeeper repo. So a commit with no associated data about who did it should not have been possible.

Here is a more detailed article. lwn.net/Articles/57135/

desertdruid@lemmy.blahaj.zone on 16 Aug 2024 20:02 collapse

speaking in burger terms as any good american

possiblylinux127@lemmy.zip on 17 Aug 2024 00:12 collapse

Proud to be an American, at least I know I’m free.

desertdruid@lemmy.blahaj.zone on 17 Aug 2024 02:34 collapse

Free to buy all the hamburgers!

Boomkop3@reddthat.com on 16 Aug 2024 06:16 next collapse

fork the kernel and yeet it?

Hugin@lemmy.world on 16 Aug 2024 12:17 collapse

It was caught and never made it in the kernel.

Boomkop3@reddthat.com on 16 Aug 2024 12:18 collapse

Gud gud

prettybunnys@sh.itjust.works on 16 Aug 2024 13:54 collapse

The other side of that coin is the NSA developing SELinux

brianorca@lemmy.world on 16 Aug 2024 16:10 collapse

This is because NSA has two roles: eavesdropping on foreign adversaries, and protecting our internal systems from adversaries. Under the first role, they might introduce an exploit known only to themselves. Under the second, they help protect US systems from exploits known to others.

BobGnarley@lemm.ee on 16 Aug 2024 16:16 collapse

And because of this it makes whatever they fuck with have unnecessary security issues.

Also though they are using it to straight up spy on you whether foreign or not. They got in “trouble” for it once and pinky swore not to do it again.

Fuck the NSA

BeardedGingerWonder@feddit.uk on 17 Aug 2024 11:45 collapse

Now they get the Brits and Aussies to do it and give them the reports.

Tixanou@lemm.ee on 16 Aug 2024 05:28 next collapse

Ohh so it’s the NSA that my failed sudos are reported to!

fernlike3923@sh.itjust.works on 16 Aug 2024 08:36 next collapse

Switch to doas so feds don’t get any more reports!

sntx@lemm.ee on 16 Aug 2024 08:47 collapse

nah, we have run0 at home

Scrollone@feddit.it on 16 Aug 2024 14:30 collapse

Recent versions of sudo changed that message and now I’m sad 😢

amongstthetrees@lemmy.ml on 16 Aug 2024 20:40 collapse

Damn, I’m going to miss those messages one day on my Debian stable server.

cypherpunks@lemmy.ml on 16 Aug 2024 12:29 next collapse

he wouldn’t be able to inject backdoors even if he wanted to, since the source code is open

Jia Tan has entered the chat

thedeadwalking4242@lemmy.world on 17 Aug 2024 14:14 collapse

The project contains binary blobs anyway so theoretically it wouldn’t be super hard

delirious_owl@discuss.online on 16 Aug 2024 20:02 next collapse

Lol good year for the NSA

NGC2346@sh.itjust.works on 16 Aug 2024 21:51 next collapse

When was the last analysis of the linux kernel source code ?

fart_pickle@lemmy.world on 17 Aug 2024 16:02 collapse

Circa 1975, IBM proposed the cipher now called DES, the Data Encryption Standard. It became a worldwide standard for secret key encryption. As IBM originally designed it, DES had a 64-bit key. The National Security Agency (NSA) required that the key be reduced from 64 bits to 56 bits, with the other 8 bits used as a checksum. This made no sense. If a checksum were really needed, then the key could be increased from 64 to 72 bits. It was widely believed that the real reason the NSA made this demand was that it knew how to crack messages using a 56-bit key, but not messages using a 64-bit key. This proved to be true.

Secret Key Cryptography by Frank Rubin