Tweet
Maybe all this goodwill from them is because they want to diminish the hemorrhage of industrial espionage, like in the case of Lockheed's F-35 files that the Chinese got their hands on.
-
-
Given that companies like Google use coreboot, not so much. The NSA has a lot of very good experts in security, it makes sense that they contribute to a project like this.Originally posted by DoMiNeLa10 View Post
Allowing a general vulnerability would render their own systems unsafe. Obviously an audit is always preferable. The NSA is also responsible for SELinux, which no one has found any malicious "bugs" so far.
Finally, the NSA would completely lose face if such a thing was found. If they really were interested in putting "bugs" in a project, they would do so through a false identity, they wouldn't sign their name on it. Information warfare experts aren't that sloppy.Comment
-
Someone mentioned "kleptography", and click after click brought me to this:
"20 December 2013 Reuters reports on the existence of a $10 million deal between RSA and NSA to set Dual_EC_DRBG as the default CSPRNG in BSAFE."
Comment
-
Loose face?? *What* face value? Where have you been living for the past 20 years? They have shown over and over and over they do not care at all for your basic human privacy rights. At all.Originally posted by AndyChow View Post
The NSA does not work to improve the security of computer software. Their job is to collect, analyze and exploit.
Reject all their code you'll be much better off.Last edited by k1e0x; 19 June 2019, 08:05 PM.Comment
-
Precisely what I though..Originally posted by DoMiNeLa10 View Post
An Open Bios without back-doors...I think they will ensure the same access they have in proprietary ones..
This for me, brakes the confidence we had in CoreBoot, and derails the Project Objective completely..Comment
-
Makes me lol when people assume malice from an agency that knows security better than anyone, while happily logged into google, facebook, amazon, etc. Lets be real about who the information thieves really are.Comment
-
Google/Facebook/Amazon wants unfettered access to all data that you sign away for in their EULAs.Originally posted by torsionbar28 View Post
NSA wants unfettered access to all data, in particular the data you did not sign the rights away for through EULAs.
The dual mandate of the NSA makes them an organization schizophrenic in nature that cannot blindly be trusted for security advice.Last edited by FrankL; 19 June 2019, 11:14 PM.Comment
-
isn't there a micro kernel and little OS inside every CPU? (forgot if only Intel or also AMD).
I think there's no need for the NSA to loose face or develop exploitable bugs (at least not under their name)
They have a way easier way to screw your privacy!Comment
-
They should be forbidden to add any code, it doesn't matter that it's open source, they could still hide backdoors in plain sight that could be discovered only after years and at that time they will say it was just a bug and unintentional.Comment
-
I'm also very sceptical about anything from NSA - i really hope the coreboot-guys give those PRs a very thorough inspection before merging...and even then, there still might be hidden backdoors :/Comment
Comment