Announcement

**Wojcian** · 20 June 2019, 04:14 AM

This terrorists spy agency should be kept far away from Open Source and hardware.

**Kohrias** · 20 June 2019, 04:25 AM

How could anyone accept "contributions" from NSA at this point? That's ridiculous to be honest.

**OneTimeShot** · 20 June 2019, 04:31 AM

Lol at the people who think that the NSA would introduce back doors using an @nsa email account.

**DanL** · 20 June 2019, 05:02 AM

Originally posted by k1e0x View Post

Loose face??

Originally posted by horizonbrave

I think there's no need for the NSA to loose face

Lose face

**Smurphy** · 20 June 2019, 05:39 AM

Originally posted by DoMiNeLa10 View Post

Is anyone besides me paranoid that NSA is getting lazy and they will slip in "unintentional" bugs into the project?

Yes. I don't trust them at all. Can't believe a second that there is not something else behind it.

**Guest** · 20 June 2019, 06:00 AM

Originally posted by AndyChow View Post

Given that companies like Google use coreboot, not so much. The NSA has a lot of very good experts in security, it makes sense that they contribute to a project like this.

Allowing a general vulnerability would render their own systems unsafe. Obviously an audit is always preferable. The NSA is also responsible for SELinux, which no one has found any malicious "bugs" so far.

Finally, the NSA would completely lose face if such a thing was found. If they really were interested in putting "bugs" in a project, they would do so through a false identity, they wouldn't sign their name on it. Information warfare experts aren't that sloppy.

My point was that they would be likely adding bugs for a while, and this is just them taking their gloves off.

**Guest** · 20 June 2019, 06:05 AM

Originally posted by tildearrow View Post

More like Intel is swiss cheese. AMD has less vulnerabilities.

The complexity of the architecture itself is a source of vulnerabilities. The memory sinkhole vulnerability, while Intel-only, shows how bad things can get when you work with so many legacy features layered one on top of another. I wouldn't be surprised if there are plenty of similar attacks that can be pulled off on different kinds of x86 chips.

**Guest** · 20 June 2019, 06:13 AM

Originally posted by bachchain View Post

You're more than welcome to audit every pr they submit

Hiding subtle bugs that provide a backdoor is an art, and it would be pretty much impossible to reliably catch these. I assume you could end up with such bugs in the code base for over a decade before someone notices them.

**xception** · 20 June 2019, 06:18 AM

Originally posted by DoMiNeLa10 View Post

Hiding subtle bugs that provide a backdoor is an art, and it would be pretty much impossible to reliably catch these. I assume you could end up with such bugs in the code base for over a decade before someone notices them.

Totally agree, letting known spy agencies write security code is the worst idea ever. While they should know what's easy to break they also know how to hide things that break security extremely well and they are much more likely to use their knowledge for bad than good.

This is a disaster.

**k1e0x** · 20 June 2019, 12:28 PM

Originally posted by DanL View Post

Lose face

They can't, it's gone. They have no face. Not sure they ever did.

Announcement

The NSA Is Looking To Contribute To A New x86 Security Feature To Coreboot

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment