EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

12.10.13

FreeBSD Lost Trust in Hardware Makers, Alleging NSA Tampering

Posted in BSD, UNIX at 3:11 pm by Dr. Roy Schestowitz

FreeBSD

Summary: FreeBSD believes that the NSA tampered with hardware-level random number generators

LINUX may have been made vulnerable by the NSA et al. [1, 2, 3, 4]. There are a lot of speculations and even active discussions about random number generation in Linux, especially as implemented in hardware (e.g. by Intel). Without sufficiently high entropy in random number generators, not only would Linux as a kernel be vulnerable; SSL and SSH too would suffer.

Some of these issues we have covered here before, noting that Red Hat works a little too closely with the NSA. Right now we are quite fascinated by the news [1,2] that FreeBSD won’t use Intel’s and Via’s hardware random number generators. Why? NSA.

In other news about FreeBSD, version 10 is approaching [3,4] after 20 years of development and it should have better graphics support [5]. Marking yet more milestones, the operating system “Is Getting Into The Magazine Business” [6], it runs in the record-breaking [7] PS4 (in some sense [8]). and it should be released some time this month [9]. FreeBSD is not the only BSD game in town (DragonFlyBSD gets some attention [10,11]), but it it the leading among the BSDs, so its voice when it comes to privacy and security issues sure counts.

Related/contextual items from the news:

  1. FreeBSD won’t use Intel & Via’s hardware random number generators, believes NSA has compromised them
  2. “We cannot trust” Intel and Via’s chip-based crypto, FreeBSD developers say

    Developers of the FreeBSD operating system will no longer allow users to trust processors manufactured by Intel and Via Technologies as the sole source of random numbers needed to generate cryptographic keys that can’t easily be cracked by government spies and other adversaries.

    The change, which will be effective in the upcoming FreeBSD version 10.0, comes three months after secret documents leaked by former National Security Agency (NSA) subcontractor Edward Snowden said the US spy agency was able to decode vast swaths of the Internet’s encrypted traffic. Among other ways, The New York Times, Pro Publica, and The Guardian reported in September, the NSA and its British counterpart defeat encryption technologies by working with chipmakers to insert backdoors, or cryptographic weaknesses, in their products.

  3. FreeBSD 10.0 Beta 4 Has Surfaced

    The final beta build ahead of the long-awaited and delayed FreeBSD 10.0 has now been made available.

  4. It Doesn’t Look Like FreeBSD 10 Will Ship This Year
  5. A Roadmap For FreeBSD Graphics Support

    The latest FreeBSD code (for 10.0) supports not only Intel KMS but also the open-source AMD Radeon driver ported from the Linux kernel. This Intel/Radeon KMS support has since trickled into DragonFlyBSD and other BSD platforms. However, not all is up to par when it comes to graphics support on FreeBSD. Here’a a road-map and test matrix with some other items still on the BSD developers’ agenda.

  6. FreeBSD Is Getting Into The Magazine Business
  7. Record Breaking Launch For PS4

    Sony’s PS4 has well and truly landed, becoming the fastest selling video game console in UK history. It overturns the 8 year record held by the original PSP and eclipses the launch week sales of both PS3 and Xbox One.

  8. It’s Official, Playstation 4 Runs FreeBSD Kernel

    Sony has just launched its PlayStation 4 console, and it seems that the rumors about being based on FreeBSD are actually true.

  9. FreeBSD 10.0 Is Still Running Behind Schedule

    There were plans originally to ship FreeBSD 10.0 as stable in November, but that isn’t going to happen. It’s not even clear if FreeBSD 10.0-RELEASE will be ready to ship before the end of the calendar year, but at least progress is being made and when the release does happen there’s a great number of new features.

  10. HAMMER2 File-System Gets Stabilization Improvements

    HAMMER2 file-system improvements have landed hot on the heels of the exciting DragonFlyBSD 3.6 release.

  11. DragonFlyBSD 3.6 Does Intel/AMD KMS, DPorts, Better SMP
Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Links 2/6/2015: Black Lab Linux Releases, Krita Fundraiser

    Links for the day



  2. IRC Proceedings: May 17th - May 30th, 2015

    Many IRC logs



  3. Sharp Drop in Microsoft Patents, But Not in Patent Assaults, Coordinated Attacks on Android/Linux, and Googlebombing

    Using patent blackmail (antithetical to the original goal of patents) and other forms of blackmail, Microsoft is desperately trying to crush GNU/Linux and Android, all while Windows 'sales' fall and investors lose confidence



  4. EPO Reluctantly (and Privately) Confirms Giving Public Money for Military-connected 'Control Risks' to Spy on Journalists and Their Sources While Techrights is Under Fresh DDOS Attacks

    The EPO President -- or anyone who is referred to as 'appointing authority' -- finds himself even deeper in a scandal as he silently attacks the very same people whom he pretends to negotiate with by contracting spies from London (to maliciously target British journalists)



  5. Links 1/6/2015: wattOS R9, Tanglu 3

    Links for the day



  6. Supreme Failure: With SCOTUS Approval of Patent Trolls and a Push by Justice Department to Reinforce Copyright on APIs (at SCOTUS Level) the Future Looks Gloomy

    The patent system goes wild in terms of scope, the nature of the plaintiff (merely purchasing patents), and the extension of patents to monopolies on named APIs (by virtue of deranged interpretation of copyright law)



  7. McAfee Associates Free Software and Anonymity With Crime

    Insecurity firm McAfee, whose record on Free software is appalling (it is Windows-centric for its business), continues years of tradition by slinging mud at Tor



  8. The EPO Still Wastes Public Money on Publicity Stunts and 'Reputation Management' Campaigns

    The European Patent Office (EPO) is misusing public funds to manufacture self-congratulatory publicity for itself whilst attacking those who write negative commentary



  9. The Lessons of Stuxnet: Never Use Microsoft Windows

    Windows is sufficiently 'NSA-compatible' for remote compromise and physical damage (sabotage) to highly sensitive, high-risk equipment



  10. Links 30/5/2015: Wine 1.7.44, Berry Linux 1.20

    Links for the day



  11. White House Intervention Harms Android and Every Software Developer on the Planet

    US Solicitor General Donald Verrilli urges the Supreme Court (SCOTUS) to let APIs be covered by copyrights, rendering almost every program a potential copyright violation



  12. Microsoft Lobbying in India Shoots Down or At Least Weakens Free/Libre Software Policy

    Microsoft's covert efforts (lobbying with the help of public partners like NASSCOM) to eliminate an India-leaning software policy in India is finally paying off



  13. Propaganda Mode for UPC Agreement Whilst EPO Increasingly Grants Patents on Software

    In order to make the Unitary Patent a reality (towards a 'no place to hide' patent approach) misleading claims are being made



  14. Patents Are Not Source Code

    Ford is once again misleading regarding Open Source, mischievously associating a patent pledge with Open Source



  15. Links 29/5/2015: ALT Linux 7.0.5, Google I/O 2015

    Links for the day



  16. Links 28/5/2015: SourceForge Hijack, RIP Marco Pesenti Gritti

    Links for the day



  17. Censorship on Reddit Has Gotten (Condé) Nasty and Silent, Even Actively Silenced

    Condé Nast has turned Reddit into a platform of censorship after the acquisition



  18. The Supreme Court of the United States Helps Patent Trolls

    In an unforeseen kind of ruling, the same court which slapped down a lot of software patents last year is now legitimising the actions of a patent troll



  19. Patent Lawyers Fight Hard for the Future of Software Patents

    Media that is dominated by patent lawyers and targets an audience of patent lawyers refuses to accept the post-Alice reality



  20. Fortune Glorifies Patent Troll Jay Walker (Patent Utility)

    Jay Walker, a patent troll, creates a Web-based trolling/'licensing' service and the corporate media helps him



  21. Stealing Android's Thunder, Making It All About Apple and Microsoft During Google I/O

    Misleading articles and conjoined media/analyst attacks on Android coincide with Google's event where major Android announcements are being made



  22. British Government May be a Step Closer to GNU/Linux (on the Desktops, Not Just Servers)

    The British government stops paying the criminal company that blackmails its members, thereby increasing the possibility of complete escape from proprietary software



  23. Microsoft's Patent Allies LG and Sony Agree to Put Microsoft Inside Android

    LG and Sony (of Rockstar Consortium) follow Samsung and Dell in Microsoft's campaign to turn Android into 'Microsoft Android' using patents-induced pressure/leverage



  24. Yet Another Major Security Deficiency in UEFI

    UEFI is inherently insecure, more so than the alternatives which it strives to replace, including Free/libre ones



  25. Links 27/5/2015: Fedora 22 is Out, Mandriva Liquidated

    Links for the day



  26. Patent Scope at the EPO is Totally Out of Control, UPC Will Make Things Worse

    A look at the practical issues with the EPO, where patent scope and litigation scope have been vastly extended so as to benefit multinational corporations and possibly patent trolls



  27. Links 26/5/2015: Reviews of Kubuntu 15.04, Linux 4.1 RC5

    Links for the day



  28. Süddeutsche Zeitung Says Talking Helps While EPO Management Back-stabs Other Side of the Table

    German media gives the impression that there is peace and harmony now that Benoît Battistelli and his circle of power speaks to staff, but nothing is said about simultaneous (albeit covert) attacks against that staff



  29. Large Corporations Call the Shots in US Patent Reform

    A reminder of where we stand on the issue of patent 'reform' in the US and who is controlling or shaping it



  30. Microsoft Puts Proprietary Windows and Hyper-V Inside the Free Software-Centric OpenStack

    OpenStack, which celebrates rapid growth in this month's event in Canada, is facing a proprietarisation threat from Microsoft


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts