Without source code of all levels/layers of the software trust just cannot be established
Summary: Proprietary software can never be secure and back doors inside of it can be assumed (unless proven otherwise), based on some of the latest NSA leaks
THE NSA is a criminal operation, so we expect it to work with other criminal operations. Microsoft and the NSA collude to make the world a less secure place, enabling espionage with Windows (Stuxnet for example) and providing video/audio surveillance in people's own homes without any warrants. Microsoft is about lawlessness is the same way the NSA is. The law of "rule" supersedes the rule of law.
Some say that the Windows-centric Stuxnet
is the "world's first true cyber-weapon", but that is not true. History aside, to put it as IDG put it: "Stuxnet's creators recognized they had built the world's first true cyber-weapon and were more interested in pushing the envelope of this new type of digital warfare than causing large-scale destruction within targeted Iranian nuclear facilities, a study shows.
"In an analysis released last week, Ralph Langner, head of The Langner Group and a renowned expert in industrial control systems (ICS), also refuted arguments that only a nation-state had the resources to launch a Stuxnet-like attack. Assailants with less ambition could take the lessons learned and apply them to civilian critical infrastructure, he said."
This was an example of overreach and violation of the law, enabled of course by Microsoft and Windows. GNU/Linux does not sell its users down the river the way Windows does.
Sadly, firms like White Source make a comeback with
their FUD and they
single out FOSS for security issues (here is the
press release). This is not acceptable because they totally ignore the much bigger threats, as above (where security issues are there
by design).
The White House is at war against FOSS geeks and other phantom enemies [1,2], where the logic is something along the lines of, if we don't control it (we as in the government), then it's a threat to national security. While it seems clear that a brute force attack is the Achilles Heel of FOSS [3,4,5] and Google keeps improving security of FOSS projects like Android [6,7,8,9.10] and others [11,12], the logic followed by the likes of White Source and White House is that if something proprietary keeps its flaws (or back doors) secret, then it's secure and we should not pay attention to
real security. Again, this is simply not acceptable.
The head of the Linux Foundation recently said that FOSS is safer, and Linux is more secure than any other OS [13]. Mikko Hypponen seems to agree with him [14] and despite some new known flaws in Red Hat software [15,16] (transparency makes weaknesses visible) we should remember that lack of knowledge about something does not mean it's not there. Just because we cannot easily see back doors in proprietary software doesn't mean they're not there (some groups of people know they're there and they exploit them silently). If Europe is serious about cyber security [17], then it should dump all proprietary software (back doors-friendly software) as soon as possible. Given everything we now know about the NSA, ignorance and uncertainty are no longer an excuse. A Dutch source has just revealed that the NSA cracked 50,000 computer networks. The evidence is overwhelming. Stuxnet is peanuts next to that.
⬆
Related/contextual items from the news:
-
Depending on when one asked, Antisec was generally between 8-10 people, with a solid core of about six. Not all of them were comfortable with talking to me, and certain ones were designated to communicate with press. I was never entirely sure who was in or out at any particular timeââ¬Å —ââ¬Å it was a fluid group. I never knew all the nicks. I talked repeatedly with five of them, including Sabu.
-
This article argues that online gambling is a strategic national threat because terrorists could use it to launder money.
-
GitHub is experiencing an increase in user account hijackings that's being fueled by a rash of automated login attempts from as many as 40,000 unique Internet addresses.
-
Google has extended its Patch Reward Program to include a raft of new platforms and technologies including its own Android system as it looks to improve the securiry of open source software.
The firm announced an overhaul to its security patch policies last month, offering white hats up to $3,133 for fixes.
-
Step up to 2048-bit keys optimizes balance between protection of company services and maintaining performance
-
Pinkie Pie returned in 2013 for the desktop Pwn2Own event operated by Hewlett-Packard's Zero Day Initiative (ZDI), taking aim once again at Google. This time, it was Google's Chrome browser running on Chrome OS. Pinkie Pie's effort landed him another $40,000 in award money for the discovery and reporting of what turned out to be a trio of flaws, including one buried deep within the Linux kernel. Chrome OS is a Linux-based operating system that Google uses on its Chromebook notebooks.
But wait. There is still more.
Just this week in Japan at HP's Mobile Pwn2Own event, the legend of Pinkie Pie grew as the My Little Pony-loving security researcher once again demonstrated previously unknown zero-day flaws in Google's Chrome. Pinkie Pie was able to pwn Chrome on both a Nexus 4 as well as a Samsung Galaxy S 4 smartphone. This time, Pinkie Pie pocketed $50,000 for his efforts.
-
Open source software can be one answer to combating the global surveillance of innocent citizens, said security expert Mikko Hypponen in his keynote last week at LinuxCon and CloudOpen Europe in Edinburgh.
-
Attackers are actively exploiting a known vulnerability to compromise JBoss Java EE application servers that expose the HTTP Invoker service to the Internet in an insecure manner.
-
The European Cyber Security Directive, which proposes that European businesses have a legal obligation to ensure they have suitable IT security mechanisms in place, is soon to be enforced in the UK.
