Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New Release Of NSA SELinux

Hemos posted more than 13 years ago | from the more-secure-then-secure dept.

Linux 210

rstewart writes: "The NSA has released a new version of SELinux for public consumption. It is based on the 2.4.9 kernel and the utilities patches are known to work on Redhat 7.1. More information and the source can be found at the NSA SeLinux site." You can read the what's new for more information.

cancel ×

210 comments

Sorry! There are no comments related to the filter you selected.

firtst nuke (-1, Offtopic)

Anonymous Coward | more than 13 years ago | (#2222777)


________________
/.,------------,.\ BLHHLABLHUULHAULHULHABULHGBUHG
/// .=^^^^^^^\__|\\ GHLALHBHLABLHGGUBGLHGULHABBULH
\\\ `------. .// GHLHLHGBHLGGHUBALGHGULHGBUHGHB
`\\`--...._ `;//' ABULHULHULHULHUHULHGBGULHBALBL
`\\.-,___;.//' ABULHULHBLHBLHABULHABLHUAGULHB
`\\-..-//'
`\\//' WHEELCHAIR
""

Secure Linux? (3, Flamebait)

SpanishInquisition (127269) | more than 13 years ago | (#2222779)

What's their mascot? Penguin in Bondage?

Wouldn't a... (2)

Ron Harwood (136613) | more than 13 years ago | (#2222841)

Spying penguin (binoculars and trench coat) be more appropriate?

Re:Wouldn't a... (1)

ksb (517539) | more than 13 years ago | (#2222851)

Sun glasses, and a slightly thick sidekick too perhaps?

Re:Secure Linux? (1)

LordNimon (85072) | more than 13 years ago | (#2222854)

It's the Siamese cat from the James Bond movies.

Re:Secure Linux? (1, Funny)

Anonymous Coward | more than 13 years ago | (#2222856)

"Penguin in Bondage [science.uva.nl] " is one of Frank Zappa's cooler songs. So they'd even get a theme song along with their mascot.

Re:Secure Linux? (2)

cyberdonny (46462) | more than 13 years ago | (#2222944)

> So they'd even get a theme song along with their mascot.

Unfortunately, the RIAA would probably object to such a blatant act of thievery!

Grsecurity (4, Informative)

chrysalis (50680) | more than 13 years ago | (#2222780)

Actually, I'm very satistied with Grsecurity [getrewted.net] , a nice kernel patch to enhance the security of a linux kernel.
What would be the benefit of switching to NSA (but more complexity to admin) ?

Re:Grsecurity (1)

niekze (96793) | more than 13 years ago | (#2222832)

Hell yea. It kicks ass. The things I like the most are random Pids and client ports. I am a die-hard OpenBSD fanatic and I've actually been weighing the pros/cons of a switch. Roll out my own distro from scrath + grsecurity patch. Wonder why I havn't seen any /. press for grsecurity....If you havn't checked it out, DO IT.

oh yea, one of the coolest features hides processes of other users from each other. e.g. top or ps will only show your processes. It doesn't *completly* hide other users that are online though. like i said, go try it out.

Re:Grsecurity (3)

benedict (9959) | more than 13 years ago | (#2223037)

On FreeBSD, the process-hiding feature is available by default, all you have to do is:

# sysctl kern.ps_showallprocs=0

Re:Grsecurity (2, Informative)

Anonymous Coward | more than 13 years ago | (#2222972)

NSA's patch gives linux the permissions/ user tracking that allow linux to exist in military environments.

It doesn't actually make anything more secure.

What about debian? (4, Funny)

niekze (96793) | more than 13 years ago | (#2222781)

Can i apt-get install Carnivore?
or do i have to use their rpm? :)

Re:What about debian? (-1, Offtopic)

ascii spork (518057) | more than 13 years ago | (#2222872)


. .
. . : %%%%%%%
: %%%%%%%%%%%%%%%
` . ____%%%%%%%%%%%%%%%%%%%
` . . . ' . . .'" `.%%%...%%%%%%%%%%%%o__
: : : : :' / .:" `-.%%%%%%,-' _`.
. ` ::. ::: :' : |HH / dHb `.%%,' .-'.\\
` ::.` : : ' :: . `.P ; HHH :/ ,' . ..\:
`: : :::.: ; : : I SMOKE POT `-.__.| "HP : /:::.. .::
. ;:: : ; .----' `. ,'/#:::. .//
. ;::: ::.; : . .' `-._ _.-' /###::...//
:.:; :: :: : / """" :##:::. .//
: ; :: : ; ; /`.___,-' `.:::. .//
:. :.: .; ; / / `-._,-'
:.:. .; .; \__ .' ) \
:.:.;..:.: ____....--....._________..--' / \
.----------, _..--'" _..../ / / / /\ \
/ \_..--'"\ _.-' \_/\_/|_/ ,-' \ \
L \ _.-' `-.___,-'"" \/\
\ \_..-'" '`` (__`--._
`, _..-'" \`-.
`-.______..--'" /

Re:What about debian? (0)

Anonymous Coward | more than 13 years ago | (#2223125)

Carnivore = FBI

Protecting National Security against foreign threats = NSA

You=Idiot

FP (-1, Offtopic)

Anonymous Coward | more than 13 years ago | (#2222783)

Fervent is my bitch!

first Alyson Hannigan post (-1, Offtopic)

Anonymous Coward | more than 13 years ago | (#2222787)

Alyson Hanigan

Alyson Hanigan IS HOT!

Re:first Alyson Hannigan post (-1, Offtopic)

Anonymous Coward | more than 13 years ago | (#2222830)

and this one time, in bandcamp....

Re:first Alyson Hannigan post (-1, Offtopic)

Anonymous Coward | more than 13 years ago | (#2222901)

Alyson Hanigan NAKED AND PETRIFIED

Bonus feature: 100% DMCA compliant (2, Interesting)

swagr (244747) | more than 13 years ago | (#2222792)

3 years without cdparanoia working in the default install.

These 'Security Enhanced' versions are everywhere (1)

Filter (6719) | more than 13 years ago | (#2222799)

Didn't HP just release there SE Linux the other day?
I just got back from the book store to pick up 'Linux Journal' and it was funny how 'Linux Magazine' and LJ have almost identical Security Special Editions.

Re:These 'Security Enhanced' versions are everywhe (2)

Rimbo (139781) | more than 13 years ago | (#2222885)

"I just got back from the book store to pick up 'Linux Journal' and it was funny how 'Linux Magazine' and LJ have almost identical Security Special Editions."

Those are two different magazines?

Re: Those are two different magazines? (1)

Filter (6719) | more than 13 years ago | (#2222908)

Well...I only bought one.

Re:These 'Security Enhanced' versions are everywhe (1, Interesting)

Anonymous Coward | more than 13 years ago | (#2223005)

HP's secure linux and other projects like that harden the box against breakins. This is COMLETELY diffrent from what the NSA is doing.

The NSA addons allows linux to use a diffrent permissions mechamism and to track the information needed to exist in military installations.

Finally we can get NSA/Linux (2, Funny)

zulux (112259) | more than 13 years ago | (#2222802)

I was getting tired of NSA/Windows for all my backdoor crypto needs.



Search google for NSAKey if you don't know what I'm yammering about

Google sez... (0)

Anonymous Coward | more than 13 years ago | (#2223119)


Search google for NSAKey if you don't know what I'm yammering about...


Right, and the first article that comes up when you do that is this one:

http://www.counterpane.com/crypto-gram-9909.html #N SAKeyinMicrosoftCryptoAPI

...which basically says that any conspiracy theory about the so-called "NSAkey" is bunk.

But believe whatever you like, dude. (not that you needed me to tell you that)

Linux mainstream? (1)

Mr. Sketch (111112) | more than 13 years ago | (#2222805)

Linux was chosen as the platform for this work because its growing success and open development environment provided an opportunity to demonstrate that this functionality can be successful in a mainstream operating system

Is Linux really a mainstream OS yet? I know it is for servers, but definately not for desktops. I couldn't quite tell where they were going with it, if it was geared more towards servers or desktops, since both need decent security. Could someone shed some light on this?

Re:Linux mainstream? (2)

baptiste (256004) | more than 13 years ago | (#2222865)

I'm guessing both - the gov't is talking about some serious deployment of Linux on teh desktop and in sensitive areas, I'd epxect they'd use a distro blessed by teh gov't security folks (ie NSA LInux)

Re:Linux mainstream? Consider the options... (1)

wumingzi (67100) | more than 13 years ago | (#2222875)

Well...

Linux is not as ubiquitous as Windows (which I doubt can be considered "trusted" in the security sense due to how it handles memory protection and device access).

However, if you look at the other operating systems which are considered B2 or B1 secure [boran.com] Linux is mainstream compared to those.

j.

Re:Linux mainstream? (1)

moored2 (456923) | more than 13 years ago | (#2222887)

I think linux make a fine desktop in a secure environment. I guess it would depend on what kind of work you needed the desktop to do. If I need a desktop to edit papers, read email, and brows the web; linux desktop works fine.

Re:Linux mainstream? (0)

Anonymous Coward | more than 13 years ago | (#2222895)

If you define mainstream as having application software sold in mass market outlets like Best Buy, Micro Center, and Walmart, then you can say Linux is mainstream. It is like soda; Coke is always there, but you can also find Cel-Ray, Hires, and Yahoo.

Open Development Model (2, Insightful)

vbprgrmr (411532) | more than 13 years ago | (#2223078)

It was more that Linux was open and they could actually write testable code into the OS. If you noticed in the main NSA security page, they also provided a series of recommendations for security on Windows 2000. Since they couldn't tamper with Windows code, that was all they could do.

Also, for those people all paranoid about all this, remember it was because of the national security issues that resulted from systems and web servers attacked by Denial of Service, hackers and the Chinese, that caused Congress and NSA to study the problem.

Dumb question (5, Insightful)

Anonymous Coward | more than 13 years ago | (#2222809)

Aside from the NSA, has anyone taken the time to audit the code?

Re:Dumb question (1)

Anonymous Coward | more than 13 years ago | (#2223109)

Yes. [neohapsis.com]


This comment violated the postercomment compression filter. Extra crap added!

Re:Dumb question (-1, Offtopic)

Anonymous Coward | more than 13 years ago | (#2223115)

Yes, I stepped through the machine code while monitoring the processor IO via logic probes tied to an oscilliscope that I built myself; i masked my own pcbs, mined my own silicon, spun my own resistors, and built it myself, inside a lead lined vault which nobody else is allowed in. This is of course the only way I could ensure that "they" could not tamper with the results of my code audit.

I found that this security is all a big fucking waste of time, just to ensure nobody finds my sekrit pr0n stash.

NSA vs. Deus Ex (1)

FortKnox (169099) | more than 13 years ago | (#2222811)

How can you trust the NSA after playing a complete game of Deus Ex???

Beware! (-1, Offtopic)

Ralph JewHater Nader (450769) | more than 13 years ago | (#2222815)

Be on the lookout for the jewish threat, they're after your money.


This has been a public service annoucement by the Green Party USA.

Re:Beware! (-1, Offtopic)

ascii spork (518057) | more than 13 years ago | (#2222825)


O )) ( ( \ \_.-' \ O )) ( ( \ \_.-
\_.' | `. \ __ | \_.' | `. \ THIS IS A CROSS
\#_/ `-._/ . / _`. \#_/ `-._/ BETWEEN ESCHER
-' \ O )) ( ( \ \_.-' \ O . AND A STIFF
__ | \_.' | `. \ ' __ | \_/ DICK UP THE ASS
. / _`. \#_/ `-._/ . / _`. \#_/
)) ( ( \ \_.-' \ O )) ( ( \ \_.-'
' | `. \ ' __ | \_.' | `. \ '
`-._/ . / _`. \#_/ `-._/ .
\ O )) ( ( \ \_.-' \ O )) (
__ | \_.' | `. \ ' __ | \_.' |
/ _`. \#_/ `-._/ . / _`. \#_/ `-._
( ( \ \_.-' \ O )) ( ( \ \_.-'
`. \ ' __ | \_.' | `. \ ' __
_/ . / _`. \#_/ `-._/ . / _`.
\ O )) ( ( \ \_.-' \ O )) ( ( \ \
| \_.' | `. \ ' __ | \_.' | `. \
\#_/ `-._/ . / `. \#_/ `-._/ fL

Important Stuff:

Please try to keep posts on topic.
Try to reply to other people comments instead of starting new threads.
Read other people's messages before posting your own to avoid simply duplicating what has already been said.
Use a clear subject that describes what your message is about.
Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)

Re:Beware! (-1, Offtopic)

Anonymous Coward | more than 13 years ago | (#2222950)

Are those goats [goatse.cx] ?!

Trolls like goats [goatse.cx] .

Trolls hide under bridges waiting to waylay and abuse any passing goats [goatse.cx] .

Re:Beware! (-1, Troll)

Ralph JewHater Nader (450769) | more than 13 years ago | (#2222971)

I bet the goatse guy is a jew.

A Reward (0)

Anonymous Coward | more than 13 years ago | (#2222823)

A reward of $1,000 to the person who finds the trap door that NSA can use.

*Linux is Dying. Of AIDS (-1, Offtopic)

ascii spork (518057) | more than 13 years ago | (#2222837)

, ,
/( )`
\ \___ / |
/- _ `-/ '
(/\/ \ \ /\ LOOK WHAT I'VE GOT
/ / | ` \ BEND OVER SIR
O O ) / |
`-^--'`< '
(_.) _ ) /
`.___/` /
`-----' /
<----. __ / __ \
<----|====O)))==) \) /====
<----' `--' `.__,' \
| |
fL \ /
______( (_ / \______
,' ,-----' | \
`--{__________) \/

I can't get the patch to work. (5, Funny)

Picass0 (147474) | more than 13 years ago | (#2222842)

My compile keeps hanging on NSABackdoor.h

Re:I can't get the patch to work. (-1, Offtopic)

ascii spork (518057) | more than 13 years ago | (#2222853)


:
'. _ .'
-= (~) =- E U R E K A
.' # '.

/"""""
| (')') WITH THIS HAND I CAN JERK MYSELF OFF
C _)
\ _|
\__/
<___Y>
/ \ :\\
/ | :|\
|___| :|/\
| | :|\ \
\ \ :| \ \_
\ \==L| \\\
///` ||
| ||
| ||
| ||
| ||
| ||
| ||
[___]]
(____))
^^^^^^^^^^^^^^^

Important Stuff:

Please try to keep posts on topic.
Try to reply to other people comments instead of starting new threads.
Read other people's messages before posting your own to avoid simply duplicating what has already been said.
Use a clear subject that describes what your message is about.
Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)
Problems regarding accounts or comment posting should be sent to CowboyNeal.

Re:I can't get the patch to work. (-1, Offtopic)

Anonymous Coward | more than 13 years ago | (#2222961)

Uhhhh wrong.

Most likely they'd have hacked gcc to target login as Brian Kernigan described.

And the only way you could tell would to dissassemble all of the compile and audit the assembly code.

AHAHAHAHAA! HOW&nbspDO&nbspYOU&nbspLIEK&nbspTHEM APPELS, FELLOWS?!!&nbspGRABOULOUS!&nbsp

Re:I can't get the patch to work. (2)

Col. Panic (90528) | more than 13 years ago | (#2222999)

Most likely they'd have hacked gcc to target login as Brian Kernigan described.

I think you meant Ken Thompson [acm.org] .

Re:I can't get the patch to work. (0)

Anonymous Coward | more than 13 years ago | (#2223031)

"And the only way you could tell would to dissassemble all of the compiler and libraries and audit the assembly code".

"Me fail English? That umpossible!"

Re:I can't get the patch to work. (0)

Anonymous Coward | more than 13 years ago | (#2223041)

&lt***cough***&gt PROMIS! &lt***cough***&gt
&lt***cough***&gt INSLAW! &lt***cough***&gt

Oh, wait, that probably wasn't our squeaky clean patriotic NSA, just people in the same business working for the same bosses.

Re:I can't get the patch to work. (-1, Offtopic)

Anonymous Coward | more than 13 years ago | (#2223087)

freakin' woo-woo.
http://www.google.com/search?hl=en&safe=off&q=PROM IS+INSLAW+Casolaro+&btnG=Google+Search
http://www.amazon.com/exec/obidos/ASIN/0922915393/ qid=998948107/sr=1-3/ref=sc_b_3/002-8069421-082004 1

Re:I can't get the patch to work. (0)

Anonymous Coward | more than 13 years ago | (#2222981)

That's the include file that allows NSA people to buttfuck you. If you want to be buttfucked, you're going to have to switch compilers.

Aaliyah was a slut (-1, Troll)

Anonymous Coward | more than 13 years ago | (#2222869)

good riddance ya stinky whoreniggerbitch!

Be glad ! (stop moaning) (0, Flamebait)

sn0wdude (317116) | more than 13 years ago | (#2222870)

Why are u guys complaining everytime (!)...?

When IBM does something for GNU/Linux it must be evil, when NSA implements some really neat features, you guys also complain.

Why are you people always moaning when some big company supports GNU/Linux ?

That's what *you* want, ne c'est pas ?

GNU/Linux is still lacking behind in some areas, but when some $random company fixes this, it cannot be good...Why ?

I'm sick of this FUD of yours.

You're not doing the stuff yourself, so be happy.

Re:Be glad ! (stop moaning) (0, Offtopic)

jfonseca (203760) | more than 13 years ago | (#2222907)

May I ask who the fuck you're talking to?

Who is 'you'?

Security Built In (2)

twitter (104583) | more than 13 years ago | (#2222917)

The NSA says, "We feel much more secure when you use SE Linux."

Why are you people always moaning when some big company supports GNU/Linux ?

That's what *you* want, ne c'est pas ?

Nope, I could care less. I want people to be free to use their computers as they see fit. I'm not happy to see people surrender those freedoms to another big company, much less the Federal Government, using some basterdized version of a free OS. The NSA has a history of recomending weak secruity, backdoors and nice stuff like Carnivore.

You're not doing the stuff yourself, so be happy.

Backdoors are not a do it yourself job.

Re:Security Built In (1)

sn0wdude (317116) | more than 13 years ago | (#2223020)

They released this under GPL/some sort of Open Source license right ?

[i]Backdoors are not a do it yourself job.[/i]

I thought that Opensource allowed you to find backdoors ? That's the whole idea right ?

And I think the NSA has much better ways to get your information, then to release some sort of backdoored Linux version, don't you think ?

Sorry, but the Windows/Mac Market is much bigger then the Linux userbase, so it's less interesting for the NSA. Get over it.

Re:Security Built In (0)

Anonymous Coward | more than 13 years ago | (#2223098)

Yeah, but no one sufficiently paranoid would ever trust a Microsoft product to be secure -- and there is no way to make it secure or audit it yourself.

Mac, eh. Possibly could trust the quality of the code, but once again, can't audit it.

"Open Source" on the other hand, you can audit the source, and make any fixes you feel neccessary to improve security. So that would be the choice for someone who is parnoid ^H^H^H^H concerned about security.

But where do you get a trusted compiler and libs to build your code with?

Re:Be glad ! (stop moaning) (-1, Offtopic)

Anonymous Coward | more than 13 years ago | (#2223030)

Why is this moderated down ? This should be insightful.

Please stupid mr Moderator, go read the Moderation FAQ. Don't judge contents, judge presentation.

70% of the Slashdot readers use Internet Explorer on Windows, so don't be hypocritical and moderated anti Linux postings negative.
I bet you are using Windows yourself.

Mod it up plz.

Re:Be glad ! (stop moaning) (0)

Anonymous Coward | more than 13 years ago | (#2223090)

70% of the Slashdot readers use Internet Explorer

...Or at least that's what 80 million dead feminists say.

Why is the NSA in this? (1)

jfonseca (203760) | more than 13 years ago | (#2222876)

The sole purpose of the NSA is to spy on you, now why are they trying to make your system more secure?

You know they used the favorite hacker OS out there and now give it out freely....funny crap coming from the very same government that locked Dimitri up for showing security flaws, the same gov that locked Kevin up without trial, the same gov run by CIA spinoffs.....fuck the NSA linux, we don't want no gov building a hacker tool.

You know they're just trying to get closer to the hacker community by giving you a free linux distro. So far it's the only way the feds found to get close to the hacker type, since force didn't do them any good.

Watch out, they're not up to any good there.

Re:Why is the NSA in this? (5, Informative)

wumingzi (67100) | more than 13 years ago | (#2222934)

The sole purpose of the NSA is to spy on you, now why are they trying to make your system more secure?

Incorrect. Read the NSA's charter [psu.edu] .

Pay attention to section 1, Article 5, Section 3 et. al. The NSA also is charged with creating standards for the security of information held in DoD computers (specifically), other govt. computers (generally), and promulgating those standards for use in other systems. Here is a nice link to the NSA's computer security guidelines if you haven't seen them [ncsc.mil] .

Yes, the NSA spies on people. No this isn't nice. Yes, the government of the USA does some awfully screwy things, like the DMCA. Tarring the whole government with the same brush is simple-minded.

Besides, the code is available for your perusal. If you think the uberspooks have put in a back door, get to work and find it!

Re:Why is the NSA in this? (0)

Anonymous Coward | more than 13 years ago | (#2222963)

Y bodder? dey so much smarter den me..
dey catch me wid hand in cooky jar...

Re:Why is the NSA in this? (1)

zook (34771) | more than 13 years ago | (#2223112)

Besides, the code is available for your perusal. If you think the uberspooks have put in a back door, get to work and find it!

Right. I'm no fan of the NSA, but my guess is that this is all on the level. If they were to put Evil Nasty Code into it, someone would find it, and that would be a major PR gaffe.

Re:Why is the NSA in this? (1, Funny)

Anonymous Coward | more than 13 years ago | (#2223141)

If they were to put Evil Nasty Code into it, someone would find it, and that would be a major PR gaffe

Ahh, but that media frenzy would be enough of a distraction to cover up the secret launches of the newest mind control satellites. Watch out boys, these ones can go right through tinfoil...

Re:Why is the NSA in this? (0)

Anonymous Coward | more than 13 years ago | (#2223036)

That's plain FUD.

What would be the userbase for a NSA Linux distro ? Really small, indeed.

You suck.

Quick question: (-1, Offtopic)

ascii spork (518057) | more than 13 years ago | (#2222890)

.""--.._______
[] `'--.._
GOT ANY MENTOS ||__ `'-,
`)||_ ```'--.. \
\ _ /|//} ``--._ |
\ .'` `'. /////} `\/
\ / .""".\ //{///
\ / /_ _`\\ // `||
| |(_)(_)|| _// ||
| | /\ )| _///\ ||
| |L====J | / |/ | ||
/ /'-..-' / .'` \ | ||
/ | :: | |_.-` | \ ||
/| `\-::.| | \ | ||
/` `| / | | | / ||
|` \ | / / \ | ||
| `\_| |/ ,.__. \ | ||
/ /` `\ || ||
| . / \|| ||
| | |/ ||
/ / | ( ||
/ . / ) ||
| \ | ||
/ | / ||
|\ / | ||
\ `-._ | / ||
\ ,//`\ /` | ||
///\ \ | \ ||
|||| ) |__/ | ||
|||| `.( | ||
`\\` /` / ||
/` / ||
/ | ||
| \ ||
/ | ||
/` \ ||
/` | ||
`-.___,-. .-. ___,' ||
`---'` `'----'`

Important Stuff:
Please try to keep posts on topic.
Try to reply to other people comments instead of starting new threads.
Read other people's messages before posting your own to avoid simply duplicating what has already been said.
Use a clear subject that describes what your message is about.
Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)
Problems regarding accounts or comment posting should be sent to CowboyNeal.

Re:Quick question: (-1, Offtopic)

Anonymous Coward | more than 13 years ago | (#2222911)

ok, i gotta admit... this ones funny.

A quick message to all you NES fans out there. (-1, Offtopic)

ascii spork (518057) | more than 13 years ago | (#2222903)


quu..__
$$$b `---.__
"$$b `--. ___.---uuudP
`$$b `.__.------.__ __.---' $$$$" .
"$b -' _ `-.-' $$$" .'|
". | | d$" _.' |
`. / | | ..." .' |
`./ | |___ ..::-' _.' |
/ |_____| .:::-' .-' .'
: ::''\ _.' |
.' .-. .-. `. .' |
: /'$$| .@"$\ `. .' _.-'
.'|$u$$| |$$,$$| | < _.-'
| `:$$:' :$$$$$: `. `. .-'
: `"--' | `-. \
:##. == .###. `. `. `\
|##: :###: | > >
|#' `..'`..' `###' x: / /
\ xXX| / ./
\ xXXX'| / ./
/`-. `. / /
: `- ..........., | / .'
| ``:::::::' . |< `.
| ``` | x| \ `.:``.
| .' /' xXX| `:`M`M':.
| | ; /:' xXXX'| -'MMMMM:'
`. .' : /:' |-'MMMM.-'
| | .' /' .'MMM.-'
`'`' : ,' |MMM<
| `' |tbap\
\ :MM.-'
\ | .''
\. `. /
/ .:::::::.. : /
| .:::::::::::`. /
| .:::------------\ /
/ .'' >::' /
`',: : .'
`:.:' Tim Park

Important Stuff:
Please try to keep posts on topic.
Try to reply to other people comments instead of starting new threads.
Read other people's messages before posting your own to avoid simply duplicating what has already been said.
Use a clear subject that describes what your message is about.
Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)
Problems regarding accounts or comment posting should be sent to CowboyNeal.

WARNING, MUSLIMS ! (-1, Offtopic)

Anonymous Coward | more than 13 years ago | (#2223011)

Pokemon contains satanistic, zoinistic, hindu and christian symbols. The parent post is not save for muslims !

Re:A quick message to all you NES fans out there. (-1, Offtopic)

Anonymous Coward | more than 13 years ago | (#2223092)

those $$$ in his eyes are a nice touch

moo. (-1, Flamebait)

ascii spork (518057) | more than 13 years ago | (#2222913)


LICK A DICK A DAY !!!!!!!
I MEAN MOO
/; ;\
__ \\____// /
/{_\_/ `'\____ /
\___ (o) (o } /
_____________________________/ :--'
,-,'`@@@@@@@@ @@@@@@ \_ `__\
;:( @@@@@@@@@ @@@ \___(o'o)
:: ) @@@@ @@@@@@ ,'@@( `===='
:: : @@@@@: @@@@ `@@@:
:: \ @@@@@: @@@@@@@) ( '@@@'
;; /\ /`, @@@@@@@@@\ :@@@@@)
::/ ) {_----------------: :~`,~~;
;;'`; : ) : / `; ;
;;;; : : ; : ; ; :
`'`' / : : : : : :
)_ \__; ";" :_ ; \_\ `,','
:__\ \ * `,'* \ \ : \ * 8`;'* *
`^' \ :/ `^' `-^-' \v/ : \/

Important Stuff:
Please try to keep posts on topic.
Try to reply to other people comments instead of starting new threads.
Read other people's messages before posting your own to avoid simply duplicating what has already been said.
Use a clear subject that describes what your message is about.
Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)
Problems regarding accounts or comment posting should be sent to CowboyNeal.

Re:moo. (0, Offtopic)

Whalephant (216999) | more than 13 years ago | (#2222983)

Exellent, i thought that final fantasy was state of the art in computer graphics, but this.... thanks, i will use this as a sig.

more pctures for you. (-1, Troll)

ascii spork (518057) | more than 13 years ago | (#2222924)



I'M PAINTING A PICTURE OF MY DONG
I'LL THROW IN THE PANTS NO CHARGE

\
\ _------Q--\
\ /~ )
<_____________/
/ _ )))))))))
[] / (((((((((
|~~~| (____/' ))))))))))
| | ))))))))))))))))) |\
| | (((((((((((((((((( / |
| | /~~\----------/| // \ | _/
| |<===| ===] ||// \ \____ //'
//| | \__/~~~~~~~~~~|^ _--~~~ ~~~-//
// | | | / () () // )
// | | | | () _-//-~
// | | ((((((((| () (_//
// | | | : | ~~---_
// | | | | \ () () )
// | | | | ~--__ __-~
// |___| | | |~//~~~~~
// // \\ / / |//
// // \\ (___(___________|
// [==] [==]

Important Stuff:
Please try to keep posts on topic.
Try to reply to other people comments instead of starting new threads.
Read other people's messages before posting your own to avoid simply duplicating what has already been said.
Use a clear subject that describes what your message is about.
Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)
Problems regarding accounts or comment posting should be sent to CowboyNeal.

BSD? (2, Insightful)

Kozz (7764) | more than 13 years ago | (#2222932)

(I'll probably get modded down as flamebait for this, but screw it.) I'm a Linux user. However, I've long thought about installing/using one of the *BSD variants, simply because they are often touted as being even more secure than linux. Why might the NSA not create "SE-BSD"? Wouldn't that likely be even more beneficial?

Re:BSD? (1)

Whyzzi (319263) | more than 13 years ago | (#2223003)

Problably because there has been a focus on security in bsd, specifically OpenBSD [openbsd.org] . Why re-invent the wheel? Another reason might be that Linux has greater market share than the BSDs.

openbsd (1)

morgothan (201770) | more than 13 years ago | (#2223022)

Because openBSD beat them to the punch. For a secure *bsd open is the best there is and the NSA knows that.

Re:BSD? (3, Informative)

benedict (9959) | more than 13 years ago | (#2223059)

I believe the NSA has provided some funding for TrustedBSD [trustedbsd.org] .

So? (-1, Offtopic)

ascii spork (518057) | more than 13 years ago | (#2222933)


(~'~~'~~'~~) HOW ABOUT THESE WACKY COMICS ?!?!?!?!?!?!?!?
| |
| | /
| ~|~ / CRAM IT FUCKO _ __
|-------()) / || |
( _) \ .'~\ /.
| | \ ()()__\/ ".
| | \ /* "
''.. | | // |
|'..'---_/\ | () |
/ ''---|| /\ ". ."
/ \ \\/\/ ".. ."\\
| \ / \_/ || | ^
| \/\\ | \ ((__)

Quick Question (0)

Anonymous Coward | more than 13 years ago | (#2222945)

When exactly did Slashdot stop posting News for Nerds and start only posting News for Linux users. When I want news on Linux I go to sites dedicated to Linux, I come here to get news on whats going on that effects (or is it affects, damn english) the entire tech community, not just news about what new distro is available. Come on guys, how about some variety every now and then.

Legal Notice from their Download page (1)

niekze (96793) | more than 13 years ago | (#2222949)

Before downloading this software, you must accept the warranty exclusion and limitation of liability which appears below.

Warranty Exclusion


I expressly understand and agree that this software is a non-commercially developed program that may contain "bugs" (as that term is used in the industry) and that it may not function as intended. The software is licensed "as is". NSA makes no, and hereby expressly disclaims all, warranties, express, implied, statutory, or otherwise with respect to the software, including noninfringement and the implied warranties of merchantability and fitness for a particular purpose.

Limitation of Liability


In no event will NSA be liable for any damages, including loss of data, lost profits, cost of cover, or other special, incidental, consequential, direct or indirect damages arising from the software or the use thereof, however caused and on any theory of liability. This limitation will apply even if NSA has been advised of the possibility of such damage. I acknowledge that this is a reasonable allocation of risk.

hmmm. "bugs", clear this up will ya? Software glitches or electronic listening devices? Plus, they use "may contain"...Are they giving it permission? My software isn't allowed to have bugs. If it does, it is an error! "it may not function as intended" hmm you mean...like...the 'security' part? "In no event will NSA be liable for any damages, including...or other special, incidental, conseqential...damages...arising from the software"

special: backdoors we forgot about that we find later
incidental: backdoors we internally documented
direct: What we break/steal from you
indirect: What l33t hax0rs break/steal from you after our direct methods post on Bugtraq.

and finally...."This limitation will apply even if NSA has been advised of the possibility of such damage" if we 'accidentally' left our public ssh identity in /root/.ssh/authorized_keys and someone points this out...we'll we don't need to explain it, you kids have played Counter-Strike enough to figure it out. 'Hostage Down' hahah

Re:Legal Notice from their Download page (0)

Anonymous Coward | more than 13 years ago | (#2223027)

what exactly makes you trust gcc, egcs, or <insert compiler here/>'s writers more than the NSA? What makes you think the NSA is going to go out of their way to get r00t on some linux nerds computer, when their job is to spy on foreign governments?

Re:Legal Notice from their Download page (0)

Anonymous Coward | more than 13 years ago | (#2223101)

what exactly makes you trust gcc, egcs, or 's writers more than the NSA?

Hmm ... whom should I trust more, private citizens or a spook agency? ... real tough call there

Re:Legal Notice from their Download page (1)

Zordak (123132) | more than 13 years ago | (#2223075)

I'm not sure if you're trolling, or just karma whoring, hoping some 13-year-old with mod points will mod you up as "informative" or "insightful" because you're bashing a 'gummint' agency, and I probably shouldn't bother, but I'll go ahead and bite.

Those disclaimers are the exact same disclaimers, almost word for word, that you will find on MANY MANY pieces of software (especially Open Source types). Just because the big, scary government likes to cover their butts the same as everyone else, that doesn't mean that they're out to spy on your computer. You flatter yourself to think that the NSA even cares about the half-naked Brittney Spears pictures you are downloading. They don't. The source code that is being patched into your kernel is right there in front of you. If you have concerns about it, read it. I'm sure that many people will, just to make sure there are no back doors. If you find a back door, fix it. They can't patch something into your kernel without your interaction. Now go back to playing your video games, and let the educated people see if they can do something useful with this patch.

P.S. I only speak in condescending tones to those who sound like children.

Just a question... (5, Insightful)

mystery_bowler (472698) | more than 13 years ago | (#2222969)

Is the NSA responsible for figuring out the best ways to lock down whatever OS's the various government agencies of the U.S. use? Reason I'm asking is because seems like recently (or kinda-recently) there was an article here on /. with a link to the NSA's guidelines for securing Win2k. I'm sure the NSA has reasons that I don't even want to know about for running both their own build of Linux and a tightened-up install of Win2k, but I'm just curious as to the extent of their influence on other agencies' software choices.

Do other agencies just follow along with the guidelines the NSA sets forth, try to get independent advice or go it alone? Financially, at least, it would seem like going with the NSA's guidelines would be the way, since the information is more or less public (at least it is in these two instances) and there wouldn't be any time or money spent on third-party tripe (bids, negotiations, etc) or independent research.

Re:Just a question... (3, Informative)

FooGoo (98336) | more than 13 years ago | (#2223054)

Yes... Executive Order 12333 of 4 December 1981 describes in more detail the responsibilities of the National Security Agency. The resources of NSA/CSS are organized for the accomplishment of two national missions:

The Information Assurance mission provides the solutions, products and services, and conducts defensive information operations, to achieve information assurance for information infrastructures critical to U.S. national security interests.

The foreign signals intelligence or SIGINT mission allows for an effective, unified organization and control of all the foreign signals collection and processing activities of the United States. NSA is authorized to produce SIGINT in accordance with objectives, requirements and priorities established by the Director of Central Intelligence with the advice of the National Foreign Intelligence Board.

Is here a linux expert... (0, Redundant)

Dead Nietzsche (518016) | more than 13 years ago | (#2222974)

...who knows what this nsakeyd demon is doing ?

My favourite part of the FAQ.. (0)

Anonymous Coward | more than 13 years ago | (#2222976)

"Is Security-enhanced Linux a Trusted Operating System? No."

Hola Amigos. Donde esta tu presidente. (-1, Offtopic)

ascii spork (518057) | more than 13 years ago | (#2222979)



TAKE US TO YOUR LEADER WE COME IN PEACE

\ /
\ .-""""-. .-""""-. /
\ / \ / \ /
/_ _\ /_ _\
// \ / \\ // \ / \\
|\__\ /__/| |\__\ /__/|
\ || / \ || /
\ / \ /
\ __ / \ __ /
.-""""-. '.__.'.-""""-. '.__.'.-""""-.
/ \ | |/ \ | |/ \
/_ _\| /_ _\| /_ _\
// \ / \\ // \ / \\ // \ / \\
|\__\ /__/| |\__\ /__/| |\__\ /__/|
\ || / \ || / \ || /
\ / \ / \ /
/ \ __ / \ __ / \ __ / \
/ '.__.' '.__.' '.__.' \
/ | | | | | | \
/ | | | | | | \

I THINK I STOPPED | WHAT WE NEED HERE
UP YOUR HUMAN TOILETS | IS A SALAD BAR
|

HOLY GOD I'M
GOING TO BURST

Important Stuff:
Please try to keep posts on topic.
Try to reply to other people comments instead of starting new threads.
Read other people's messages before posting your own to avoid simply duplicating what has already been said.
Use a clear subject that describes what your message is about.
Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)
Problems regarding accounts or comment posting should be sent to CowboyNeal.

Cha! And monkeys might fly out my ... (1)

Col. Panic (90528) | more than 13 years ago | (#2222980)

I'm so sure the source doesn't contain anything like this:

if $LOGNAME==`NSA_Agent` then
echo `crackyou.nsa.gov ispy` >> /etc/hosts.equiv
useradd ispy -G wheel -d /root

From the FAQ (2)

Col. Panic (90528) | more than 13 years ago | (#2223013)

13. Is it secure?

(blah blah blah)...Security-enhanced Linux is ... very unlikely to meet any interesting definition of secure system.

feeling insecure with the NSA's security (1)

mjoconnor81 (242768) | more than 13 years ago | (#2223025)

I don't know about the rest of you, but i cannot help but feel a little insecure about the NSA's secure version of linux.

You're welcome. (1, Offtopic)

No Such Agency (136681) | more than 13 years ago | (#2223049)

Like it? Send thanks and donations to above address. Have a good one.

Do you think any OS would be secure ? (1, Interesting)

sn0wdude (317116) | more than 13 years ago | (#2223056)

Then read this:

http://www.acm.org/classics/sep95

(Reflections on Trusting Trust - Ken Thompson)

"The final step is represented in Figure 7. This simply adds a second Trojan horse to the one that already exists. The second pattern is aimed at the C compiler. The replacement code is a Stage I self-reproducing program that inserts both Trojan horses into the compiler. This requires a learning phase as in the Stage II example. First we compile the modified source with the normal C compiler to produce a bugged binary. We install this binary as the official C. We can now remove the bugs from the source of the compiler and the new binary will reinsert the bugs whenever it is compiled. Of course, the login command will remain bugged with no trace in source anywhere.

Moral
The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect. "

A definate read !
Believe it or not, as Ken Thompson says, you will be 100% secure.

Re:Do you think any OS would be secure ? (0)

Anonymous Coward | more than 13 years ago | (#2223068)

You mean: you will be *NEVER* 100% secure.

Doh!

Re:Do you think any OS would be secure ? (0)

Anonymous Coward | more than 13 years ago | (#2223096)

that was interesting the first million fucking times it was posted in regards to a security story.

A definate read !

Uh, yes, you definitely read it.

Re:Do you think any OS would be secure ? (0)

Anonymous Coward | more than 13 years ago | (#2223107)

and it could be posted a million more times and there'd still be people who didn't get it.

Government using GPL? (1)

drdink (77) | more than 13 years ago | (#2223084)

Nothing against the GPL, but I find it disgraceful that the United States government is producing code under the GPL. Works produced by the government should be public domain, not GPL. And yes, there is a difference.

Re:Government using GPL? (1)

JLinden (332375) | more than 13 years ago | (#2223135)

Err...
Do they really have a choice? Remember, it is a modification of Linux, so it must be released under the GPL or it would be a GPL violation.

Let's lose the FUD, people (5, Insightful)

Tassach (137772) | more than 13 years ago | (#2223100)

The rampant, grossly uninformed FUD that's flying around here is making me ill.


First try and wrap your brain around this concept: The NSA has TWO distinct missions -- to spy on foreign nations on behalf of the US government, and to keep foreign nations from spying on US govt. and businesses. People tend to forget about that second part. Knowing government beaurocracy, it's not at all unlikely that the spy-on-other-folks department and the keep-other-folks-from-spying-on-us department are involved in a turf war, or are working at cross-purposes.


Second: the NSA secure linux is a patch to the standard Linux kernal. If you are paranoid about them trying to do somthing neferious, download the source and diff it against the baseline code. It's pretty hard (but not impossible) to hide a backdoor in source. Paranoid types, make sure you trust your compiler [as well as any other binary that touchs the code as it's being transformed from source to executable] If the NSA wanted to hack your box, they have a lot of better ways to do it than releasing a GPL'ed trojan. Give them some credit -- they are not that stupid.


This is a Good Thing. Having a respected government agency endorse Linux gives it huge amounts of credibility. [OK, geeks may not trust/respect the NSA, but you can be sure that CEOs and PHBs do.] Believe it or not, occasionally the US gvt does manage to Do The Right Thing, even if it's unintentional.

Facts (1)

sn0wdude (317116) | more than 13 years ago | (#2223106)

Until someone proves me that the NSA Linux distro contains any backdoor, or something that allowes the NSA to snoop on you while running their distro, this is all F-U-D.

When I say something, you want facts right ?
Now it's your time to give that facts, I've read no real fact until now.

So upon then, you are just making a fool of your self with these conspiracy theories. Gimme facts about a backdoor in the NSA distro.

I'll say this. (0)

Anonymous Coward | more than 13 years ago | (#2223116)

At least the ASCII art offers nice presentation and is quick to read.

All these other "comments" are poorly formated, poorly thought out, poorly stated and a total waste of time.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?