Feel Safe Now? - US Security Services May 'Have Moles Within Microsoft,' Says Researcher

reply to post by IGotAllDay


I'm sorry if this sounds harsh, but saying you're a software engineer doesn't carry much weight, especially when you're touting the virtues of Microsoft products in comparison with Linux. I'm not going to speculate on your credentials, but you're talking to a 16 year IT professional, and your argument for Microsoft doesn't hold water.

Open source versus closed source is a war that could go on for years.....just like the West Bank conflict. There are pros and cons to each position.

The more interesting perspective comes from the topic which is that SOMEONE has caught on to the government's game....and more importantly.....publicized it.

Microsoft is Big Corporate and like many other companies like them may be in bed with Government. The posibility of Moles in Microsoft doesn't surprise me in the least.

I remember back when windows 98 would phone home on startup. I haven't trusted MS since.. use them for gaming, you betcha but trust them? No way. thats why i don't install anything Update wise i dont know exactly what its for.

No Microsoft Security updates Ever go into any of my systems - because they all have the same generic definition - they could be anything - one just does not know.. and you know what? I have NEVER had a problem with a security issue because I didnt have one of those security updates. Forget the Updates. Only install new versions of drivers from trusted sources, sandbox your system and back up often. Thats all I have done for over 10 years of using Microsoft products and I never have problems.

Linux is o.k. and I have a few distros I play with but out of them all I choose a non Linux product called PC-BSD 9.0 Isotope. It's based on the BSD side of the Unix family and will run any app any version of Linux will run Plus thousands of apps just made for BSD. It's BSD made friendly for the desktop and does it as well as any popular Linux distro. If you Linux users haven't tried PC-BSD your Really missing out.

From the very article used to claim Linux is better earlier in the thread.

www.esecurityplanet.com...

Linux
One of the biggest advantages in terms of security for Linux lies in its huge, highly-skilled and diligent community.

"The open source nature of Linux allows for more peer review of the code to find and fix the code before zero day hacks can be done," said Williams. "It is a labor of love, not license."

That is not to say, however, that Linux is invulnerable. It is indeed facing an increase in threats as it gains popularity. Yet, there is a limited set of security solutions available. The number of vulnerabilities requiring patches is growing, too.

"Administrators are facing a growing need to proactively control configurations and prevent unauthorized applications from executing," warned Jennings. "And, most organizations have limited visibility into all the applications running on Linux desktops and servers."

Working blind against determined criminals is a dangerous situation for a company to find itself in.

Social engineering and poorly configured systems present the greatest threats in Linux. Passwords too are a serious liability, as they are on Windows. "SQL injections and the like due to sloppy Web programming, such as happened in the HBGary incident a few weeks ago, are the other major threat to Linux," said Tracy Reed, co-founder of Copilotco, a managed hosting service.

"Note that none of these are really Linux design issues," added Reed.

Perfect example of the Liux Myth. When they screw up they just say it wasn't me. And I like the part about working blind and having limited set of security solutions available. But just blame it on someone else.

Originally posted by JBA2848
Perfect example of the Liux Myth. When they screw up they just say it wasn't me. And I like the part about working blind and having limited set of security solutions available. But just blame it on someone else.

LOL you gotta be a MSDN .NET "programmer". Linux myth? Here's some universal TRUTH. In any system, an administrator must be diligent in examining potential security vulnerabilities and patches that are released to address them on a constant basis. I know Windows users are accustomed to just allowing automatic update to occur overnight while they sleep, but proactive security and system stability requires quite a bit more technical ability than the "set it and forget it" update method. I've had the unfortunate occasion of having to work with "software engineers" who proudly talk about their MCSE and access to the MSDN as if they're somehow "in the know" with regards to security design and enterprise operations. In reality, software engineers are NOT the same as system engineers, and do not possess the skill-set to properly assess and implement appropriate production security. Outside of their little C# bubble, MS devs are little more than senior members of the Geek Squad, and really have no business commenting on a topic, such as system security, that is so far beyond their realm of "expertise".

Working in IT in the security sector I can assure you all operating have their issues regardless of if its open source or closed source. In most cases risks can be minimized by the use of advanced firewalls and monitoring (firewalls etc), human access, carefully reviewing 3rd party software installed.

If your under the impression that Linux/Unix, Apple Mac, Windows or the various other computer systems are 100% secure you are a fool, everything can be broken into given a high enough cause.

The most secure form of storing information is offline on non electronic forms such as on paper.

Originally posted by phantom150
Working in IT in the security sector I can assure you all operating have their issues regardless of if its open source or closed source. In most cases risks can be minimized by the use of advanced firewalls and monitoring (firewalls etc), human access, carefully reviewing 3rd party software installed.

If your under the impression that Linux/Unix, Apple Mac, Windows or the various other computer systems are 100% secure you are a fool, everything can be broken into given a high enough cause.

The most secure form of storing information is offline on non electronic forms such as on paper.

Agreed, but that's not what this topic is about. It goes without saying that security is a comprehensive, systemic process, and that vulnerabilities are everywhere. But again, that's not what we're discussing.

Linux has been infiltrated and im not just talking about this article.
www.eweek.com...
But the board of directors.
www.linuxfoundation.org...

And so there seems to be another board member people should notice. Alan Clark, Novell. So why should he stand out? Novell.
en.wikipedia.org...

In July 2001, Novell acquired the consulting company, Cambridge Technology Partners, founded in Cambridge, MA by John J. Donovan, to expand offerings into services. Novell felt that the ability to offer solutions (a combination of software and services) was key to satisfying customer demand. The merger was apparently against the firm's software development culture, and the finance personnel at the firm also recommended against it. The CEO of CTP, Jack Messman, engineered the merger using his position as a board member of Novell since its inception and soon became CEO of Novell as well. He then hired back Chris Stone as vice chairman and CEO to set the course for Novell's strategy into open source and enterprise Linux. With the acquisition of CTP, Novell moved its headquarters to Massachusetts.[3]

And whats so important about that? Well the company they bought and made it there headquarters. That person they bought it from John J. Donovan.

en.wikipedia.org...

Donovan served on National Academy of Sciences Advisory Committee on Technology reporting to President Jimmy Carter. Donovan worked with President George H. W. Bush's administration on the impact of the internet and applications sponsored by DARPA.

Donovan[24] worked with the Chairman of the Joint Chief of Staff General Richard Myers to develop Joint Protection Enterprise Network (JPEN),[25] a system developed in response to 9/11 attack.

So he worked for DARPA. And he was also put in charge of internet security for Bush after 9/11.

english.pravda.ru...

Police arrest millionaire technology guru John J. Donovan Sr on false testimony
17.08.2007 | Source: AP ©
Police arrest millionaire technology guru John J. Donovan Sr on false testimonyMillionaire technology guru John J. Donovan Sr. was charged Friday with falsely testimony. He told police that he was shot in an attack arranged by his son.

Judge Kenneth Fishman found Donovan, 65, guilty of filing a false police report, a misdemeanor, in the bench trial. Donovan faces up to a year in prison and a $500 (372 EUR) fine.

Donovan claimed he was attacked and shot by two strangers in the parking lot of his Cambridge office on the night of Dec. 16, 2005. He told a police dispatcher then that his son had laundered $180 million (133.79 million EUR) from his accounts and had threatened to kill him.

But prosecutors argued he made up the story to get revenge against his son and gain the upper hand in a bitter family battle over trusts that may be worth hundreds of millions of dollars. Donovan has battled his five children in court for years over the money.

During the trial, prosecutors said a surveillance video showing Donovan adjusting the camera away from the parking lot days before the shooting proved premeditation. They also said they found a "to-do list" in the front pocket of Donovan's sports jacket that seemed to outline details for the shooting.

And Novell based a lot of there company on this guy. And the frame job he tried to do on his kid? CIA I don't know but it is kind of crazy. And he did work for Jimmy Carter, DARPA, Bush after 9/11, and the DOD.

I do feel safe. The more moles the better.


Click on you tube link ? ^

This is one of the reasons I just switched to a Linux OS just last week.I am now using Backtrack 5 R2 and I couldn't be anymore happier.

I feel much safer surfing the web and I don't have to put up with Microsoft's crap anymore.

Originally posted by phantom150
Working in IT in the security sector I can assure you all operating have their issues regardless of if its open source or closed source. In most cases risks can be minimized by the use of advanced firewalls and monitoring (firewalls etc), human access, carefully reviewing 3rd party software installed.

If your under the impression that Linux/Unix, Apple Mac, Windows or the various other computer systems are 100% secure you are a fool, everything can be broken into given a high enough cause.

The most secure form of storing information is offline on non electronic forms such as on paper.

You're absolutely correct. But it is true that Linux/BSD is more secure in terms of overall safety...open source just provides for this because of peer review...

I run machine level software firewalls and a hardware firewall with stateful packet inspection and an array of other security methods and tools I care not to discuss here to keep them all obscure. I also keep my systems up to date and build my own kernels - this is what keeps me safest.

That said, using Windows is just asking for trouble if you're doing anything that needs super security. If you're building something that contains your blueprints for the next big consumer product, I suggest you have a linux or BSD machine that's not wired to any network, and that you only copy files off of it and not to it...that's security...that or not using computers at all

Originally posted by JBA2848
Linux has been infiltrated and im not just talking about this article.
...

You're still looking at linux like it's somehow one project and suite of applications, like OSX or Windows is - this is wrong. While I highly suspect the enterprise level linux distros are probably infiltrated, it doesn't really matter - the peer review process negates pretty well any exploit that could be purposefully built into the code, ESPECIALLY the kernel, which would be the most (attempted) exploited part of any Linux distro.

Vulnerabilities exist, but they're always discovered and fixed. The only real time a linux or bsd system is exploited is when it's not updated and not firewalled.

Do you really think Novell's code contribution to Linux and it's projects aren't subject to the peer review process? Other than Suse, which I think is owned by Novell, and is a distro I steer clear of, you're safe to use Linux. Basically, avoid anything that's super commercialised. It's why distros like Slackware, Archlinux, Linux From Scratch, Gentoo, etc are really safe. Debian, while it may be somewhat corporate, is also safe because of it's vast userbase that has direct input and peer review over all changes to it's source.

I should note that other possibilities of increasing security would be using the grsecurity patchset, which prevents most exploits from happening before they're even discovered.

Originally posted by mikemck1976
This is one of the reasons I just switched to a Linux OS just last week.I am now using Backtrack 5 R2 and I couldn't be anymore happier.

I feel much safer surfing the web and I don't have to put up with Microsoft's crap anymore.

Good going! You a blackhat? Hahah...either way, it's based on Ubuntu - try Mint at the least too...otherwise, if you want to learn the ins and outs of linux, try Archlinux or Gentoo too...

I should also make a mention of the Debian Amnesiac T.A.I.L.S. LiveCD, which is 100% secure - you boot from it and it saves no files, and uses only TOR for internet connectivity. Furthermore, it wipes the ram on shutdown. It's good for "disposable" computing or times when you don't have a machine around that you can trust. Of course, it can't protect against hardware keyloggers.

tails.boum.org...

I also find this article interesting since I brought up how Richard Wirt from Intel is on the board of Linux. And how Wirt worked for the CIA InQtel.

www.csoonline.com...

US-CERT discloses security flaw in Intel chips
Allow hackers to gain control of Windows, other operating systems

Operating systems exposed to the vulnerability include Windows 7, Windows Server 2008 R2, 64-bit versions of FreeBSD and NetBSD, as well as systems that include the Xen hypervisor, Bitdefender said Friday. "While 32-bit operating systems are safe, Intel CPUs that use the Intel 64 extension need the security patches released by Microsoft in their MS12-042 security bulletin."

Besides Microsoft and Intel, vendors whose products are affected include Joyent, Citrix, Oracle, Red Hat and SUSE Linux, US-CERT says.

Originally posted by JBA2848
I also find this article interesting since I brought up how Richard Wirt from Intel is on the board of Linux. And how Wirt worked for the CIA InQtel.

You keep posting these links regarding Richard Wirt, and they are completely irrelevant. "Linux" is not a company or organization. It's an open-source consortium that has nothing to do with the various linux distributions, or the individual packages that comprise a linux system. He can be the biggest CIA spook in the business; his affiliation with the Linux Foundation has no impact on system security or proper management and administration of a secure, stable production environment.