NSA Starts Contributing Low-Level Code to UEFI BIOS Alternative
The NSA has started assigning developers to the Coreboot project, which is an open source alternative to Windows BIOS/UEFI firmware. The NSA's Eugene Myers has begun contributing SMI Transfer Monitor (STM) implementation code for the x86 processor. Myers works for NSA’s Trusted Systems Research Group, which according to the agency’s website, is meant to “conduct and sponsor research in the technologies and techniques which will secure America's information systems of tomorrow.”
Myers published a paper about STM last year on how NSA’s STM implementation could work. All Coreboot code, including all the STM contributions from the NSA, are open source, so anyone could verify that there is no backdoor in there -- in theory.
In practice, the NSA could have also written the code in a less-than-secure way with vulnerabilities that are hard to detect without more experienced security researchers. Alternatively, the NSA could also update this implementation years later, when there are less eyes on the STM implementation and the update would no longer make headlines.
Better to avoid coreboot and feel secure that the hardware could never subvert my expectations of security and privacy. /s
(Score: 1) by fustakrakich on Tuesday June 25 2019, @01:43AM (5 children)
We would need a new agency who's publicly avowed mission is to increase security levels wherever or however they can...
Yes. The New and Improved NSA! (NINSA)2
Since doing that would be so trivial, why not just elect politicians that will re-purpose the old one? We can keep them down to three letters that way at least.
Bad news everybody. Oversight is our problem. You can't really farm that out. We are on our own.
La politica e i criminali sono la stessa cosa..
(Score: 5, Informative) by edIII on Tuesday June 25 2019, @02:33AM (4 children)
The new part is that any NINSA agent, or Senator involved, in weaponization of vulnerabilities can be charged with treason.
However, given our current sitting president and administration is entirely above the law, I share your incredulity that such a system of trust can be established in the first place. That's why I thought I set the bar so high it was ridiculous on its face.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 2) by JoeMerchant on Tuesday June 25 2019, @03:29AM
Newsflash: this has been true for centuries. The current administration is just dumb enough to flaunt it out there where even idiots can see what they're doing. Dumb, and in power - and I'm afraid that 49% of the voters in 2020 are still going to vote to bring them back, because the other side is too greedy to carve out a political stance that could get more than 51% of the vote.
🌻🌻 [google.com]
(Score: 0) by Anonymous Coward on Tuesday June 25 2019, @10:40AM
Has anyone wondered if Osama bin Laden's inspiration was actually John Carpenter's 1981 'Escape from New York'? It has Air Force One crashing into the penal colony of Manhattan, showing a computerized projection of the plane(or escape pod) entering and then tumbling down through a building. It also has the World Trade Center as a major plot point, being the insertion point for Snake's glider and planned extraction point for the captured president. It also ends with the American president showing his disregard for the loss of life, and the anti-hero Snake destroying the peace summit audio tape documenting nuclear fusion, so that the US, China and Russian peace summit will collapse.
(Score: 3, Informative) by J053 on Tuesday June 25 2019, @09:31PM (1 child)
Art.III, Sec. 3
This is a good thing. Treason is the worst crime one can commit against one's country, and should be very hard to prove and punish. We need to find another word for what everybody and his brother keeps calling "treason" these days.
(Score: 2) by edIII on Tuesday June 25 2019, @10:09PM
I consider what those NSA agents did to be as bad as what you describe, and wholly deserving of the term treason. They meet, or exceed, the definition.
We have enemies. We have enemies operating today in U.S Cyberspace, which is the same as United States Territory. We have enemies that have caused many billions in damages to our country. The NSA's paradigm of exploiting/cultivating security weaknesses is tantamount to offering the enemy aid and comfort. In this specific case, it was arming them with cyber weapons that are being used against us. Their specific actions also significantly, and in some cases entirely, reduced the levels of security for the average citizen and small businesses. There is a US city paying ransom to our enemies in cyberspace that operate inside the US against US citizens.
I stand by what I said. These people need be tried for treason. It absolutely should be treasonous to weaponize security vulnerabilities, or in other words, create powerful platforms of cyber weapons. The only thing the government needs to do is increase our levels of security, and they deserve all the skepticism they get after what they've done.
Technically, lunchtime is at any moment. It's just a wave function.