Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Monday June 24 2019, @11:42PM   Printer-friendly
from the deep-seated-insecurities-and-paranoia dept.

NSA Starts Contributing Low-Level Code to UEFI BIOS Alternative

The NSA has started assigning developers to the Coreboot project, which is an open source alternative to Windows BIOS/UEFI firmware. The NSA's Eugene Myers has begun contributing SMI Transfer Monitor (STM) implementation code for the x86 processor. Myers works for NSA’s Trusted Systems Research Group, which according to the agency’s website, is meant to “conduct and sponsor research in the technologies and techniques which will secure America's information systems of tomorrow.”

Myers published a paper about STM last year on how NSA’s STM implementation could work. All Coreboot code, including all the STM contributions from the NSA, are open source, so anyone could verify that there is no backdoor in there -- in theory.

In practice, the NSA could have also written the code in a less-than-secure way with vulnerabilities that are hard to detect without more experienced security researchers. Alternatively, the NSA could also update this implementation years later, when there are less eyes on the STM implementation and the update would no longer make headlines.

Better to avoid coreboot and feel secure that the hardware could never subvert my expectations of security and privacy. /s


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by edIII on Tuesday June 25 2019, @10:09PM

    by edIII (791) on Tuesday June 25 2019, @10:09PM (#859883)

    I consider what those NSA agents did to be as bad as what you describe, and wholly deserving of the term treason. They meet, or exceed, the definition.

    We have enemies. We have enemies operating today in U.S Cyberspace, which is the same as United States Territory. We have enemies that have caused many billions in damages to our country. The NSA's paradigm of exploiting/cultivating security weaknesses is tantamount to offering the enemy aid and comfort. In this specific case, it was arming them with cyber weapons that are being used against us. Their specific actions also significantly, and in some cases entirely, reduced the levels of security for the average citizen and small businesses. There is a US city paying ransom to our enemies in cyberspace that operate inside the US against US citizens.

    I stand by what I said. These people need be tried for treason. It absolutely should be treasonous to weaponize security vulnerabilities, or in other words, create powerful platforms of cyber weapons. The only thing the government needs to do is increase our levels of security, and they deserve all the skepticism they get after what they've done.

    --
    Technically, lunchtime is at any moment. It's just a wave function.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2