Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Thursday September 03 2015, @01:46AM   Printer-friendly
from the how-can-you-not-trust-the-NSA dept.

El Reg is reporting:

The NSA today revealed it has uploaded source code to GitHub to help IT admins lock down their networks of Linux machines.

The open-source software is called the System Integrity Management Platform (SIMP). It is designed to make sure networks comply with US Department of Defense security standards, but the spy agency says it can be adapted by admins to meet individual security needs as well.

"The open-source software method of transferring technology from the federal laboratory to the marketplace is extremely efficient," said Linda Burger, director of the NSA Technology Transfer Program.

"The open-source community can leverage the work that NSA has produced, and the government can benefit from that community's expertise and perspective. It's a win for everyone – and for the nation itself."

So, not only do they want your secrets, they want you to help them get them. Yes, it's open-source software and the source code can be examined, but the NSA skeptic in me thinks this sounds very dodgy.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Interesting) by frojack on Thursday September 03 2015, @04:05AM

    by frojack (1554) on Thursday September 03 2015, @04:05AM (#231559) Journal

    I believe their SELinux has been thoroughly vetted, and no problems were found it it.

    Nobody has found any holes in it, or hidden features.

    --
    No, you are mistaken. I've always had this sig.
    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 2) by Hyperturtle on Friday September 04 2015, @12:22AM

    by Hyperturtle (2824) on Friday September 04 2015, @12:22AM (#232050)

    Yes, they have released guides (and nist too, I believe) that are right on the money. They knew and promoted how to secure lots of things.

    Of course, when we later find out about NSAKey and such, in hindsight we were secured from lots of things -- except them. If we followed the guides to the letter.

    In those cases, I think that the tax dollars were well spent, since I know of no commercial entity (that I worked for, at least) that has followed their guides to the letter. The guides, even if used to make a half assed attempt at security, is immeasurable better than the typical small business with a vanilla monolithic infrastructure ripe for the taking. Those places are all windows in a workgroup and a dlink combo device for internet and local network access...on Comcast. then the NSA can't help you. You have to invest in your security a little bit.

    I deeply despise how many different external interests have in prying into data that should be private -- but I also respect many of those enemies for their demonstration of skill and tenacity at achieving their goals--even if I would not choose to socialize with them. There are brilliant creepy people, after all, and some places are full of them.