El Reg is reporting:
The NSA today revealed it has uploaded source code to GitHub to help IT admins lock down their networks of Linux machines.
The open-source software is called the System Integrity Management Platform (SIMP). It is designed to make sure networks comply with US Department of Defense security standards, but the spy agency says it can be adapted by admins to meet individual security needs as well.
"The open-source software method of transferring technology from the federal laboratory to the marketplace is extremely efficient," said Linda Burger, director of the NSA Technology Transfer Program.
"The open-source community can leverage the work that NSA has produced, and the government can benefit from that community's expertise and perspective. It's a win for everyone – and for the nation itself."
So, not only do they want your secrets, they want you to help them get them. Yes, it's open-source software and the source code can be examined, but the NSA skeptic in me thinks this sounds very dodgy.
(Score: 2) by deimios on Thursday September 03 2015, @05:24AM
Well if we have the source code then the software is safe right? No way to hide malicious backdoors in open source right?
(Rhetorical question, if you don't already know go check out http://www.ioccc.org/ [ioccc.org] )
(Score: 2) by q.kontinuum on Thursday September 03 2015, @05:33AM
s/safe/safer/g
Ftfy
Registered IRC nick on chat.soylentnews.org: qkontinuum
(Score: 2) by skater on Thursday September 03 2015, @11:58AM
If the NSA was trying to sneak a backdoor into Linux, would they really do it this openly? No, they'd have some submitter submit valid, useful patches for a period of time to build up a reputation, then slip in the goods. And for all we know this has already happened. I'm more inclined to think this code is likely exactly what they said it is.
(Score: 3, Interesting) by edIII on Thursday September 03 2015, @09:12PM
I think everyone in the thread may be missing something. Sure.. The NSA is good at compromising code. We all know that.
What they also happen to be very VERY good at are side channel attacks. This code would seem to have something to do with security, and the NSA being able to understand that code... would seem to allow them greater precision and ability with side channel attacks against target systems running *their* very own security code.
I'd take it and look at it, but as far as running it? Not unless I was very assured that the "operating profile" it gives off is *not* what the NSA was expecting. There's a reason why a big part of attacking target systems is understanding the specific versions of the code they are running. For both exploit purposes *and* tuning side channel attacks.
At this point I would be highly suspicious if the NSA was just offering an apparent no-strings-attached blowjob. They act as if their charter was to protect the American public or something.
Technically, lunchtime is at any moment. It's just a wave function.