Stories
Slash Boxes
Comments

SoylentNews is people

NSA Network Security Code Appears on GitHub

posted by cmn32480 on Thursday September 03 2015, @01:46AM   Printer-friendly
from the how-can-you-not-trust-the-NSA dept.

mendax writes:

El Reg is reporting:

The NSA today revealed it has uploaded source code to GitHub to help IT admins lock down their networks of Linux machines.

The open-source software is called the System Integrity Management Platform (SIMP). It is designed to make sure networks comply with US Department of Defense security standards, but the spy agency says it can be adapted by admins to meet individual security needs as well.

"The open-source software method of transferring technology from the federal laboratory to the marketplace is extremely efficient," said Linda Burger, director of the NSA Technology Transfer Program.

"The open-source community can leverage the work that NSA has produced, and the government can benefit from that community's expertise and perspective. It's a win for everyone – and for the nation itself."

So, not only do they want your secrets, they want you to help them get them. Yes, it's open-source software and the source code can be examined, but the NSA skeptic in me thinks this sounds very dodgy.

Original Submission

 
This discussion has been archived. No new comments can be posted.
NSA Network Security Code Appears on GitHub | Log In/Create an Account | Top | 22 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by skater on Thursday September 03 2015, @11:58AM

    by skater (4342) on Thursday September 03 2015, @11:58AM (#231683) Journal

    If the NSA was trying to sneak a backdoor into Linux, would they really do it this openly? No, they'd have some submitter submit valid, useful patches for a period of time to build up a reputation, then slip in the goods. And for all we know this has already happened. I'm more inclined to think this code is likely exactly what they said it is.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 3, Interesting) by edIII on Thursday September 03 2015, @09:12PM

    by edIII (791) on Thursday September 03 2015, @09:12PM (#231972)

    I think everyone in the thread may be missing something. Sure.. The NSA is good at compromising code. We all know that.

    What they also happen to be very VERY good at are side channel attacks. This code would seem to have something to do with security, and the NSA being able to understand that code... would seem to allow them greater precision and ability with side channel attacks against target systems running *their* very own security code.

    I'd take it and look at it, but as far as running it? Not unless I was very assured that the "operating profile" it gives off is *not* what the NSA was expecting. There's a reason why a big part of attacking target systems is understanding the specific versions of the code they are running. For both exploit purposes *and* tuning side channel attacks.

    At this point I would be highly suspicious if the NSA was just offering an apparent no-strings-attached blowjob. They act as if their charter was to protect the American public or something.

    --
    Technically, lunchtime is at any moment. It's just a wave function.