Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Thursday September 03 2015, @01:46AM   Printer-friendly
from the how-can-you-not-trust-the-NSA dept.

El Reg is reporting:

The NSA today revealed it has uploaded source code to GitHub to help IT admins lock down their networks of Linux machines.

The open-source software is called the System Integrity Management Platform (SIMP). It is designed to make sure networks comply with US Department of Defense security standards, but the spy agency says it can be adapted by admins to meet individual security needs as well.

"The open-source software method of transferring technology from the federal laboratory to the marketplace is extremely efficient," said Linda Burger, director of the NSA Technology Transfer Program.

"The open-source community can leverage the work that NSA has produced, and the government can benefit from that community's expertise and perspective. It's a win for everyone – and for the nation itself."

So, not only do they want your secrets, they want you to help them get them. Yes, it's open-source software and the source code can be examined, but the NSA skeptic in me thinks this sounds very dodgy.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Interesting) by edIII on Thursday September 03 2015, @09:12PM

    by edIII (791) Subscriber Badge on Thursday September 03 2015, @09:12PM (#231972)

    I think everyone in the thread may be missing something. Sure.. The NSA is good at compromising code. We all know that.

    What they also happen to be very VERY good at are side channel attacks. This code would seem to have something to do with security, and the NSA being able to understand that code... would seem to allow them greater precision and ability with side channel attacks against target systems running *their* very own security code.

    I'd take it and look at it, but as far as running it? Not unless I was very assured that the "operating profile" it gives off is *not* what the NSA was expecting. There's a reason why a big part of attacking target systems is understanding the specific versions of the code they are running. For both exploit purposes *and* tuning side channel attacks.

    At this point I would be highly suspicious if the NSA was just offering an apparent no-strings-attached blowjob. They act as if their charter was to protect the American public or something.

    --
    Technically, lunchtime is at any moment. It's just a wave function.
    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3