On Jun 20, 1:32 pm, Ian Hilliard <nos...@xxxxxxxxxxxxxxxx> wrote:
> Roy Schestowitz wrote:
> > "Trusted" Computing
>
> > ,----[ Quote ]
> > | Do you imagine that any US Linux distributor would say no to the
> > | US government if they were requested (politely, of course) to add
> > | a back-door to the binary Linux images shipped as part of their
> > | products ?
There are Linux and Unix vendors who do offer certain types of
remote monitoring capabilities. They just don't build it into the
kernel. The big problem is that ANY back door deliberately left
open or unlocked means that ANYONE can get into that back door.
Several companies, including Sun, IBM (Rational, Lotus, DB2) and
Oracle,
use License managers to help identify who is using which licenses to
which software, and when.
The important thing is that the companies let the customer know
EXACTLY what is being monitored, how, and what the traffic should look
like.
The problem with most of Microsoft's back doors is that they don't let
the customer know what information is being collected, how it's beeing
collected, who will get it, or what the traffic should look like.
If the NSA said "We want you to set up Linux so that rsh is always
enabled, /etc/hosts.equiv has an asterisk in it (allowing anyone from
any other IP address to execute shell commands on your computer
without authentication), and then we want you to remove the warning
saying that all connections to this computer are for xyz company
business purposes only, any other use constitutes a violation of
federal and state computer trespassing laws and will be prosecuted to
the fullest extent of the law.
Then they ask that the new GPL license include a clause which allows
the FSF to collect any information deemed to be helpful in support,
and forward it to any interested party. Allowing FSF to forward
information pulled from files - to the NSA - without a search warrant.
The question would be; "Which companies WOULD accept such
requirements".
The constitution guarantees us the right to privacy. If we waive that
right to privacy for a $5 discount on a $30 piece of software, simply
because the "Retail Price" is listed as $399, then we are fools.
Keep in mind that the same stipulations above would also allow FSF to
publish insider information on the web, or send it to investors
willing to pay a handsome price for "a peek into the CEO's computer".
They could sell Military intelligence to terrorists. They could sell
bids of one competitor to another.
When you leave the back door of you house unlocked so that you
teenager can let himself in without a key, you risk the possibility
that the burgler, the rapist, or the serial killer can also come in
through that same unlocked door.
There are now over 1 million forms of malware that are known to have
successfully attacked PCs. Many of them forward confidential
information such as user ids, passwords, credit card numbers and
security codes, and other confidential information.
It wasn't all that long ago that Windows 95 and Windows 98 users had
the unpleasant shock of finding out that their cable modem allowed
most of the neighbors on the block to detect any "share" directory on
the system. In fact, with Windows 95, one could simply mount the $C
drive as guest.
> > | Who amongst us actually uses the source code so helpfully
> > | given to us on the extra CDs to compile our own version ?
But when a break-in is attempted, and detected, or any other crime,
such as intellectual property theft, is committed, the source code in
public form makes it very easy to track the perpetrator.
The most successful virus to attack Linux was successful in it's
attack because an inexperienced administrator posing as an expert had
accidentally or deliberately made the servers vulnerable. As a
result,
8,000 servers were infected with the Lion virus.
> > | With Windows of course there are
> > | already so many back-doors known and
> > | unknown that the US government might not have even bothered to
> > | ask Microsoft,
Microsoft acts as an unpaid informant. It's one of the reasons that
the prosecutors are so willing to look the other way. They can
provide
information without needing a warrant. Your EULA permits Microsoft to
do this Legally - simply BECAUSE you use Windows.
> > | they may have just found their own, ready to
> > | exploit at will. What about Intel or AMD and the microcode on
> > | the processor itself ?
Both companies now burn serial numbers into each processor. This
makes it possible for the CPU to be identified. This information,
when combined with other information using data mining techniques, can
provide an incredible wealth of information.
There is the illusion of privacy, but we forget that our social
security is used for every credit application. Every credit card,
debit card, and check can be traced through the banking system. This
can be used to find out where a person was at almost any point in
time. The ATM machine takes your picture (actually 10 frame/minute of
ANYTHING in front of the ATM). There are cameras nearly everywhere.
In some cases, this surveillance is a good thing. If you are in a
subway station, you know the mugger will think twice, especially if
you have just checked your watch, because he can't leave the room
without being photographed by "candid camera". In New York city,
after the world trade center bombing, it became public that the
bombers were identified by camera photos taken from ATM machines,
traffic cams, and security cameras as far as 3 blocks away. The crime
rate in New York City dropped significantly shortly after that
revelation, because would-be muggers, rapists, and thieves suddenly
realized they were being watched and could easily be identified and
prosecuted.
On the other hand, a year or so later, in NJ, political activists
attempted to prevent high voter turn-out of adult males, by posting
warnings that all non-custodial parents who had missed 3 months of
child support would be instantly arrested if they attempted to vote.
The net result was that a number of people who wouldn't have been
elected were elected. It may have even been a key factor in the
election of Christine Whitman as Governer of NJ.
Security is a double edged sword. In the hands of highly ethical law
enforcent authorities who are focused on the most hainious crimes, it
can help prevent the traumatization of many would-be future victims.
In the hands of politically motivated authorities, intent on
consolidating and tightening their grip on the population - it can be
the vehicle for turning an elected official into a dictator. Hitler
gained most of his power by maintaining and using very good
intelligence to eliminate most of his opposition before they could
organize.
|
|