Interview with Carlos Piana
,----[ Quote ]
| The lawyer for Samba and the Free Software Foundation Europe explains the
| behind-the-scenes work behind last month's antitrust decision against
| Microsoft.
|
| [...]
|
| A quite spectacular defence was that about security. Basically it said that,
| unlike the Internet protocols, those keeping together a Microsoft work group
| network were so conceived that the all the servers acted as if they were a
| single distributed entity. In other words they were "tightly coupled",
| closely knitted together so that any intrusion from the outside, a drop-in
| replacement pretending to be a Microsoft Windows server could cause
| irreparable harm and all sort of nefarious problems. Besides, disclosing the
| specifications of their protocols would have required a hardening of the
| protocols, in order to make them resistant to malware attack or simply of
| badly designed third-party software which could have compromised the whole
| infrastructure.
`----
http://www.linuxworld.com/news/2008/030808-piana.html
Related:
James Allchin
,---[ Quote ]
| In relation to the issue of sharing technical API and protocol
| information used throughout Microsoft products, which the
| states were seeking, Allchin alleged that releasing this
| information would increase the security risk to consumers.
|
| "It is no exaggeration to say that the national security is
| also implicated by the efforts of hackers to break into
| computing networks. Computers, including many running Windows
| operating systems, are used throughout the United States
| Department of Defense and by the armed forces of the United
| States in Afghanistan and elsewhere."
`----
http://en.wikipedia.org/wiki/Jim_Allchin
Dual_EC_DRBG Added to Windows Vista
,----[ Quote ]
| Microsoft has added the random-number generator Dual_EC-DRBG to Windows
| Vista, as part of SP1. Yes, this is the same RNG that could have an NSA
| backdoor.
|
| It's not enabled by default, and my advice is to never enable it. Ever.
`----
http://www.schneier.com/blog/archives/2007/12/dual_ec_drbg_ad.html
Duh! Windows Encryption Hacked Via Random Number Generator
,----[ Quote ]
| GeneralMount Carmel, Haifa – A group of researchers headed by Dr. Benny
| Pinkas from the Department of Computer Science at the University of Haifa
| succeeded in finding a security vulnerability in Microsoft's "Windows 2000"
| operating system. The significance of the loophole: emails, passwords, credit
| card numbers, if they were typed into the computer, and actually all
| correspondence that emanated from a computer using "Windows 2000" is
| susceptible to tracking. "This is not a theoretical discovery. Anyone who
| exploits this security loophole can definitely access this information on
| other computers," remarked Dr. Pinkas.
|
| Editors Note: I believe this "loophole" is part of the Patriot Act, it is
| designed for foreign governments. Seriously, if you care about security,
| privacy, data, trojans, spyware, etc., one does not run Windows, you run
| Linux.
`----
http://www.linuxelectrons.com/news/general/14365/duh-windows-encryption-hacked-via-random-number-generator
Did NSA Put a Secret Backdoor in New Encryption Standard?
,----[ Quote ]
| Which is why you should worry about a new random-number standard that
| includes an algorithm that is slow, badly designed and just might contain a
| backdoor for the National Security Agency.
`----
http://www.wired.com/politics/security/commentary/securitymatters/2007/11/securitymatters_1115
NSA Backdoors in Crypto AG Ciphering Machines
,----[ Quote ]
| We don't know the truth here, but the article lays out the evidence pretty
| well.
|
| See this essay of mine on how the NSA might have been able to read Iranian
| encrypted traffic.
`----
http://www.schneier.com/blog/archives/2008/01/nsa_backdoors_i.html
|
|
