From: Peter Busser <peter@vpro.nl>
Subject: Re: NSA - Spook Linux
Date: Wed, 10 Jan 2001 11:32:26 +0100
Next Article (by Subject): Re: NSA - Spook Linux Stephen Smalley
Previous Article (by Subject): Re: NSA - Spook Linux Amon Ott
Top of Thread: NSA - Spook Linux "Furmanek, Greg"
Next in Thread: Re: NSA - Spook Linux Stephen Smalley
Articles sorted by: [Date]
[Author]
[Subject]
Hi! > Wll there was a article on securityfocus recently about how there was a > fairly obvious buffer overflow in the libsecurity library NSA added, I > tink it was a remote explot, cant remember though. Personally I wpuldnt > trust anything that came out of NSA considering the good possibility they > were behind the strangely named NSA encrytion key found in windowsnt Well, first of all, no non-trivial program is perfect. The existence of one buffer overflows is not proof by itself that this NSA stuff is less secure than other programs. It seems to be a research project, so don't expect mission critical level security. Second if all source code is available, how could the NSA hide such tricks like the MS-Windows/NT encryption key in the system? It might be possible, but it is no doubt very hard to hide. All in all I think it's an interesting project. Provided all source code are publicly available, I don't think there is any reason to be overly paranoid about it. Groetjes, Peter Busser -- Our continuing mission: To seek out knowledge of C, to explore strange UNIX commands, and to boldly code where no one has man page 4. UNIX is user friendly... it's just picky about who it chooses to befriend. - To unsubscribe from the rsbac list, send a mail to majordomo@rsbac.org with unsubscribe rsbac as single line in the body.
Next Article (by Subject): Re: NSA - Spook Linux Stephen Smalley
Previous Article (by Subject): Re: NSA - Spook Linux Amon Ott
Top of Thread: NSA - Spook Linux "Furmanek, Greg"
Next in Thread: Re: NSA - Spook Linux Stephen Smalley
Articles sorted by: [Date]
[Author]
[Subject]