Page 5 of 6 FirstFirst ... 3456 LastLast
Results 41 to 50 of 57

Thread: Does Ubuntu have malicious NSA code?

  1. #41
    Join Date
    Nov 2009
    Location
    Nutley, NJ
    Beans
    564
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Does Ubuntu have malicious NSA code?

    If you use GPG, then use a 3072 bit DSA signature and a 4096 bit El Gammal public private key pair. Don't use RSA. I won't say RSA is broken by NSA or others, but Mr. Schneier warns against using commercial encryption products like RSA or PGP. Use FLOSS encryption whenever possible and use public ciphers like AES, DSA, El Gammal, TwoFish, Serpent, and Blowfish. Use public symmetric block ciphers more than asymmetric public ciphers whenever possible.

    For the pete's sake, use full-disk encryption and encrypt your /home and /swap partitions using separate passwords for extra security. Use Novell AppArmor and learn how to use it. Create custom Novell AppArmor profiles for software applications that contain your online accounts and credentials like your web browser or your e-mail client.

    Don't transmit anything sensitive in the clear to the Internet. Be wary of adding untrusted PPAs or software code from unknown sources.

    If you must, use an anti-virus program like Comodo anti-virus for GNU/Linux. It won't catch the classified attack vectors coming from US DoD or NSA or CIA or FBI, but it will catch the other publicly known malware.

    Above all else, try not to become a target of opportunity. Secure your computers and your data as tightly as possible so you can use them on any network whether it's private or public. Almost everything that goes to the Internet is public domain and it's fair game.

  2. #42
    Join Date
    Nov 2009
    Location
    Nutley, NJ
    Beans
    564
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Does Ubuntu have malicious NSA code?

    To be clear, Ubuntu doesn't have "malicious NSA code." To say the reverse is going too far and it's still classified.

  3. #43
    Join Date
    Sep 2010
    Location
    Beta Testing in Canada
    Beans
    6,695
    Distro
    Ubuntu Development Release

    Re: Does Ubuntu have malicious NSA code?

    Quote Originally Posted by Welly Wu View Post
    If you use GPG, then use a 3072 bit DSA signature and a 4096 bit El Gammal public private key pair. Don't use RSA. I won't say RSA is broken by NSA or others, but Mr. Schneier warns against using commercial encryption products like RSA or PGP. Use FLOSS encryption whenever possible and use public ciphers like AES, DSA, El Gammal, TwoFish, Serpent, and Blowfish. Use public symmetric block ciphers more than asymmetric public ciphers whenever possible.

    For the pete's sake, use full-disk encryption and encrypt your /home and /swap partitions using separate passwords for extra security. Use Novell AppArmor and learn how to use it. Create custom Novell AppArmor profiles for software applications that contain your online accounts and credentials like your web browser or your e-mail client.

    Don't transmit anything sensitive in the clear to the Internet. Be wary of adding untrusted PPAs or software code from unknown sources.

    If you must, use an anti-virus program like Comodo anti-virus for GNU/Linux. It won't catch the classified attack vectors coming from US DoD or NSA or CIA or FBI, but it will catch the other publicly known malware.

    Above all else, try not to become a target of opportunity. Secure your computers and your data as tightly as possible so you can use them on any network whether it's private or public. Almost everything that goes to the Internet is public domain and it's fair game.

    Comodo AV guard works excellently. Not sure about federal trojans. There was one company I worked for who publicly announced they would not allow federal trojans - but I am not sure if they still do.
    This is Rolling Release
    Warnings for New Beta Testers& Helpful Terminal Commands:
    Running 15.10 on Mobo: MSI model: B85-G41 PC Mate(MS-7850) v: 1.0

  4. #44
    Join Date
    Nov 2009
    Location
    Nutley, NJ
    Beans
    564
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Does Ubuntu have malicious NSA code?

    1. https://www.schneier.com/blog/archiv..._crypto_1.html

    Read this article. Use public symmetric 256 bit key ciphers. Don't use public asymmetric ciphers especially patented or the ones that have royalties commercial public ciphers.

    Don't underestimate the US Department of Defense. It's an enormous apparatus. If they want in on your PC, then they have no problems doing so even if you use Ubuntu or something else. No joke.

  5. #45
    Join Date
    Sep 2010
    Location
    Beta Testing in Canada
    Beans
    6,695
    Distro
    Ubuntu Development Release

    Re: Does Ubuntu have malicious NSA code?

    Quote Originally Posted by Welly Wu View Post
    1. https://www.schneier.com/blog/archiv..._crypto_1.html

    Read this article. Use public symmetric 256 bit key ciphers. Don't use public asymmetric ciphers especially patented or the ones that have royalties commercial public ciphers.

    Don't underestimate the US Department of Defense. It's an enormous apparatus. If they want in on your PC, then they have no problems doing so even if you use Ubuntu or something else. No joke.
    There was an article in our local paper today about how the NSA has compromised the SSL encryption . I take it seriously.
    This is Rolling Release
    Warnings for New Beta Testers& Helpful Terminal Commands:
    Running 15.10 on Mobo: MSI model: B85-G41 PC Mate(MS-7850) v: 1.0

  6. #46
    Join Date
    Sep 2013
    Beans
    14

    Re: Does Ubuntu have malicious NSA code?

    NSA wants to inject spyware code into FLOSS products, it's obvious. But because of source availability, it's almost impossible to make something complex and don't get caught. However, they might deliberately try to commit code with security vulnerabilities. Or just find vulnerabilities in FLOSS products for their purposes. But since anyone can read code, vulnerabilities might get patched even before anyone will actually exploit them. So, I think linux as pretty secure anyway. And Ubuntu is not more likely to contain malicious code than any other flavor of linux. Actually, there is more danger from hardware backdoors now. There already have been discoveries of backdoors in Intel hardware.

  7. #47
    Join Date
    Jul 2007
    Beans
    132
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Does Ubuntu have malicious NSA code?

    SE linux was originally written by NSA, and has since been implemented into the kernel itself. Now, I'm not one to tell that SE linux contains malicious code, but given recents news as to which lengths NSA goes to in order to insure they have backdoors into certain proprietary operating systems and popular public online service servers I'd say it would be worth a look at the code from some competent people.

    The description of SE linux itself is so cryptic the average user won't even know what it actually does.

    As most distros today comes with SE linux by default almost only way to get rid of it is to compile your own kernels.

  8. #48
    Join Date
    Oct 2013
    Beans
    3

    Re: Does Ubuntu have malicious NSA code?

    Quote Originally Posted by Welly Wu View Post
    If you use GPG, then use a 3072 bit DSA signature and a 4096 bit El Gammal public private key pair. Don't use RSA. I won't say RSA is broken by NSA or others, but Mr. Schneier warns against using commercial encryption products like RSA or PGP. Use FLOSS encryption whenever possible and use public ciphers like AES, DSA, El Gammal, TwoFish, Serpent, and Blowfish. Use public symmetric block ciphers more than asymmetric public ciphers whenever possible.

    For the pete's sake, use full-disk encryption and encrypt your /home and /swap partitions using separate passwords for extra security. Use Novell AppArmor and learn how to use it. Create custom Novell AppArmor profiles for software applications that contain your online accounts and credentials like your web browser or your e-mail client.

    Don't transmit anything sensitive in the clear to the Internet. Be wary of adding untrusted PPAs or software code from unknown sources.

    If you must, use an anti-virus program like Comodo anti-virus for GNU/Linux. It won't catch the classified attack vectors coming from US DoD or NSA or CIA or FBI, but it will catch the other publicly known malware.

    Above all else, try not to become a target of opportunity. Secure your computers and your data as tightly as possible so you can use them on any network whether it's private or public. Almost everything that goes to the Internet is public domain and it's fair game.


    Sometimes I wonder what people have on their computers to get so overly paranoid about security. Sure, if you're in a country without free speech I could understand... but for me (and I'm sure it's this way for most people) the NSA isn't going to find much. Some pictures of girls, some boring emails, games, music... You know standard fare.

    SELlinux was designed by the NSA... heck forget software, the hardware itself was built with Government back-doors.

    But honestly I don't think the intelligence services care all too much about what's on the majority of our computers.

  9. #49
    Join Date
    Jul 2013
    Location
    Princeton, NJ
    Beans
    70
    Distro
    Ubuntu 15.04 Vivid Vervet

    Re: Does Ubuntu have malicious NSA code?

    I do not believe that MS has "special backdoors for the NSA." This type of hearsay is as bad as other conspiracy theories. Think about it - if the NSA itself was unable to keep a secret, how could MS do better? Some programmer who wanted instant notoriety would leak this code as soon as he could, use common sense.

  10. #50
    Join Date
    Feb 2008
    Location
    Pelican Bay Correctional
    Beans
    Hidden!

    Re: Does Ubuntu have malicious NSA code?

    Quote Originally Posted by Welly Wu View Post
    Don't be shady or suspicious. Don't be a terrorist, drug dealer, and don't get into child porn. Don't traffic illegal arms. Don't threaten official local, state, and federal employees. Don't try to hack critical infrastructure and don't steal industrial, military, or diplomatic secrets you shouldn't have.

    Quote Originally Posted by RichardET View Post
    ...use common sense.
    finally. some wisdom.
    I have 3 brain cells left, and two of them have restraining orders.
    Linux is just "DOS on 'steroids"

Page 5 of 6 FirstFirst ... 3456 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •