sam41
17-05-2008, 11:20 PM
For the first time, the giant software maker is acknowledging the help of the secretive agency, better known for eavesdropping on foreign officials and, more recently, U.S. citizens as part of the Bush administration's effort to combat terrorism. The agency said it has helped in the development of the security of Microsoft's new operating system -- the brains of a computer -- to protect it from worms, Trojan horses and other insidious computer attackers.
it's called the "equities issue." Basically, the NSA has two roles: eavesdrop on their stuff, and protect our stuff. When both sides use the same stuff -- Windows Vista, for example -- the agency has to decide whether to exploit vulnerabilities to eavesdrop on their stuff or close the same vulnerabilities to protect our stuff. In its partnership with Microsoft, it could have decided to go either way: to deliberately introduce vulnerabilities that it could exploit, or deliberately harden the OS to protect its own interests.
Microsoft has (http://technet2.microsoft.com/WindowsVista/en/library/417467e7-7845-46d4-85f1-dd471fbc0de91033.mspx?mfr=true) added (http://msdn2.microsoft.com/en-us/library/aa375534.aspx) the random-number generator Dual_EC-DRBG to Windows Vista, as part of SP1. Yes, this is the same RNG that could have an NSA backdoor (http://www.schneier.com/essay-198.html)
source -> http://www.schneier.com/blog/archives/2007/01/nsa_helps_micro_1.html
http://www.schneier.com/blog/archives/2007/12/dual_ec_drbg_ad.html
the article is old but i only came know about this rightnow
do any one know more about this?
it's called the "equities issue." Basically, the NSA has two roles: eavesdrop on their stuff, and protect our stuff. When both sides use the same stuff -- Windows Vista, for example -- the agency has to decide whether to exploit vulnerabilities to eavesdrop on their stuff or close the same vulnerabilities to protect our stuff. In its partnership with Microsoft, it could have decided to go either way: to deliberately introduce vulnerabilities that it could exploit, or deliberately harden the OS to protect its own interests.
Microsoft has (http://technet2.microsoft.com/WindowsVista/en/library/417467e7-7845-46d4-85f1-dd471fbc0de91033.mspx?mfr=true) added (http://msdn2.microsoft.com/en-us/library/aa375534.aspx) the random-number generator Dual_EC-DRBG to Windows Vista, as part of SP1. Yes, this is the same RNG that could have an NSA backdoor (http://www.schneier.com/essay-198.html)
source -> http://www.schneier.com/blog/archives/2007/01/nsa_helps_micro_1.html
http://www.schneier.com/blog/archives/2007/12/dual_ec_drbg_ad.html
the article is old but i only came know about this rightnow
do any one know more about this?