this post was submitted on 15 Aug 2024
555 points (99.3% liked)

Privacy

31790 readers
207 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 11 points 2 months ago

Circa 1975, IBM proposed the cipher now called DES, the Data Encryption Standard. It became a worldwide standard for secret key encryption. As IBM originally designed it, DES had a 64-bit key. The National Security Agency (NSA) required that the key be reduced from 64 bits to 56 bits, with the other 8 bits used as a checksum. This made no sense. If a checksum were really needed, then the key could be increased from 64 to 72 bits. It was widely believed that the real reason the NSA made this demand was that it knew how to crack messages using a 56-bit key, but not messages using a 64-bit key. This proved to be true.

Secret Key Cryptography by Frank Rubin

[–] [email protected] 14 points 2 months ago

When was the last analysis of the linux kernel source code ?

[–] [email protected] 7 points 2 months ago

Lol good year for the NSA

[–] [email protected] 63 points 2 months ago (1 children)

he wouldn’t be able to inject backdoors even if he wanted to, since the source code is open

Jia Tan has entered the chat

[–] [email protected] 6 points 2 months ago

The project contains binary blobs anyway so theoretically it wouldn't be super hard

[–] [email protected] 126 points 2 months ago (2 children)

Ohh so it's the NSA that my failed sudos are reported to!

[–] [email protected] 16 points 2 months ago (1 children)

Recent versions of sudo changed that message and now I'm sad 😢

[–] [email protected] 10 points 2 months ago

Damn, I'm going to miss those messages one day on my Debian stable server.

[–] [email protected] 15 points 2 months ago (1 children)

Switch to doas so feds don't get any more reports!

[–] [email protected] 18 points 2 months ago

nah, we have run0 at home

[–] [email protected] 104 points 2 months ago (3 children)

Years ago there was a commit to the Linux kernal that strangly had no author. This got some attention of several of the developers.

Looking into the code that had to deal with network transmission. there was a section that if you tried to get network access in a unusual way had a check that was written something like this.

If (usr_permission = ROOT) ... Instead of If (usr_permission == ROOT) ...

The first giving the user root if invoked and the second checking to see if the user was root.

It's widely thought this was the NSA or some other intelligence agency trying to backdoor lin Linux.

[–] [email protected] 17 points 2 months ago (1 children)

The other side of that coin is the NSA developing SELinux

[–] [email protected] 23 points 2 months ago (1 children)

This is because NSA has two roles: eavesdropping on foreign adversaries, and protecting our internal systems from adversaries. Under the first role, they might introduce an exploit known only to themselves. Under the second, they help protect US systems from exploits known to others.

[–] [email protected] 13 points 2 months ago (1 children)

And because of this it makes whatever they fuck with have unnecessary security issues.

Also though they are using it to straight up spy on you whether foreign or not. They got in "trouble" for it once and pinky swore not to do it again.

Fuck the NSA

[–] [email protected] 5 points 2 months ago

Now they get the Brits and Aussies to do it and give them the reports.

[–] [email protected] 7 points 2 months ago (1 children)

fork the kernel and yeet it?

[–] [email protected] 23 points 2 months ago (1 children)

It was caught and never made it in the kernel.

[–] [email protected] 4 points 2 months ago
[–] [email protected] 9 points 2 months ago (2 children)

Or it could of been any person or country. It was a nothing burger and is still a nothing burger

[–] [email protected] 8 points 2 months ago (1 children)

speaking in burger terms as any good american

[–] [email protected] 2 points 2 months ago (1 children)

Proud to be an American, at least I know I'm free.

[–] [email protected] 2 points 2 months ago

Free to buy all the hamburgers!

[–] [email protected] 25 points 2 months ago* (last edited 2 months ago)

It was clearly an attack. By who is unknown.

Notably this was in 2003 before git (2005) so linux source was in a central bitkeeper repo. So a commit with no associated data about who did it should not have been possible.

Here is a more detailed article. https://lwn.net/Articles/57135/

[–] [email protected] 12 points 2 months ago (1 children)

If you want t see Mr. Torvalds questioning this in the video in the link, go straight to minute 43.

[–] [email protected] 1 points 2 months ago (1 children)
[–] [email protected] 3 points 2 months ago
[–] [email protected] 48 points 2 months ago (1 children)

good thing he's not an American citizen

[–] [email protected] 21 points 2 months ago (1 children)

Except he is. He lives in portland now afaik

[–] [email protected] 10 points 2 months ago
[–] [email protected] 49 points 2 months ago

As long as the backdoor is licenced GPL what's the problem?

[–] [email protected] 98 points 2 months ago

This incident will be reported

load more comments
view more: next ›