Assange: Debian is Owned by the NSA

rysiek rysiek@hackerspace.pl
Thu Apr 10 09:48:21 PDT 2014


Hi there,

so this has come to my attention. Whaddya guys and gals think?

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

http://igurublog.wordpress.com/2014/04/08/julian-assange-debian-is-owned-by-the-nsa/


In his Q&A to his keynote address at the World Hosting Days Global 2014
conference in April, the world’s largest hosting and cloud event, Julian
Assange discussed encryption technology in the context of hosting
systems. He discussed the cypherpunk credo of how encryption can level
the playing field between powerful governments and people, and about 20
minutes into his address, he discussed how UNIX-like systems like Debian
(which he mentioned by name) are engineered by nation-states with
backdoors which are easily introduced as ‘bugs’, and how the Linux
system depends on thousands of packages and libraries that may be
compromised.

I recommend watching his 36 minute Q&A in its entirety, keeping in mind
my recent warnings about how GNU/Linux is almost entirely engineered by
the government/military-affiliated Red Hat corporation.

The Voice of Russia website has an article on Assange’s address with a
few quotes:

    “To a degree this is a matter of national sovereignty. The news is
all flush with talk about how Russia has annexed the Crimea, but the
reality is, the Five Eyes intelligence alliance, principally the United
States, have annexed the whole world as a result of annexing the
computer systems and communications technology that is used to run the
modern world,” stated Julian Assange in his keynote address…

Don’t just read the short article, listen to the address yourself,
because Assange goes into many areas, and the work being done in these
fields.

Assange mentions how Debian famously botched the SSL random number
generator for years (which was clearly sabotaged – a known fact).
Speaking of botched security affecting Red Hat, Debian, Ubuntu, Gentoo,
SuSE, *BSD, and more, the nightmarish OpenSSL recently botched SSL again
(very serious – updated comments on how a defense contractor in Finland
outed the NSA here?) It’s very hard to believe this wasn’t deliberate,
as botching the memory space of private keys is about as completely
incompetent as you can get, as this area is ultra-critical to the whole
system. As a result, many private keys, including of providers, were
potentially compromised, and much private info of service users. Be sure
to update your systems as this bug is now public knowledge. (For more on
how OpenSSL is a nightmare, and why this bug is one among many that will
never be found, listen to FreeBSD developer Poul-Heening Kamp’s
excellent talk at the FOSDEM BSD conference.)

From the start, my revelations on this blog about Red Hat’s deep control
of Linux, along with their large corporate/government connections,
hasn’t been just about spying, but about losing the distributed
engineering quality of Linux, with Red Hat centralizing control. Yet as
an ex-cypherpunk and crypto software developer, as soon as I started
using Linux years ago, I noted that all the major distributions used
watered-down encryption (to use stronger encryption in many areas, such
as AES-loop, you needed to compile your own kernel and go to great
lengths to manually bypass barriers they put in place to the use of
genuinely strong encryption). This told me then that those who
controlled distributions were deeply in the pockets of intelligence
networks. So it comes as no surprise to me that they jumped on board
systemd when told to, despite the mock choice publicized to users –
there was never any option.

A computer, and especially hosting services (which often run Linux), are
powerful communication and broadcasting systems into today’s world. If
you control and have unfettered access to such systems, you basically
control the world. As Assange notes in the talk, encryption is only as
strong as its endpoints. eg if you’re running a very secure protocol on
a system with a compromised OS, you’re owned.

As Assange observed:

    “The sharing of information, the communication of free peoples,
across history and across geography, is something that creates,
maintains, and disciplines laws [governments].”

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

-- 
Pozdr
rysiek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 316 bytes
Desc: This is a digitally signed message part.
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20140410/e8374eb7/attachment.sig>


More information about the cypherpunks mailing list