@TheJooomes's-comment/post "Windows doesn't have a backdoor, it has a loading dock.": And every new version, they make it prettier and more welcoming for snoopers and peeping-toms :-) . Right-now?, they have a loading-dock[/loading-bay] with a VERY fancy Welcome-mat, a red-carpet fancier than the ones they use at Hollywood, free drinks, and all this other stuff.
"Open source is less secure because everyone can see it" Ah, but you see, that is exactly what makes it more secure. Windows vulnerabilities get discovered when a new attack is launched. Linux vulnerabilities get discovered by inspection, patched and then blogged about to share expertise
This is also the same reason why Linux is less secure than BSDs. Anyone can push code. There's now so much of it it's difficult to go back and fix known vulnerabilities. If there was less code (BSD) it's easier to maintain.
What would happen if the linus allowed backdoors in Linux: 1. Someone would find it 2. They would fix it and push it back to the official repository 3. If Linus refuses, then someone would just fork linux and fix the bug and then we would have the Linux kernel and some other forked kernel like LibreLinux of SafeLinux, or some other stupid shit. Basically it's in nobody's interest except the NSA's.
The simple answer is that nobody is using Linux for case management, the original PROMIS was coded with grant money so is actually technically open-source and its all one big backdoor...
Basically what would happen instead is that the kernel will move on but the backdoored, forked version would become stagnant and basically dead. A natural course of evolution.
@@Nookerdog777 There's contributions being made to Linux from all sorts of sources. Just because the NSA comes into it think people think it's bad. Since the inception of SELinux, RedHat have the proponents of fitting it in the kernel. UNIX is really a set of policies implemented by committees than an OS as such. The NSA have had their own UNIX. Now then, what is SELinux and what does it actually do? We'll discuss it later.
Windows 8 and 10 are two greatest things that happened to the computer world in last decade. It made so many developers turn away in disgust and pushed so many people to switch to Linux.
I use debian and freebsd for servers. But for desktop, not a single distro can ever compare to windows. They suck ass so bad. Although it is hopeful that linux will catch up in 5 years.
Oh man you have no idea. I was so mad with what's been happening with Windows 10 I migrated to Arch Linux. I've been using Windows for many years and this year, Microsoft started forcing Windows 7 and 8 users to migrate to 10 by stopping these operating systems from getting updates. Do a factory reset of a Windows 7 OS and you'll see that I'm right; it happened last week with my laptop. Windows 7 may be ending extended support in 3 years, but this is unacceptable. The amount of data collection by Microsoft is also unwarranted. Microsoft, *I'm done.*
It's a "warrant canary". People aren't allowed to say yes so you need to watch and see whether they say no, if they don't directly say no then it is an indirect yes.
ikr? I am a somewhat novice user of Linux and I have to say there is no way in any universe that the backdoor would go unnoticed (especially by people that like to look at kernel source just for fun)
I wouldn't be so sure. Remember how Dennis Ritchie put a backdoor into Unix for service purposes? You could remove it from the compiler source, remove it from the kernel source and then when the compiler compiled either, it would just pop it back in again. The backdoor in the kernel and the instructions to add the the backdoor to the compiler when it recognised it was compiling the kernel. The only way to see it was to disassemble the kernel. But you could also just modify the OS to snip out the assembly for the backdoor when reading the kernel. Then it would be practically undetectable. The classic rootkit approach. Although obviously you would have to make it so when reading for copying or writing to tape or serving it over ftp it wouldn't snip out the backdoor. The only way to detect it then would be to read the file on a computer that doesn't use your kernel.
To my memory it wasn't Ritchie who did that, it was Ken Thompson. But the GCC compiler itself is open source as is Watcom and most other compilers, so that's avoidable as well. Just don't use any compiler that Ken Thompson pre-compiled for you...lol
Strange, the NSAkey was a whole panic among the IT guys at my school, and I also caught wind of it out of interest. Luckily I don’t use windows anymore, though.
Luckily Linus Torvalds is as paranoid and honorable as I want him to be not to let any malicious code influence his lifetime work and at the same time tell us indirectly that there are people wo want him to. I love Linux =)
"Linus Torvalds was approached by NSA for backdoor in Linux" Oh, ok, so the NSA has no idea what opensource software is. That's like saying "go hide in that glass house"
It's not even a glass house, glass is mostly transparent but does absorb some light. It's more like saying "go hide by standing straight up in the middle of that open field"
Well.. that’s true if they tried to directly put in a back door without disguising it as a genuine update. Bugs are natural back doors which hide in plain sight until someone notices it. The NSA just needs an insidiously “bug prone” kernel developer, who’s otherwise an excellent developer that people trust. It just boils down to the arms race of patching vs exploiting.
That's why one university tried to hide a backdoor in various other patches to see if it's possible to actually do that. That university is now banned from contributing.
@@Littlefighter1911 The University of Minnesota tried to introduce vulnerabilities to the Linux kernel disguised as regular updates, but the community caught them and prevented the "hypocrite commits" from being implemented.
Why am i not surprised the MS women is claiming open soure is less secure than closed source. And no one can tell me MS has no "NSA backdoors" in Windows.
Cold Dark it is probably one of those legal statements where they use the structure of the sentence to dodge having to tell the truth. if it is a MS backdoor that the NSA is welcome to use then she was not telling a lie. so the direct question of NSA backdoor can be shot down as it is "not for the NSA" and thus not an NSA backdoor so MS is being straight. but we all know no matter what name it goes by the fact is we have seen proof that MS has worked directly with them and there are backdoors and as she said she could not tell you about them anyway so her answers are wastes of time. the best part is her saying she would not be able to discuss if there was one and then says there is not one.. so really there is no way to build trust at all. a total contradiction of what she said she wanted to do work on with customers.
+Botrax - This is why I will not upgrade to Windows 10... Ive been moving to Linux. Im getting the fuck off the microsoft train and hopping on the express track to Linux. and yes im choosing the selection button that says "Encrypt installation" when installing.
+RecordTrance They are "updating" (or already have "updated") Windows 7 and 8 for the same data collection. Staying away from Windows 10 isn't enough to protect our data. I am using Linux Mint now, dual booting into Windows for a few games that won't play properly in Linux BUT with the Wifi turned off when in Windows (I am not doing this just because of the data collection, I also have wifi turned off in Windows because every time they sent an update, it broke something else in the system... no wifi, no "updates.")
i dont understand how people so easily believe this. if you understand how open source works you know that a community of tens of thousands of people checking over code, poking around for bugs/security risk etc, vs a microsoft support team of 30 idiots (not literally but seams like it alot) working 8 hrs a day but mainly just punching the clock..... more eyes, more passion, people who actually care..... no comparison....
That's why Linux and Android so secure than windows aren't they? Remember the wannacry virus? It was just because of a closed source software and it's vulnerability. Were it open source, it would have been detected and fixed earlier. No other os has had that kind of infection.
@@tech-nomade yo dont need to check every line, every time, just check commits... theres tons of people eyeing the code, im pretty sure someone would notice.
@@yasserarguelles6117 At least I'm not that naive. If you want me to convince - prove it. Otherwise I have to assume that Linux Kernel might be full of malware.
@@yasserarguelles6117 ... which on the other hand doesn't mean I'm not using it and it's worse than macOS or Windows. I just don't like those fairytales about Linux being super secure because it's open source.
2:08 Nils Torvalds, father of Linux founder Linus Torvalds speaking about his son Linus: Some guy asked Linus "Have you been approached by the NSA about backdoors?" Linus answered "no", but at the same time he nodded.
literally the only way she could spin the argument in her favor is if she said "by making software open source it becomes much easier for ill-intentioned people to find security flaws in the code and exploit it", and even then there's the counter-argument that in the case such security flaw is found in closed source software it'll also likely take much longer for the vulnerability to be known and fixed.
I absolutely agree, but to play devils advocate even further, there is potential for problems with the inconsistency of how distributions (mostly regarding linux based systems) are able to tackle vulnerabilities in a timely manner. As most users are using Debian or Fedora derivations, with dedicated security teams this is in practice perhaps not that big of an issue. But while Archlinux based distro have a good track record as far as I'm aware they probably are more reliant on upstream.
@@BattousaiHBr I would say that criminals and government agencies are far more inclined to find vulns in proprietary software than people with a genuine interest in fixing vulns. Closed source makes finding vulns harder for everyone, but more so for bug fixers.
I love that he actually understands what he's talking about. He did not forget what everyone else seems to forget - that bugs have huge potential to become backdoors as well.
I would say there's a fundamental difference between a backdoor that's purposefully built into and concealed within a software system, with the express intention of securing secret access to that system to some undisclosed party, that is, knowingly withholding that information from the user of the system, and an accidental programming flaw that produces a security vulnerability that unintentionally provides access to some random party that happens to find it. Intentional vs accidental. Quite an important difference.
The Snowden documents shows that Microsoft was one of the first tech companies to agree to NSAs backdoors... It is impossible to trust closed software. Obviously, any closed software provider will fervently deny that their software contains backdoors, even when it's obvious it is so. In fact, you have to assume that there are backdoors in all closed software of any importance, it's simply too important to ignore for an organisation like the NSA. Open source software isn't exactly easy to review or trust either but at least it's possible.
@@flashfire4 In a world where NSA can send you a national security letter and an accompanying gag order and get everything you have without you being able to tell anyone, yes, closed source software is untrustworthy.
The idea that FOSS software is vulnerable compared to closed source software is genuine FUD! If a backdoor was found in open sourced software it would be fixed by the community and it would be sent upstream so everyone can benefit from the added security.
even my backup.. backup.. backup android phone (htc sensation) received the WPA KRACK patch from the community (not htc). i sure confirm your statement. sadly there are always companies that decide some devices are not worth patching be it IoT, Smartphones, Smarthome, Cars, Tablets and other stuff.
The key word in your comment is 'if'. We're not talking about a piece of code that's only purpose is to be a backdoor, because that could easily be found, no what we're talking about is a few low-key vulnerabilities that together could make for a backdoor.
What is most interesting about this is that Microsoft just admitted to having backdoors in their products. They claimed that they don't give governments access to those backdoors unless they deem it necessary or they don't have a choice, but they have those backdoors nonetheless.
i think they mean that it is hard to ensure that no aspect of your code can be successfully exploited and caused to misbehave - not that they deliberately create code that explicitly grants alternate hidden access-channels.
To believe that any corporation would protect you from the government is incredibly naive. That's why open source is so good for security. Linus couldn't rat you out even if he tried.
nope - it is the kernel but - will the kernel-supporting software stay public / open-source - if more corps - also Microsoft - implement opensource elements in their commercial products..
@ippos_khloros It isn't an os or a collection of os, it is just a kernal that operating systems can be built upon. Chrome os and Android are also built on the Linux kernal, operating systems like unbuntu or mint or manjaro are technically Gnu/Linux but poeple just call them Linux for short.
@@otljaymz3611 The FBI has the 2nd largest collection of child porn on Earth...(The Vatican being the 1st..) Do you know why the FBI collects and keeps all the child porn? ..So they can place it anywhere they want on anyones property that they want to takedown through digital backdoors.,. The FBI is the largest home grown terror organization in America. They are actively staging terror attacks and shootings on Americans in order to justify legislatively removing Liberty in the name of safety.. These sub human sacks of shit have NO problem putting child porn on your computer if they need you silenced for any reason. - who the fuck do you think murdered Jeffery Esptien?? ...The FBI/Mossad.
"bug backdoors" are entirely false - microsoft designed their backdoors to look like bugs. they were just as well documented as the most well-written API.
Wait ... WHAT? Listen at the part of her answer at 6:06 ... she says "If there was one (NSA backdoor), then I assume that I am not allowed to be told because it's part of the secret rules which I have to apply not to talk ... but I tell you that there is no backdoors." So basically she says that if there were an NSA backdoor she would either not know or would not be allowed to talk about it - but then states that there are no such backdoors!?
@Dex4Sure What are you talking about, he has some big threadripper rig now. Him touching an apple device to display a slideshow doesn't imply he doesn't use linux. Now, a lot of people with big seats on the linux foundation don't use linux, but remember, companies at microsoft bought their seats there, so those placeholders guys don't even need to know and understand linux, but that's another topic.
Microsoft representatives are manipulating the meaning of the word backdoor. They are exclusively stating that backdoors are program bugs meaning that if you actually deliberately program a backdoor then it effectively is not a backdoor but a feature. Clever play on words.
@@StellaEFZ yes, but no QA system test is complete. The QA process assumes that there is a limited amount of effort/time/other resources to test for, and that if a bug is not found early and is easily documentable, then it's not a bug that deserves a QA flag.
The irony is that Security Enhanced Linux is written by the NSA, but still source-code eyeballed and tested by people around the world so not much chance of any backdoor going undetected.
Microsoft admitted they had back doors. They spent a great deal of time explaining how they comply with legal requests, court orders, to access customer information. We still don't know if they're accessing our data without our knowledge.
Last week Microsoft closed a -backdoor- bug enabling anyone to take control of any Exchange server. And it was used by nefarious foreign hacker groups. Let's get serious: any backdoor for NSA will be used by other actors on the long run, this should stop. Kudos for Linus and his father.
NSA computer guys are mainly hackers from my understanding, so I don't think they actually need any deliberate backdoor to begin with, as they have already plenty of attack surface to play with as you mentioned. Though I do think that the idea of a backdoor can be implemented in a rather secure manner. sshd can be seen a backdoor server. The obvious issue is what happens when the master private key gets compromised. Linux package manager keys are highly sensitive, and can be seen as an authority over a large group of systems. Similar issues can happen with website certificates being tampered with and/or stolen. I don't think any approach is truly secure unless cutting internet access off. About Windows having backdoors, I actually don't know about this. Proving that can be challenging but a motivated hacker could very well decompile the code of some critical sections of Windows to figure that out. I think a huge issue for NSA is that they operate very similarly to black hat hackers and these other foreign hackers, governmental or not. They have no motivation to patch backdoors they figured out. They exploit them for their own interest instead.
@@HyperMario64 they also have an incredible budget to create backdoors, billions on the long-run in fact, adding to that is their capacity to use personal information and intimate access to -blackmail- convince devs. And I totally respect the hackers they have, the NSA is probably the most advanced organisation in this matter, with brilliant if not genius people. sha[-0] was briliant but was broke, sha-1 is incredible. You have to respect your adversary, and understand its strength and its goals.
Let's give an analogy: What if Linux Foundation and Microsoft were construction companies instead of IT-firms and an intelligence agency asked for a physical secret door to every building they construct. Microsoft could do it because their business-model gives their customers a pre-built building. Linux-foundation only gives the blue-prints on how to make the building and anyone with any construction skills can see the design-flaws that's left there
Disagree. Microsoft would build the whole thing for you and only tell you about the things they want you to know about. Linux would build the building as well and let you inspect the entire process of building as well as showing all the blueprints
Microsoft would eject you out of the building every two weeks because of mandatory maintenance to the building. Microsoft would only give you access to certain rooms and floors. Microsoft would open and close doors, and when you ask to change this programming, flat-out denies this request. Microsoft doesn't let you put your name on the building, it puts its own name on the building. You don't own the building, you are just a renter. Microsoft purposefully breaks a window or two every week, so that eventually, you're inclined to purchase a new and "improved" version of the same building. This time, with more floors you can't access, more programming you can't change, and more proprietary stuff to your left, right, and center.
"There's no backdoors" If a subpoena can get private user information via compliance by MS, then the software is insecure even if it isn't explicitly backdoored.
@@RadikAlice i think the point Adam was making was, at least the EU politicians know enough about technologies to talk about them without sounding clueless. compare this to the zucc's hearing in the senate, all the people questioning him had no idea what they were talking about.
NSA: "Hey Linus, we need you to put backdoors in Linux" Linus: * *uncontrolled laughter* * NSA: "What's so funny?" Linus: * *Hands over "Open-Source For Dummies" book* * New Linux Kernel Source: /** * NAS Dack Boor Section **/
One big difference is that the good folks at "open source" are not actively trying to screw us. The same cannot be said about Microsoft and Apple where best case scenario, "we" are the product. Worst case scenario, well, I hate to think about it. Again, the difference here is that Microsoft and Apple are working against our best interest and/or certainly in their best interest.
+Jan Věrný But those kind of bugs are more easily found when every single person in the world with programming knowledge can look through the code and help out maintain it. When you have closed source software there may only be 50 persons who keep the code maintained, maby less. Then its clearly the safest to use open source software.
Screw You And how can you prove this? Why wasn´t heartbleed found sooner? The problem I have with claims of this backdoor free, more secure open sourced software is no one can prove it. I can say with the same amount of evidence (none) that because the code is open, hackers can more easily find the security flaws. I like open source, but for different reasons, since I am not convinced that openness brings that much more security over closed professionally maintained code.
Jan Věrný At open-source, the minute that something is found, it is posted. The developers themselves are usually the ones that find it, but also the community. They then work together to resolve. You yourself can join in and see everything that is going on. Can the same be said about Microsoft & Apple? they will stay tight lipped until an independent finds it. This faith you have in Microsoft & Apple is sorrily misplaced.
They have simply bypassed all kernels and gone straight for UEFI and Hypervisors. As well, the residential gateways, DSL(siemens especially), Cable, Fiber are all, no doubt, comprised.
Yeah I find it very funny how Linux fanboys are pushing for Linux for security, when it doesn't even matter anymore because the very processor you are running your PC on has already pledged allegiance to NSA
@@AhnafAbdullah Well not _really,_ there's little a processor or UEFI or motherboard can really do if the OS is designed correctly. Also, people are praising Linux for its security from hackers and not the NSA.
There should be more discussion upon the ethics of hardware level intrusion by Intel and AMD. Libreboot should be the norm. The potential for abuse is too high, absolute power corrupts absolutely.
The Intel Management Engine was originally intended (as its name implies) for enabling remote management of computers owned by corporate offices. However, this capability has the potential to be abused...
Even if the Windows didn't had a backdoors which they do It would be pointless One critical backdoor is built into Intel CPUs and AMDs motherboards since 2008
Actually, a bit earlier than that. Think it all changed with the 2001 patriot act, and the sudden change in hardware lines from AMD/Intel in the same month. Untested, but suspected.
I'm not sure the story is true that the NSA approached Linus for a backdoor into Linux. Here is why: Linus has the oversight of the main line kernel. Nothing more. The kernel is open software with a developer hierarchy that is transparent. Anybody at all times can see the patches made to the kernel. Most people use popular distributions of Linux which derive their Kernels (but modify) from the Linus's kernel. (but they are also open source). This means if one wants to install a backdoor, thousands of developers will need to turn a blind eye. This is impossible. The NSA knows this (it is that obvious). It's much easier to approach KDE or Gnome developers, as less people will view their software. But it's also open software. So also not a good group to ask. The best group of people to ask for a backdoor is the guys that build distributions. But that is also open source for most distributions and there are signature keys to check if binaries (executables) match the source code. Lastly, the NSA can try to ask Nvidia if they are willing to add a backdoor. But that is unlikely because many people watch what these drivers do. Backdoors are only useful in combination with networking. So as a conclusion: dedicated backdoors (and involving people to do so) into Linux is very, very, very unlikely. It's much easier to exploit bad code and it's bugs. Everybody (should) in security knows this.
The NSA is never going to approach KDE and GNOME to implement a backdoor. Those aren't the systems they're targeting. They're likely targeting certain very specific devices which use custom Linux installations. The only way they'd be able to benefit from a backdoor then is to try and sneak one into the kernel itself.
"what is a backdoor?" You can't be seriously insinuating it's not clear enough. It's a way to bypass system security that is placed there by the author of the software (intentionally or unintentionally).
The correct response to any request for private user information should be "we can't give you any information." Not "we refuse" but "it's not possible for us to do so."
"Did you know of any program that behaves like that?" "We had no part in ..." *clarifies question multiple times* "I think you should be asking..." So... they knew about it? I'm not exactly sure what this is about, but why don't they just lie? They dance around the truth and give themselves away, why don't they lie?
AFAICT, if they tell the truth, they get in trouble with the NSA, but if they lie, they get in trouble with the EU, so they have to hint at the truth without explicitly saying it.
Lol! she says that open source software might be more vulnerable than propriety software. Nmap Microsoft servers for OS guess and see how they are NOT using windows, curious.
simonbour Well, it may as well be true, speaking purely hypothetically of course, because let´s MS says to NSA: "No backdoors", then they´re screwed. But Linus says to NSA: "No backdoors", well, they can just submit new code to be implemented over and over and one day maybe they´ll have their own backdoor, of course the Linux community will discover it in about a year or so, but by that time another one may pass,....
@@JanVerny but don't forget that once one backdoor is found, all commits by the same group are instantly not trusted and checked intensely. I also don't doubt that because it's the NSA, some people would look at it a bit more closely.
What is this? I mean, the actual meeting, who are they kind of thing? I'd be dead interested in watching more of these conferences or whatever you'd call them.
Yeah @TFiR should have really gave more context in the video description. Through Nils Torvalds wiki page I was able to determine that this was the 'LIBE Committee Inquiry on Electronic Mass Surveillance of EU Citizens[24] - 11th Hearing, 11 November 2013' but I still don't know who the woman saying "there's no backdoor" is.
NSA just went upstream for the backdoor. NSA has both Intel's ME and AMD's PSP and Acorn/ARM has belonged to the British government since it started in the 70's. Now they don't care what OS you run; they're on the silicon itself.
Honestly I'm cool with that. I consider the equivalent to no knock raids. They should require a warrant every time they backdoor into someone's property tho. From what iv read, their not spying on people, but rather have it incase they can exploit it when a country like Iran or China starts using these chips in anything that pertains to national security. Backdoors are common knowledge. If the gov didn't want us to know abt their bsckdoors, we wouldn't know.
"it's all about trust" according to Microsoft. That's a relief because Microsoft is of course completely trustworthy. for instance they promised for three versions of Windows that there was preemptive multitasking at the heart of windows and everybody in the audience that I was in who heard that claim, laughed.
The NSA would require a software company to neither confirm nor deny the existence of a backdoor. The fact that they are denying the accusation, as opposed to a 'no comment' or 'cannot disclose' says they are either truthful or lying uneccessarily.
Not the NSA. The NSA would absolutely tell them to deny, deny, deny. Once you get into the deeper levels of government, especially when they are doing highly illegal things, all of that sides peak goes out the window.
This reminds me of the knights and the knaves. She basically admitted to being a knave. Also, she's giving standard answers by saying that open source is more vulnerable. That is categorically untrue.
When large powerful and wealthy organisations are being queried about dubious practices, they field people who are genuinely ignorant of such matters, but are highly educated on the official line, to be repeated ad nauseam.
It is possible to verify it. Surely, you could just read the instructions as they were loaded into ram and compare them with compiled byte code from the non-backdoor source
Few problems: That would only detect monkey patched backdoor but it would not verify that there is no backdoor in the source. This is the MAIN problem. Why it would need to be monkey patched anyway. And secondly if you don't have the source, then this approach is pointless. And thirdly checking byte code in a scale of OS would take ages, in practical terms impossible.
I think NSA could commit an binary blob to the kernel as Netflix and such did with DRM. Linux has parts that are proprietary software, granted you can disable those modules
I see what you're saying, but just so you know, the kernel itself is FOSS. Yes, Linux systems may load proprietary kernel-mode drivers. As more drivers move to user-mode, such backdoor will be mitigated. Additionally, it is beyind impossible to hide such a thing; just use a kernel debugger and watch syscalls or watch network traffic externally. Due to self-protection features in the kernel and modern CPU hardware, no way the NSA could use the whole kernel address space to hide the infection either.
the backdoor is built into your intel or amd chip at the hardware level with the the Intel Management Engine and the AMD Platform Security Processor so having totally secure software is irrelevant
@@lewis_base they are linked with menioned engines, but the security problem is still there, as those engines are physical chips on the motherboard, that run proprietary MINIX that has exclusive OS-independent access to your system RAM, network card and other hardware. thus, you cant monitor what the engine is doing from a perspective of an OS. and since these chips OS is closed-source, it may have vulnerabilities, which, if detected, might be abused to infect/compromise security of x86-64 systems all over the world. all amd and intel-compatible motherboards since around 2010 have those engines. this is also the reason why libreboot cant be installed on modern laptops, since now you cant even disable intel ME with custom bios
also I dont agree, simply because those engines are for governments, that are not going after you, at least not yet. but you still need a more efficient system where you have all the control. and yes, truly good security is very costly(at this point you might go full isolated from outside world and store everything important on an offline machine). and yet, open source is still much better for your daily tasks if you're willing to learn, it's not that hard really in the modern era
potentially, yes. and no, not everything. learn about coreboot/libreboot devices. and other architectures, since amd/intel me is only for x86_64 systems
i liked the guy who said i'm busy doing a status update telling that he is in the same room as Linus Torvalds's dad, seems like linus has some supporters(fans) in every corner of the world.
"You show some governments your source code, but they can't verify that THAT source code is the same that gets compiled into the distributed binary." Compile the source code and compare the resulting binary with the retail version?
Linus and his people are correct, open source is potentially more dangerous to be hacked. So, not allowing a back door or limiting access via their servers is paramount in protecting users. I suspect some government agencies and companies are trying to find a way to hack Linux systems, either for their own gain or to obtain information.
2:55 this is the correct point. NSA does not implement a backdoor that says NsaBackdoorW32Run(arg). They introduce little bug that you can exploit and that are not obvious to other coders. Especially if you only ever have a handful of people look at the code because it's closed source. And even if you find that planted bug, it's just some coder who did a mistake.
Outlook is designed to spread viruses, it ignores the file content of attachments, it allows scripting for automation. Its over powered for most users.
You know, theres a clear difference between having some entity, that accesses data and changes it to where there could be a case of security breach between the user/client/software relationship and the user not being able to check him or herself who changed what and what was changed and where that change took place and who overlooked this change! Theres the difference between private entities taking private changes in private circles between private people to put it hyperboly!
Probably best to do a search on: Ken Thompson's "Reflections on Trusting Trust" To think Linux (even versions without systemD) don't already have multiple backdoors is very Naive.
5:20 Completely False 5:35 Completely False (Closed source software is not inherantly safer than open source software) Example Compare the number of existing viruses for Windows closed source system vs. Linux open source system. Guess what the number of viruses for windows in the MILLIONS, over 7 digits and for Linux it's less than 100, ... only 2 digits The difference is huge!
Yes, she just easily said that open source means that anyone can read code and find vulnerability, How she just said, if millions people can't able to find such vulnerability then she think one men can able to find. ( By Millions means their contributor ). And yes, linux is highly secure this is why most major tech giant company like Oracle, Google using linux instead windows.
You are right, but your example is not very good. Not only there are other, more likely reasons on why Windows gets more malware (mind you that Windows is orders of magnitude more popular than GNU/Linux), but also, there are notorious examples of security issues within Open Source products. Remember OpenSSL (heartbleed), Android (Stagefright, FakeID, others) etc...
@@searcyredd9520 During my internship, I saw Linux Desktops in Amazon for tech and non tech employees as their main computers. So there is a possibility of that happening.
These people have obviously never heard of IDA and reverse engineering… For all of the windows driver and the kernel there are PDBs available to make it even easier to reverse the files.
There is no scientific method for telling if a person is lying. However, you don't need to read anything to intuit that a representative for a company that relies entirely on intellectual property is never telling the whole truth about anything.
The claims that "open source software is more vulnerable because anybody could easily develop exploits when the source is available" (or similar wording) really make me laugh. I wish everybody understood that there is no such thing as securiry from obscurity.
Open source: Bad person: finds bug/backdoor in code and exploits/uses it. Good person: finds same bug/backdoor in code and patches it hopefully before the bad person exploits it too much. Admin: sees the bug fix from the good person and applies it to the main code, or if he refuses to do it (like if its an intentional backdoor) it might gain public attention (and you know what that can do)
In ASM you can see only params but just use IDAPro and custom naming convention to understand. just write quick little script in python or js deobfuscates string and address based fuckery. how do you think scene keygen is made?
If you want to see backdoors , connected the host to an vpn network and lunch tcpdump on the gateway , it’s amazing what you will discover especially windows a lot calls back home