Re: NSA software in Debian
Le 24 janv. 2014 à 14:17, Andrew McGlashan <andrew.mcglashan@affinityvision.com.au> a écrit :
> Hi,
>
> On 19/01/2014 6:30 AM, Marco Saller wrote:
>> i am not sure if this question has been asked or answered yet, please do not mind if i would ask it again.
>> Is it possible that the NSA or other services included investigative software in some Debian packages?
>
> I've read all the posts so far in this and related threads (each tree of
> this top thread actually).
>
> It is definitely not beyond the realms of possibility that hardware is
> compromised WORLDWIDE, from hardware additions to firmware
> /adjustments/. It might not be cheap to compromise as many machines as
> you want, but it might be cheaper to consider every machine a possible
> target, so the NSA could modify every single machine they could get
> their hands on and many that they can remotely access via other means.
>
> There are problems at every level, including hard drive firmwares,
> ordinary looking USB cables, tricked VGA leads ... and these
> revaluations come from a document with a date of 2008.
>
> Also, it is not impossible for *any* organization to have a /ghosted/
> version; we might be installing Debian from a ghost version of Debian
> that is compromised and for all intents and purposes, it appears 100% to
> be Debian. DNS can be taken over at any point to allow the /ghost/
> version to be *the* version that any one of us sees.
Then DNSSEC appeared ! :)
I remind you it is really difficult to compromise DNS zones protected by DNSSEC, even if you have control on root DNS servers (they probably have it) and the knowledge of the complete root DNS key (they likely don't have it).
There is no point in considering DNS as compromised, since it would be much easier (and as difficult to hide) to subvert IP routing. By the way if you succeeded in redirecting DNS traffic to your box, you probably have the power of redirecting all the traffic to your box.
Best regards
Emmanuel Thierry
Reply to: