John McAfee: NSA's Back Door Has Given Every US Secret To Enemies

John McAfee, American computer programmer and contributing editor of Business Insider, explains how the NSA's back door has given every U.S. secret to its enemies. He begins by mentioning the importance of software, specifically meta- software, which contains a high level set of principles designed to help a nation survive in a cyberwar. Such software must not contain any back doors under any circumstances, otherwise it can and may very likely allow perceived enemies of the U.S. to have access to top-secret information. For example, the Chinese used the NSA's back door to hack the Defense Department last year and steal 5.6 million fingerprints of critical personnel. "Whatever gains the NSA has made through the use of their back door, it cannot possibly counterbalance the harm done to our nation by everyone else's use of that same back door." McAfee believes the U.S. has failed to grasp the subtle implications of technology and, as a result, is 20 years behind the Chinese, and by association, the Russians as well.

Dear John

[alphatel]

You are mad. Perhaps even more crazy is the fact that you speak the truth.

Re:

[HiThere]

That's not actually true. You *CAN* do both, but you need to ration your resources to both. If you were to do it just right you could probably get a synergetic mix.

Unfortunately, giving either side all it wants is a recipe for failure, and if either side can grab the levers of power, then it won't show reasonable restraint. As you noted.

Re:

[HiThere]

I believe that most of the bankers are citizens, so for them to influence government is hardly an occupation. I've got a lot of problems with the *WAY* and the *EXTENT* to which they are able to influence the government, but not with their being able to at all.

It's reasonable to say that the US got hacked, but it pretty much did it to itself with the way it incorporated Nazi secret police into the NSA/CIA. (I don't believe either actually existed at the time, but the agencies that they were incorporated i

Re:

[luis_a_espinal]

that problem started due to the outcome of the civil war when the republic was subverted on paper in 1864

What the fuck what??????

Re:

[Nazlfrag]

Convince me you are sane.

Re:

[lord_rob the only on]

But where is John McAffee ?

Cool fact: McAfee writes all articles on napkins

[JoeyRox]

with a red crayon.

Re:Cool fact: McAfee writes all articles on napkin

[lgw]

...then eats the crayon.

... then eats the napkins.

Re:Cool fact: McAfee writes all articles on napkin

[K. S. Kyosuke]

With the articles on them? Now there's food for thought.

Re:

[Aighearach]

"Grain of salt" just means that you don't believe it blindly, you're aware the details may be wrong and you have to check them before believing each one. It applies to everything all the time; the phrase is just a reminder in some cases that checking is prudent.

Checking the details of what he says is important, you might have missed a few of the jokes with just a casual listening.

But I'm not convinced you understand American English cliches very well.

Stopped clock

[DrYak]

Even a stopped clock gives the correct time at least twice a day.

Even if McAfee has said other stupid things, I think it's very highly probable that any backdoor put into place by the NSA is probably well known by other service in other countries with big means and big budget, and probably exploited by them too (Though smaller player like Switzerland's Onyx probably don't have access).

I wouldn't be surprised if Snowden was far from the first time that China's MSS and Russia's FSB/KGB ever heard about those

Wait

[HangingChad]

Isn't this the guy wanted in connection with the mysterious disappearance of a former neighbor? I'm not sure I'd take anything at face value from Mr. Stability.

If he's talking about the Chinese, they don't need an NSA back door to hack systems in the U.S., they've been porking government and contractor systems for years. The Chinese have the designs for every nuclear weapon in our arsenal and the personnel records of hundreds of thousands of government workers, including their security clearance applicati

Re:

[Anonymous Coward]

Isn't this the guy wanted in connection with the mysterious disappearance of a former neighbor? I'm not sure I'd take anything at face value from Mr. Stability.

If you can't attack the message, attack the messenger, eh?

And per your next sentence: while the Chinese probably don't need to exploit the NSA's backdoor to get the information they want, it certainly makes it easier... and is deliciously ironic to boot.

Ad hominems don't self-justify.

[jbn-o]

If the messenger is insane, it is valid to question the sanity of the message. Not every interlocutor is a sane, rational person: Charles Manson is not going to give you sound advice.

Which is precisely what the grandparent poster didn't do; here's the irony of the challenge facing an ad hominem arguer: To successfully challenge the message one has to point out how the message is not worth taking seriously. The very thing the arguer tries to get us to ignore is the thing that has to be examined and taken dow

Re:

[BoogieChile]

Mr. Andreessen's automobile suddenly developed a flat tire one night, immediately outside the strong iron fence that walled off the local mental institution.

Annoyed but resigned, Andreessen jacked up the car and prepared to replace the wheel. He took off the hubcap, unscrewed the bolts, which he placed in the hubcap, which in turn was resting in the road, and placed the spare tire with its hub onto the axle.

He was about to reach for the hubcap with its bolts when a speeding car raced by and, even as Mr. And

Re:

[Aighearach]

If you're worried about the "sanity of the message" and flat-out conflating the quality of the messenger with the quality of the message, I can you're wrong and dull-minded in the most ordinary, typical, sane way. You're very sane, you just don't comprehend the activities around you. Your position would only be insane if held by a mentally competent person. An incompetent person is not insane merely because they do not comprehend.

Re:

[bill_mcgonigle]

Boy, we need a (-1, Ad hominem) here. FWIW, the non-mass-media account is that he was working on a science-based aphrodisiac chemical and had _far_ too many of the local women at his compound, so he "needed" to be run out of town. Who knows what the real story is, but AFAIK there's no evidence of a crime.

Anyway, since Juniper hasn't come clean about the providence of the backdoors, he's probably right about who the contractor really worked for. Regardless of whether it was NSA, GCHQ, or whatever, the sof

Re:

[flatulus]

... the providence of the backdoors, ...

You mean provenance

Re:

[stephanruby]

If he's talking about the Chinese, they don't need an NSA back door to hack systems in the U.S., they've been porking government and contractor systems for years. The Chinese have the designs for every nuclear weapon in our arsenal and the personnel records of hundreds of thousands of government workers, including their security clearance applications.

What would they get from an NSA back door that they don't already have?

I'll assume this last sentence is a rhetorical statement, and not an actual logical argument.

Because the same could be said of the NSA and the FBI, "they already have access to almost everything we have, why would they even want more access?"

doesn't seem to take into account human unquenchable thirst for more and more power.

Re:

[meerling]

It's seems more of a question to me than a statement. ;)

Re:Wait

[Lunix Nutcase]

It's laughable that they criticize Apple for not building in backdoors, when they are so obviously incapable of keeping any info from those backdoors a secret. China is outclassing them in every way and it's time we get a President like Trump who's at least capable of knowing there's a problem, unlike the "mainstream" crooks and liars.

So you're against people criticizing Apple for not building backdoors into their software but then you claim we need Trump as the president who has said he's going to force Apple to build in backdoors? Excellent troll is excellent!

Re:

[Ol Olsoc]

It's laughable that they criticize Apple for not building in backdoors, when they are so obviously incapable of keeping any info from those backdoors a secret. China is outclassing them in every way and it's time we get a President like Trump who's at least capable of knowing there's a problem, unlike the "mainstream" crooks and liars.

So you're against people criticizing Apple for not building backdoors into their software but then you claim we need Trump as the president who has said he's going to force Apple to build in backdoors? Excellent troll is excellent!

If I might, Irascable Bill Maher has some insight to the issue -Lies are the new truth.

https://www.youtube.com/watch?... [youtube.com]

The person who you are replying to has no problem with holding contradictory thoughts.

People have to on secure software

[Anonymous Coward]

In the 70s there were secure operating systems like Multics. Then the only things allowed for US export were the ones that failed to be secure. That's how we got DOS then Windows. Now everything needs to be rewritten from scratch by people without commercial pressure for there to be any chance. Think about the nave ending up forced to use "Windows for warships". In the meantime the Chinese always knew they couldn't trust software from the West. 20 year head start is probably an underestimate.

Re:

[Verdatum]

Think about the nave ending up forced to use "Windows for warships".

Heh, that takes me back: https://gcn.com/Articles/1998/... [gcn.com]

Re:

[Verdatum]

Not to mention: Navy pays 9.1 million dollars a year for them to continue supporting their installations of WinXP [newsweek.com]

Jumping at conclusions

[Anonymous Coward]

From TFA:

The British spy agency GCHQ, with the knowledge and apparent cooperation of the NSA, acquired the capability to covertly exploit security vulnerabilities in 13 different models of firewalls made by Juniper Networks.

I hope we all understand now what “acquired the capability” means. The NSA planted a programmer within Jupiter Networks. The was no other way to “acquire" this capability.

Except that he just referenced a claim that the British acquired the capability by being told about the backdoor, and he then goes on to say that the Chinese acquired the same capability by discovering the backdoor through reverse-engineering. So there is another way after all.

Which raises the following possibilities, each just as plausible as "The NSA planted a programmer":

1. The Chinese planted a programmer, and the NSA or GCHQ discovered it via reverse-engineering and shared it with the other.
2. The Chinese planted a programmer, and the NSA discovered it during review of source-code shared as a condition of purchasing for sensitive government use.
3. A programmer was paid to create the backdoor by a non-governmental entity interested in corporate espionage, and all the state actors discovered it via reverse-engineering.
4. The backdoor was created unintentionally (e.g. failure to remove white-box test code before going to production), and all the actors discovered it via reverse-engineering and/or source review.

Basically, John presents no evidence whatsoever for his claim that the NSA caused the backdoor.

Ultimately, I do agree with his point he does make is that code inspections can catch and close both intentional and unintentional backdoors. But the rest of the article is FUD.

Re:Jumping at conclusions

[hawguy]

From TFA:

The British spy agency GCHQ, with the knowledge and apparent cooperation of the NSA, acquired the capability to covertly exploit security vulnerabilities in 13 different models of firewalls made by Juniper Networks.

I hope we all understand now what “acquired the capability” means. The NSA planted a programmer within Jupiter Networks. The was no other way to “acquire" this capability.

Except that he just referenced a claim that the British acquired the capability by being told about the backdoor, and he then goes on to say that the Chinese acquired the same capability by discovering the backdoor through reverse-engineering. So there is another way after all.

Which raises the following possibilities, each just as plausible as "The NSA planted a programmer":

1. The Chinese planted a programmer, and the NSA or GCHQ discovered it via reverse-engineering and shared it with the other.
2. The Chinese planted a programmer, and the NSA discovered it during review of source-code shared as a condition of purchasing for sensitive government use.
3. A programmer was paid to create the backdoor by a non-governmental entity interested in corporate espionage, and all the state actors discovered it via reverse-engineering.
4. The backdoor was created unintentionally (e.g. failure to remove white-box test code before going to production), and all the actors discovered it via reverse-engineering and/or source review.

Basically, John presents no evidence whatsoever for his claim that the NSA caused the backdoor.

Ultimately, I do agree with his point he does make is that code inspections can catch and close both intentional and unintentional backdoors. But the rest of the article is FUD.

If the NSA discovered the backdoor on their own and didn't share it with Juniper so they could close it, that's arguably worse than if the NSA planted it themselves. At least if they planted it themselves, they could convince themselves that it's buried too deep to be discovered, but if they stumbled upon it themselves, then they *knew* it was discoverable and that it's likely that others had discovered it too.

Re:Jumping at conclusions

[tricorn]

Why would the NSA put in a back door that could be used by anyone? Only allow a connection that has the right private key. Sure, the key might be stolen, but it's a lot more secure than a wide open vulnerability. The NSA is more competent than that.

Re:

[Anonymous Coward]

If they did that, everyone would know who did it once a breach happens. There's no plausible deniability.

Re:

[Aighearach]

It would, because there would be a paper trail on the employee. If you know it is not an accident that changes the meaning of all the details in the investigation at the company; you can follow leads a lot more confidently. You also know to invest real money in certain types of audits of network activity that would not otherwise be of clear value.

If it is not distinguishable from a mistake, then you can't make inferences of malicious intent, and you can't reasonably audit networks expecting to uncover anyth

Re:

[meerling]

If a backdoor exists, it can be used by anyone with the skill to break in, which is much easier than trying to break in the primary security of that system because otherwise the backdoor would be redundant and probably wouldn't even exist in the first place. One of the primary securities to a backdoor is the obscurity as people don't try to open the door that they don't know is there. Of course, as soon as they find out about it's existence by whatever means, it becomes vulnerable. This is why any and all r

Re:

[dbIII]

The same reason they paid a Star Trek set designer to build an operations room.
Toy soldiers employed due to who they got drunk with in school playing at being James Bond.

Re:

[rtb61]

Why would the NSA plant a backdoor that could be used by anyone who discovered because stupid thats why. Basically there has been a complete administrative breakdown in the NSA in the lust for power by political appointees. They have been told time and time again to completely separate offencive operations from defence operations because they do not work well togethor and offence always takes over from defence, gets the best tools and the best people. The defence people should be housed in a completely sep

Re:

[AmiMoJo]

Then you have to hide a private key in the source code and binary somehow. It's easier to create a subtle programming error that opens up a way in, much like the "goto fail" bug in Apple's code. It looks innocent enough that it could just be a coding error or even a merge error.

The mistake was underestimating the ability of the Chinese to find and exploit the backdoor without the source code. It's incompetent to think that they wouldn't fuzz the hell out of every API and interface, but apparently the NSA di

Re:

[tricorn]

There's likely already an RSA public key and checking in the code. So, reuse the same modulus (where you, the coder, have access to the private key), and then just create a different public/private key pair. "3" isn't an unusual number, but makes for a fine RSA public exponent. Make a "mistake" when authenticating a secure connection (even if the secure connection is disabled), and if the backdoor key is being used, allow access without checking for passwords (or whatever other bypass you want) and accep

Too Easy To Find...

[IBitOBear]

A public key block would flag a back door very obviously. The data has a unique look. It also has a unique profile of use, in that someone would have to initialize a cipher session or whatever. Even a trivial code review would find a fully encrypted back door.

Hiding the public key block within an obfuscation generator adds a huge block of code instead of data, followed by the same need to invoke the cipher system.

To function as a "back door" the door, by definition, has to be pretty damn simple and innocuou

Re:

[myowntrueself]

From TFA:

The British spy agency GCHQ, with the knowledge and apparent cooperation of the NSA, acquired the capability to covertly exploit security vulnerabilities in 13 different models of firewalls made by Juniper Networks.

I hope we all understand now what “acquired the capability” means. The NSA planted a programmer within Jupiter Networks. The was no other way to “acquire" this capability.

Except that he just referenced a claim that the British acquired the capability by being told about the backdoor, and he then goes on to say that the Chinese acquired the same capability by discovering the backdoor through reverse-engineering. So there is another way after all.

Which raises the following possibilities, each just as plausible as "The NSA planted a programmer":

1. The Chinese planted a programmer, and the NSA or GCHQ discovered it via reverse-engineering and shared it with the other.
2. The Chinese planted a programmer, and the NSA discovered it during review of source-code shared as a condition of purchasing for sensitive government use.
3. A programmer was paid to create the backdoor by a non-governmental entity interested in corporate espionage, and all the state actors discovered it via reverse-engineering.
4. The backdoor was created unintentionally (e.g. failure to remove white-box test code before going to production), and all the actors discovered it via reverse-engineering and/or source review.

Basically, John presents no evidence whatsoever for his claim that the NSA caused the backdoor.

Ultimately, I do agree with his point he does make is that code inspections can catch and close both intentional and unintentional backdoors. But the rest of the article is FUD.

If the NSA discovered the backdoor on their own and didn't share it with Juniper so they could close it, that's arguably worse than if the NSA planted it themselves. At least if they planted it themselves, they could convince themselves that it's buried too deep to be discovered, but if they stumbled upon it themselves, then they *knew* it was discoverable and that it's likely that others had discovered it too.

If the NSA discovered a backdoor planted by GCHQ and the NSA then closed that backdoor that'd be in violation of the 5 eyes arrangement.

And don't forget, anything that GCHQ learns about American Citizens by spying on them through that backdoor would be shared right back to the NSA. So its win-win.

Re:

[hawguy]

Why the fuck do you quote the full posts of 2 parents up, just to add two lines of your own?
That just wastes my time scanning for what was added, and is just plain annoying.
This isn't email...

I can't speak for that poster but the reason I do it is because it's difficult to edit Slashdot posts on a phone - it's hard to mark and cut text when it exceeds the size of the input window (vertical scrolling is hard to control). Perhaps if Slashdot weren't locked into a 20 year old UI, then people would be able to do what you ask, because the last thing *anyone* wants is to waste the time of an Anonymous Coward.

Re:

[hawguy]

because the last thing *anyone* wants is to waste the time of an Anonymous Coward.

Lol. My user ID is less than half of yours. Posting anonymous lately due to a stalky ex. Anyhuw, thanks for the reasonable explanation, that makes it less annoying.

I'm pretty sure that having a low slashdot uid also went out of vogue 20 years ago. And besides this is just an account I use to get around a stalky ex, my real account has a single digit uid.

Re:

[Aighearach]

I'm pretty sure that having a low slashdot uid also went out of vogue 20 years ago

Wow kiddo, never stopped being jealous over digits. What a maroon.

No, I said we don't want any get off the lawn

Re:

[EETech1]

Remember... He sold software that was a backdoor that came pre-installed on virtually every Windows computer made for quite some time.

I'm sure he's gotten the same calls and letters from the TLAs before, and may have some insider knowledge in how it goes down.

Re:

[lgw]

Basically, John presents no evidence whatsoever for his claim that the NSA caused the backdoor.

But it's a reasonable guess, give we do have proof, thanks to Snowden, that the NSA has successful programs to put backdoors into similar gear. The Chinese government has done similar, but so far we only have evidence of that happening in gear manufactured in China (no idea where the Juniper boxes were made, so maybe just as likely?).

Re:

[complete loony]

Option 4 is unlikely, they made too many separate changes to enable this backdoor;
1. Use the broken Dual_EC random number generator.
2. Use their own Q constant, not the standard one decodable by the NSA.
3. Send 32 raw bytes from the RNG in a network packet.
4. Add a hard coded ssh password, with the same format as a debug string.

Whoever did this was trying to be underhanded. Leaving few clues in the source code and compiled binary. But there's no way these changes were accidentally included test code.

Re:

[Aighearach]

Just because you disbelieve the factual nature of every statement doesn't automatically mean it is "FUD." FUD is a real accusation with real meaning, it isn't just how you say BS when you're visiting slashdot.

There is no reason at all to create FUD here. He is clearly not trying to create that at all; he is trying to create certainty about his own relevance to the issue, and calling out various elements in the government by accusing them of what they are suspected of doing. Time will tend to prove him right

No doubt

[Archfeld]

There is no doubt that McAfee speaks the truth here, but what he doesn't reference is that while the NSA and the FBI are retarded, there are huge numbers of folks in the US who do not subscribe to that policy and HAVE kept up on security and can spin the US Gov'mint up to speed quickly when the need arises, and it will. The US has traditionally been a late riser when it comes to open warfare, we mince in and get bloodied and then, come together in an economic juggernaut, uniting seemingly perpetual fighting

Re:

[myowntrueself]

There is no doubt that McAfee speaks the truth here, but what he doesn't reference is that while the NSA and the FBI are retarded, there are huge numbers of folks in the US who do not subscribe to that policy and HAVE kept up on security and can spin the US Gov'mint up to speed quickly when the need arises, and it will. The US has traditionally been a late riser when it comes to open warfare, we mince in and get bloodied and then, come together in an economic juggernaut, uniting seemingly perpetual fighting sides of our country against any external threat, much like a bickering family consolidates against any outsider. Then when the threat is gone we go back to feuding like dysfunctional hamsters. I just hope we don't wait too long in the face of this more subtle threat...

"I fear all we have done is to awaken a sleeping giant and fill him with a terrible resolve."

"Regardless of the provenance of the quote, Yamamoto believed that Japan could not win a protracted war with the US. Moreover, he seems to have believed that the Pearl Harbor attack had become a blunder even though he was the person who came up with the idea of a surprise attack on Pearl Harbor. It is recorded that "Yamamoto alone" (while all his staff members were celebrating) spent the day after Pearl Harbor "sunk in apparent depression". He is also known to have been upset by the bungling of the Foreign Ministry which led to the attack happening while the countries were technically at peace, thus making the incident an unprovoked sneak attack that would certainly enrage the Americans."

The biggest blunder, though, was attacking Pearl Harbor while the US aircraft carriers were at sea.

Re:

[meerling]

Yes, but it's not like he could schedule a convenient attack time with the US Navy or anything.
Ok, back to nutjob Mcafee and busting into apple gear.

Re:

[dbIII]

uniting seemingly perpetual fighting sides of our country against any external threat

That generation is dead.

Re:

[Archfeld]

I don't think this generation would react differently to a consolidated external threat, they've just never had to face one, and with luck won't have to but I still hold high hopes that if the need arose the masses would too.

Re:

[dbIII]

The things your parents (or grandparents) had to put up with got them used to working together and prepared them for the situation while now we have a generation so coddled that they didn't even get to wander around unsupervised as children. I think it's roughly analogous to Rome where the legions ended up being full of people from the fringes of the empire because the citizens did not have the will to fight. The "I'm all right - fuck you" attitude had set in, and that attitude is very much at the core of

Software Backdoors Open Both Ways

[kenwd0elq]

Assume (and this is hopelessly naive) that any back doors that you leave in the software will never be found and hacked. With the U.S. Government's miserable record on keeping secrets, SOMEBODY on the team will turn out to be a Chinese or Iranian or Russian agent, and the back door will become a SCREEN door, allowing all your data to be stolen and disinformation inserted into your systems.

Re:

[Daniel Matthews]

Look at it more abstractly:

Any system feature that allows for the remote uploading of data such that it then is treated as privileged executable code will allow anyone with knowledge of this feature to have as much control over the system as the people who developed, or who currently administer, it.

"Backdoor" implies a deliberate act, but it is another matter to prove it was not simply incompetence.

So is it possible to create an entirely secure backdoor? Yes it is, but if other people have physical

Re:

[joh]

Are Apple phones backdoored? I don't know, but what I do know is that the right people with the right gear can pull the keys off any piece of commodity hardware they can physically access and take to their labs.

So why is Mc Nutcase not talking about such things? Perhaps broadcasting the truth and the entire truth is not his primary agenda?

Of course you can pull the hardware encryption key off an iPhone if you invest the effort. Just that this key is just the key for this very iPhone. This does not give you a backdoor to iPhones. Just to this iPhone.

He's speaking the truth in so far that the security culture that the NSA created actually is an insecurity culture. Looking for zero day exploits and them keeping them secret to save them for their own use instead of instantly having the companies fix them means others can find and use them too. I

Re:

[meerling]

All backdoors are screen doors, the only question is who currently knows it's there and walks in to raid your dresser?

OPM was hacked, not DoD

[andy1307]

Is it too much to get the basic facts right?

Nothing new here...

[Aryeh Goretsky]

Hello,

Mr. McAfee has a rich and varied history of stating as fact things which cannot be proven as true or as false, simply because they cannot be verified. It is most certainly not paranoid rantings, nor is it based on any actual information about the current situation. Instead, it is carefully-crafted statements made for one reason and one reason only: To maximize his coverage in the media.

Recent examples of similar behavior include:

• Notifying [ibtimes.co.uk] the world that he had determined the Ashley Madison hacker to be a former female employee, based entirely on his interpretation of the language used in the disclosures. In fact, investigative journalist Brian Krebs had contemporaneously identified the probably hacker as European man who had lived in North America for a period.
• Offering [ibtimes.co.uk] to decrypt the iPhone used at work by Syed Rizwan Farook, primarily through the use of social engineering to obtain the passphrase or PIN unlock code. Social engineering the dead man's close friends and relatives in order to gain relevant information would likely need to be done in Arabic, Urdu or perhaps even Pashto. And, in any case, was subsequently rendered moot when it was revealed the phone's passphrase had been reset by law enforcement.
• Claiming [ibtimes.co.uk] that America was vulnerable to EMP attacks, despite the fact that EMP weaponry had been investigated for years by Winn Schwartau [wikipedia.org] who eventually determined widespread use wasn't feasible.

Sometimes making comments to the media works to McAfee's advantage, sometimes they don't. But as long as he keeps coming up with new ones, he keeps getting media coverage. This story is just one more example of such continuing behavior.

Regards,

Aryeh Goretsky

Re:

[dbIII]

On the last issue it really depends on how far someone wants to go so while he is technically correct it's pointless. If an enemy wants to detonate a hydrogen bomb in the upper atmosphere above the USA as an EMP weapon then there would already be far worse things to worry about.

Re:

[lars_stefan_axelsson]

That's not quite the conclusion drawn by your own government's EMP commission [empcommission.org]:

Several potential adversaries have or can acquire the capability to attack the United States with a high-altitude nuclear weapon-generated electromagnetic pulse (EMP). A determined adversary can achieve an EMP attack capability without having a high level of sophistication.

A readable fictionalisation of such an event can be read in "One Second After [wikipedia.org]"

Now, if all you're saying is that there are more pressing things to worry about, then sure. There always are. But an EMP strike is unfortunately well within the means of a fairly unsophisticated attacker and could be made in a deniable fashion. (That won't help you much, as the US is not above attacking whole countries for unrelated reasons, (cough) Ira

Re:

[dbIII]

My point is that if someone detonates a nuke over the USA it's not going to be the only thing they do, hence "far worse things to worry about".

Re:

[lars_stefan_axelsson]

Yes, I'm not sure I agree with that. Sure, an EMP strike as part of an all out Soviet style nuclear armageddon attack, is neither here nor there. There's going to be plenty of EMP going around anyway, and the overpressure/heat/radiation/fallout are going to be much, much, worse problems.

But, my point is rather that if you're facing that kind of enemy then EMP isn't that much of a concern, if you're facing a much smaller and weaker enemy, then all of a sudden an EMP strike becomes a force multiplier and part

Re:

[dbIII]

Now, you'd still need a state level actor here, but which state? Are you going to nuke all of North Korea, Pakistan, Iran etc. in retaliation?

Well Libya did get the crap bombed out of it when a Pan Am jet was blown up with explosives traced back that far even though Iran was actually financing the terrorist that did it. Retaliation is going to happen to whoever is already on the shit list (eg. Iraq after 9/11) instead of whoever actually was responsible.

If you're worried about nations with just a small han

Re:

[lars_stefan_axelsson]

Well, in order to take out the entire country with one strike you need a megaton device and large rocket. But for say Texas, a kiloton on top of a "Scud"-class missile would do quite nicely.

Now of course, Pan Am was different in that it was a very localised event with law enforcement etc. being able to respond in full. With a couple of mid-high level EMP bursts, resources would be severely strained to do that, to say the least. So the only relatively quick option then is striking with nuclear weapons (even

Re:

[dbIII]

The question then becomes, whom do you shoot? That's not an easy question

It was after 9/11 :(
The people with their fingers on the button shoot whoever has annoyed them the most in the past.

Other nations should have raised the issue

[AHuxley]

The UK was very happy to let the press, courts, authors and historians just wonder about the role of the GCHQ for decades.
If expert help was needed for the courts different front groups could offer decryption or play the role of expert witnesses. No need for any comment in open court or for anyone to even understand any aspect of the UK's signals intelligence. Large bases globally, huge amount of staff had nothing to do with the public, courts, politicians, the press, authors. Funding flowed and colle

Systemic Failure

[DFDumont]

Anyone (else) remember how we used to write programs (for the main frame)? The Chinese didn't invent anything, they simply followed the IBM red book. Although the advent of personal computers has certainly changed everything, the very basis upon which they did that eliminated the very thing being touted. Giving the power to process data (write code) to the end user will of necessity remove any impetus for code review.
There are other issues as well that are engendered in the forces driving software development itself. First and foremost is the inclusion of inexperienced programmers. Ones whose only experience is with writing GUI routines who are then promoted to creating systemic code. The two have completely different security needs. Similarly the move to frameworks such as AGILE where code production is valued over code correctness have led to a plethora of routines which only have positive testing, and no review. Finally the creation of both tertiary languages, ones that have to be translated twice before they arrive at machine code, and the rampant use of tools which eliminate the need to actually write code in lieu of dragging and dropping functional blocks, make code review nearly impossible. You aren't reviewing the code itself but rather larger collections of routines. You'll never find the backdoor because it isn't in the code you are reviewing.
What I'd like to see, and it won't happen, is a return to the bad old days. This is when a program update took between 6 mos and several years due to review and rewrite schedules. You can approach the same endpoint with well constructed negative testing, but I have yet to encounter a software firm which performed exhaustive negative testing. Usually if it is done at all it is simply a session using random data. No stress testing. No deliberate failure induction. No code review.
Why do we want to move all of our things to being internet connected (IoT) when we can't even write a decent firewall.

Re:Didn't McAfee Side With the FBI?

[PsychoSlashDot]

I thought he sided with the FBI against Apple. He thinks Apple should include a backdoor in their phones for the FBI...and now he's pointing out how dangereous backdoors are....

No, he didn't side with anyone. He offered to decrypt the phone. That's not what the FBI wants. The FBI wants Apple to produce vulnerable code. John didn't offer to produce vulnerable code. By making his offer, McAfee was illustrating that the FBI isn't after the decrypted data.

Re:

[Lunix Nutcase]

He may not have explicitly sided with Apple, but his remarks in this article [businessinsider.com] were clearly not on the side of the FBI.

Re:Didn't McAfee Side With the FBI?

[Dutchmaan]

..and what's wrong with McAfee showing that the FBI was interested in a little bit MORE than just a decrypted phone?

He offered them what they SAID they wanted by a different path. So the FBI was lying because what they REALLY wanted wouldn't sit well with the public. So THANK YOU McAfee for actually looking out for the people.

Re:

[Lunix Nutcase]

I didn't say there was anything wron with what he said. I was disproving the GP's claim that McAfee was siding with the FBI.

Re:

[Raenex]

He offered them what they SAID they wanted by a different path. So the FBI was lying because what they REALLY wanted wouldn't sit well with the public. So THANK YOU McAfee for actually looking out for the people.

He made an offer to decrypt the phone without any demonstration that he could actually do it. Do you think the FBI would just hand over a critical piece of evidence to a wacko bird and his supposed crack team of hackers?

Re:

[Raenex]

If that's really the case, then all McAfee had to do was get the same model phone and make a video of it being hacked with explicit instructions, rather than going on his word. The FBI wouldn't even have to give him the phone.

Re:

[AchilleTalon]

What Mr McAfee propose is pure bullshit. If Apple did its job properly, the data cannot be decrypted without recovering the encryption key which should be long enough to make a brute force attack unfeasible within a reasonable amount of time with currently available computing ressources on this planet all working together toward a single and same goal.

That's why the FBI is asking Apple to flash the firmware on THIS iPhone with a new signed version from Apple with the number of attemps limit removed and the

Re:

[Lunix Nutcase]

He makes me uncomfortable by holding the same position that I do? Yeah, sure, guy.

Re:

[meerling]

He makes me uncomfortable being on the same planet, but there's nothing that can be done about that.
I've seen him as a nutcase since the 90s.
I'm just surprised the media finally noticed.

Re:

[gl4ss]

john doesn't have the firmware signing certs or the 0-day fw jailbreak(and ios sources.. maybe doable without the ios sources but would take a lot longer)..

it's not about making even vulnerable code. what the fbi wants in the iphone 5c case is to make a fw that boots the phone and has the 10 tries wipe command disabled. entirely doable on iphone 5C, with apples fw cert and ios sources it's just an afternoon to do what the FBI requests and it will not compromise anything else than the phone it is loaded on.

Re:Sublte Lie

[sumdumass]

Wow..

If it is known that I can defeat security measure X for Y reasons, then I can defeat security measure X for any reasons. Yes, the FBI specifically asked Apple to write code to defeat it's own security measure. If it happens, the FBI does not need to have access to the code, just access to Apple which is the same in all respects considering the loose requirements for warrants under laws like the patriot act and so on.

Nothing material about what was said is false. Please stop arguing semantics. It is about as bad as Dick Cheney going around saying that no one's civil liberties were violated in the metadata bulk collection spying because they are officially "company records" and not private communications.

Re:

[AchilleTalon]

False, the FBI may just get Apple's private key to sign the firmware and they will then be able to write their own firmware to circumvent the protections which prevent them to crack the password and recover the encryption key and flash the device with the new firmware. This model, iPhone 5c, doesn't require the user's authorization to be flashed. The only thing that prevent the FBI to go ahead without any help from Apple is the signature of the firmware.

Re:

[sumdumass]

Sigh.. reading comprehension is not your strong point is it?

Re:

[meerling]

Only if your personality is that of a nutcase, which definitely applies to him.
He's been licking that acme toad for a long time now, but it's finally starting to get covered by some of the media.

Re:Didn't McAfee Side With the FBI?

[Lunix Nutcase]

He did no such thing. That article you wrongully remember was him blasting the US government and comparing them to the Nazis.

Re:

[Lunix Nutcase]

Why is my post funny? What's funny about disproving the GP's claim that McAfee sided with the FBI?

Re:

[ColdWetDog]

Mods are being subtly ironic today.

Sunspots.

Re:

[Lunix Nutcase]

My counterpoint to what?

Re:

[eyenot]

McAfee isn't unaware of all this. One of his campaign keys is that he will provide a more security-hardened communications platform to U.S. government personnel.

Re:

[eyenot]

I take a different tack, from a perspective that the NSA should always seek to be more transparent. This has proven to be a pretty successful basis of advice, so far.

Whatever backdoors the NSA is using, they should reveal to the American public. This in turn makes the information available to enemies of the U.S., but it also gives the U.S. public all the tools they need implement measures to safeguard against the threat. Let's leave it to the CIA to secretly use backdoors against the U.S.'s enemies, and let

Re:

[stephows]

As an Australian, I feel very uncomfortable about an American coming up my back passage. It makes me feel naked and violated.

Re:

[eyenot]

I'd have to agree based on many historic examples.

The current issue with Apple is my favorite example at the time. There's no way of knowing whether Apple has already given some agencies backdoors or not; if they have, pretending to "fight" with the agencies on a backdoor gives consumers and shareholders the illusion that's more desirable.

And also, let's take into consideration that Apple is well-known for abusing the leverage of "planned obsolescence". Their devices are apt to be updated with a completely

Re: They are all working together

[Anonymous Coward]

From John McAfee - I have considered that. But isn't it more convenient to assume, at the start, that individual people are mostly honest, than mostly dishonest?

I have the most to lose - already being investigated by the FBI for a multitude of imagined offenses (multiple murders, drug manufacturer, treason and a host of others). I am, at least, standing up - risking all - and calling the FBI deceptive, dishonest, self serving and anti-society.

The US government is, without any doubt, my enemy. At least with

Re:

[meerling]

He has a long history of doing unethical and dishonest things, including lying and ip theft in the software industry. I'm not just talking about when he ran his company, but him personally. Of course, it's not like he's ever been taken to court for it, and very little of it was ever published that I'm aware of, but still, even if you do firmly believe that most people are basically honest, do not include him with that group.

Re:

[dbIII]

and ip theft in the software industry

The commercial software industry pretty well started with Gates and others dumpster diving for other people's code and closing off previously freely available software that other people had written. The figures that are not "wild west" were either giving their stuff away with hardware or publishing it freely from academia.

Re:

[eyenot]

... isn't it more convenient to assume, at the start, that individual people are mostly honest, than mostly dishonest?

Sure. For instance, I assume at the start that John McAfee is mostly honest. That's why my assumption is perhaps John hadn't thought of a potentially dishonest Apple in this situation.

But overall, how can anybody pursue info security without a strong tendency to assume dishonesty on behalf of nearly every party?

At least with Apple there is the possibility that they are not my enemy.

But that's also true, as well. Given the numerous lies against John McAfee and attempts on his life, I wouldn't call it necessarily "fatigue" if he were to hedge his bets with a potential non-threat

Re:

[eyenot]

If all you think the Cold War is about is nuclear weapons brinkmanship, you're totally coddled as to (or better, per) the Cold War.

There are things that came to fruition just prior to and during WW2 that haven't even brushed the public foremind, yet. And even the nuke race aspect has been escalating for the last seven years, which puts your De Lorean reference way out in right field.

Re:

[eyenot]

Heh.

Thanks, A.C., for calling me "Mulder" -- it suggests that my views could be popular instead of quieted up.

But sorry, I can't bite. Frankly, just judging by your tone, it would do me little good to even breach any one of numerous subjects. I'll just take your below-the-surface bubbling of ridicule ready to blow for what it is and leave the island before it blows.

Re:

[eyenot]

Just because John wouldn't show up for your Annual Tinfoil Hat Convention doesn't mean you should just lash out in anger and dismiss the entire field. There are still people in Tinfoil Hat land who need leaders like you to press ahead, even if John can't be one of them.

Re:

[codepigeon]

Americs has fallen behind in nearly every area. We are a stupid nation a lot of the time.

Mr. Trump, is that you?

Re:

[gweihir]

I disagree. Name one area where the US is not behind. "Arrogance", "barbarism", and "general stupidity" do not count.

Re:

[Aryeh Goretsky]

Hello,

Actually, hosts files are a reactive technology and not a proactive one, since they only block what is already listed in them. That does not mean they are useless, of course, but that they are just a supplemental tool, much like anti-malware software, segmenting administrative and user privilege, auditing logs, etc. There's no one magic bullet for security.

Regards,

Aryeh Goretsky

Re:

[gweihir]

Not necessarily. A vendor can place a backdoor that is very hard to abuse by anybody else. As soon as you have several parties in there, things get murky. For example, the government is known to be incapable of reliably keeping secrets, as Snowden so impressively demonstrated. Then there is the problem that placing backdoors securely is very expensive to get right (hence the ones placing them must have maximum access and a strong motivation to make them secure, something a vendor will never have as it decre

Re:

[Anne Thwacks]

Soon trump will try to put a stop to this.

By deploying an entire Internet of cats?

Re:

[dbIII]

Soon trump will try to put a stop to this.

By deploying an entire Internet of cats?

That's what it's for. We have Cat6 cable now after all.