Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Windows Government Microsoft Security

Microsoft Opens Source Code To KGB's Successor Agency 187

Posted by timothy from the we'll-trade-for-american-spyware dept.
Jack Spine writes "Microsoft has struck a deal with the Russian government which will give the FSB, successor to the KGB, access to the source code for Windows 7, among other products. The agreement is an extension of Microsoft's Government Security Program, according to a source with links to the UK government."
This discussion has been archived. No new comments can be posted.

Microsoft Opens Source Code To KGB's Successor Agency More

Microsoft Opens Source Code To KGB's Successor Agency

Comments Filter:

  • I'm sure this will turn out well (Score:5, Interesting)

    by linzeal ( 197905 ) on Friday July 09, 2010 @08:03AM (#32849252) Journal
    I'm more afraid of the FSB selling or having the code stolen from them by Russian hackers than the FSB actually doing anything. They are mostly incompetent hacks either leftover from the 90's or put there to be yes-men to Putin policy. Putin would not stack the deck against himself so he has cut out most of the intelligence in the intelligence agencies, that is why you get things like the recent spy swap debacle where they could not even penetrate a PTA meeting let alone the Pentagon.

  • FSB is not "the" successor to the KGB (Score:5, Interesting)

    by the linux geek ( 799780 ) on Friday July 09, 2010 @08:04AM (#32849258)
    The FSB is approximately a third of the total KGB capability, with the FSO and SVR being the other legs of the triumvirate. The FSB, being the replacement for the former First Chief Directorate, is mostly responsible for internal security (counterintelligence, counterterrorism, counterinsurgency, action against dissenters.) I don't see how this deal with Microsoft could possibly threaten the US or US interests, except possibly in a peripheral way.

  • Re:security holes of releasing source code (Score:5, Interesting)

    by TheRaven64 ( 641858 ) on Friday July 09, 2010 @08:05AM (#32849268) Journal

    They've already provided it to the Chinese (and the British, not sure who else). That means that the Russians and Chinese can look for and exploit holes in Windows. Last I heard (which, admittedly, was around 2002), the source code that they provide is not enough to build a complete Windows system, and the license does not permit building it, only reviewing it, so this only lets you find (but not fix) accidental flaws, not malicious ones.

    Basically, they get all of the disadvantages of open source security, but none of the advantages.

  • This is actually good (Score:4, Interesting)

    by Chrisq ( 894406 ) on Friday July 09, 2010 @08:09AM (#32849296)
    It will keep them tied up for years trying to find exploitable holes, when the real spies will use something else [darkreading.com]

  • Re:security holes of releasing source code (Score:2, Interesting)

    by Anonymous Coward on Friday July 09, 2010 @08:23AM (#32849348)
    The point of it is being able to review certain critical parts, for instance many of the governments require cryptographical reviews before an OS can be used by certain sections of the government and this sort of code access allows that. The intention is not for a government to go trawling through the entire source trees but to instead allow them review code that is necessary to follow whatever guidelines and legislation is applicable for that country. Do you really think most countries have any interest in reviewing all the code in windows? or even in linux or any other OS for that matter? the size of such a task would be beyond belief and a constantly moving target.

  • Trust, Interesting World (Score:5, Interesting)

    by Bob9113 ( 14996 ) on Friday July 09, 2010 @08:26AM (#32849358) Homepage

    It is an interesting world in which a United States company trusts Russian spies more than it trusts United States citizens.

  • Re:Trust, Interesting World (Score:3, Interesting)

    by fuzzyfuzzyfungus ( 1223518 ) on Friday July 09, 2010 @08:34AM (#32849412) Journal
    It is a world operating completely as expected when a multinational corporation cares more about satisfying the requests of large customers than it does small ones.

  • Re:security holes of releasing source code (Score:4, Interesting)

    by mlts ( 1038732 ) * on Friday July 09, 2010 @08:41AM (#32849468)

    Isn't it coincidental that the Chinese intelligence who received the source code suddenly had a lot of new Windows based 0-days and used them against US companies, Google mainly?

    The blackhats have the source and can look for bugs and errors that they can exploit at will. The whitehats have to guess or blindly firewall, hope that there are no remote exploits, and put a lot of resources into perimeter security.

    Maybe this is just another impetus for people and companies to move to UNIX based operating systems. Even a closed source offering like HP-UX or OS X (the pieces that are not open-sourced in Darwin or elsewhere) has been around such a long time that glaring show-stopper bugs are rare, and are usually limited to local exploits. This isn't to say things are perfect, but an exploit from remote like ssh is extremely rare on the UNIX side. To boot, UNIX variants have been getting a lot better at security, having ASLR, DEP, SELinux/AppArmor security policies, and other items to limit damage and spread of compromised code.

  • Re:I'm sure this will turn out well (Score:2, Interesting)

    by Anonymous Coward on Friday July 09, 2010 @08:51AM (#32849526)

    I tend to agree with your take on Putin.

    And, wtf. Those poor Russians just can't seem to get a break. They've gone from totalitarian monarchy to communism. Yay, workers paradise, except when the revolutionary dust settled they were still under totalitarian rule.

    And now that the confetti from the democratization celebration has blown away we are still looking at something remarkably similar to a dictatorship.

  • Re:security holes of releasing source code (Score:3, Interesting)

    by NotBornYesterday ( 1093817 ) on Friday July 09, 2010 @09:20AM (#32849786) Journal
    I wondered why they bothered with Windows at all, given their previous movement towards Red Flag Linux [wikipedia.org]. I wonder if they did so just to find the vulnerabilities ...

  • Re:Available as a Torrent in 3... 2... 1... (Score:4, Interesting)

    by arivanov ( 12034 ) on Friday July 09, 2010 @09:39AM (#32849984) Homepage

    And in which jurisdiction are you going to sue?

  • Re:As Stalin said (Score:3, Interesting)

    by gad_zuki! ( 70830 ) on Friday July 09, 2010 @10:40AM (#32850550)

    I've always found that quote to be amusing. It like admitting that communism can't produce enough rope, only capitalism can, but they need rope so they deal with capitalists. Reminds me of all those stories about the price of car wipers and toilet paper in the USSR because their command economy 'geniuses' couldn't figure it out or couldn't turn capital into production.

    >Nothing quite like putting quarterly profits above national security.

    Lets not be too dramatic. The source code of Windows isn't some big trade secret. Several governments have it. Afterall, they want to see the source just like you do with linux and they have the buying power to demand it.

  • Re:security holes of releasing source code (Score:4, Interesting)

    by alexo ( 9335 ) on Friday July 09, 2010 @11:18AM (#32850956) Journal

    the source code that they provide is not enough to build a complete Windows system, and the license does not permit building it, only reviewing it, so this only lets you find (but not fix) accidental flaws, not malicious ones.

    If I were in charge of an internal security agency, I would be more concerned about running an OS containing back doors or exploits than to try and exploit them myself. To that effect, I would insist on being able to build the OS from sources using a compiler that is known to be uncompromised (built it from source too). No other arrangement will guarantee that the copies I am running behave exactly like the source code says.

    If the FSB agreed to the terms that you mentioned, they are not doing their work.

  • Re:security holes of releasing source code (Score:3, Interesting)

    by shutdown -p now ( 807394 ) on Friday July 09, 2010 @12:22PM (#32851704) Journal

    Last I heard (which, admittedly, was around 2002), the source code that they provide is not enough to build a complete Windows system, and the license does not permit building it, only reviewing it, so this only lets you find (but not fix) accidental flaws, not malicious ones.

    From what I heard, this transfer is for complete buildable code, and, indeed, the whole point is that FSB guys will strip out everything they don't need to minimize attack surface, and use the resulting build for their own systems.

  • Re:Available as a Torrent in 3... 2... 1... (Score:4, Interesting)

    by theArtificial ( 613980 ) on Friday July 09, 2010 @01:09PM (#32852210)
    Wasn't that how the image hacks started? A specially crafted BMP. [securitytracker.com] There are more but this is one I recall off of the top of my head.

Slashdot Top Deals

I have hardly ever known a mathematician who was capable of reasoning. -- Plato

Close