For all the critics and ignoramuses who choose 

to bash the publishers about content posted, 

You need to read this!

Nesaranews Mission Statement

Question -- What is the goal of this website? Why do we share different
 sources of information that sometimes conflicts or might even be 
considered disinformation? 
Answer -- The primary goal of Nesaranews is to help all people become better 
truth-seekers in a real-time boots-on-the-ground fashion. This is for the purpose 
of learning to think critically, discovering the truth from within—not just 
believing things blindly because it came from an "authority" or credible source. 
 Instead of telling you what the truth is, we share information from many sources so that you 
can discern it for yourself. We focus on teaching you the tools to become your own authority 
on the truth, gaining self-mastery, sovereignty, and freedom in the process. We want each of 
you to become your own leaders and masters of personal discernment, and as such, all 
information should be vetted, analyzed and discerned at a personal level. We also 
encourage you to discuss your thoughts in the comments section of this site to engage in a 
group discernment process. Not to bash publishers!

"It is the mark of an educated mind to be able to entertain a thought 
without accepting it." – Aristotle

Monday, July 10, 2017

Kaspersky agrees to turn over source code


IN WORRISOME MOVE, KASPERSKY AGREES TO TURN OVER SOURCE CODE TO THE US GOVERNMENT


Rhett Jones
July 2 2017 





Over the last couple of weeks, there’s been a disturbing trend of governments demanding that private tech companies share their source code if they want to do business. Now, the US government is giving the same ultimatum and it’s getting what it wants.

On Sunday, the CEO of security firm Kaspersky Labs, Eugene Kaspersky, told the Associated Press that he’s willing to show the US government his company’s source code. “Anything I can do to prove that we don’t behave maliciously I will do it,” Kaspersky said while insisting that he’s open to testifying before Congress as well.

The company’s willingness to share its source code comes after a proposal was put forth in the Senate that “prohibits the [Defense Department] from using software platforms developed by Kaspersky Lab.” It goes on to say, “The Secretary of Defense shall ensure that any network connection between … the Department of Defense and a department or agency of the United States Government that is using or hosting on its networks a software platform [associated with Kaspersky Lab] is immediately severed.” 

Jeanne Shaheen, a New Hampshire Democrat tells ABC News, that there is “a consensus in Congress and among administration officials that Kaspersky Lab cannot be trusted to protect critical infrastructure.” 

The fears follow years of suspicion from the FBI that Kaspersky Labs is too close to the Russian government. The company is based in Russia but has worked with both Moscow and the FBI in the past, often serving as a go-between to help the two governments cooperate. “As a private company, Kaspersky Lab has no ties to any government, and the company has never helped, nor will help, any government in the world with its cyber-espionage efforts,” an official statement from Kaspersky Labs reads.

The proposal prompted an official response from Russian Communications Minister Nikolay Nikiforov. He warned that any “unilateral political sanctions” would prompt retaliation from Russia. He emphasized that his government uses “a huge proportion of American software and hardware solutions in the IT sphere, even in very sensitive areas.”

* The fight over source code comes at a moment when Americans are deeply distrustful of the Russian government. The Russians alleged involvement in the hacking of the 2016 election combined with numerous suspicious ties to our president’s campaign has everyone on edge. But setting the precedent of gaining trust through source code access is dangerous, as is capitulating to those demands. 

*(The daily morning BS report as told by the American MSM.)

Russia has been making the same requests of private companies recently. Major technology companies like Cisco, IBM, Hewlett Packard Enterprise, McAfee, and SAP have agreed to give the Russian government access to “code for security products such as firewalls, anti-virus applications and software containing encryption,” according to Reuters

Security firm Symantec pointedly refused to cooperate with Russian demands last week. “It poses a risk to the integrity of our products that we are not willing to accept,” a Symantec spokesperson said in a statement. 

The risks are the same whether it’s the US or Russia being given access to source code. It gives these governments an opportunity to locate security vulnerabilities that they might not be able to find otherwise. 

Obviously, Russia has been accused of numerous cyberattacks lately, including the Yahoo email breach and the hacking of the DNC(AMERICA - LOOK FIRST AT THE ACCUSERS FOR THEIR GUILT - NOT AT RUSSIA - THEN YOU WILL FIND THE GUILTY PARTIES IN THE HACKING ACCUSATIONS.  MSM NEVER PROVIDES TRUTH TO THE AMERICANS.)


But the US also hoarded security vulnerabilities for years to use as cyberweapons. Recent global outbreaks in ransomware have been traced back to tools from the NSA that were leaked by a group known as the Shadow Brokers

In a statement following the WannaCry ransomware attacks, Microsoft said “an equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen.” It’s obvious that the US can’t be trusted with this knowledge and companies shouldn’t help them gain it.

Lawmakers have every right to worry about Kaspersky Labs’ products being used on official government systems. If they have some sort of knowledge that we don’t, they should cut ties. But setting this sort of precedent is not a good sign. Kaspersky agreeing to the demand is not a good sign. Numerous western companies doing the same for Russia is not a good sign.

In the same way that experts say that you shouldn’t pay the ransom when hit by ransomware.  Tech companies need to block this coercion before it gets out of control.

[Associated Press]

Comment:  
While I appreciate this article, a lot of people might not understand why showing your source code can expose security weaknesses:

Programmers like myself build systems that can span hundreds of files and millions of lines (billions for some things). Every time that we use conditional statements to check things, or reach for code outside of our own (especially libraries on your computer that may change over time) or create patterns in the way that we access, change, or store data on your computer, we may create a point of weakness for someone to exploit. Much of the time we are trusting that because the specifics of those operations are obscured by how much harder it is to find them after the program has been build and how scattered the machine code is. By showing source code to a party that may choose to be malicious with that knowledge later, it becomes possible for them to use the source code like a road map to test those potential points of weakness and come up with detailed hacks that cheat the system much faster because they are not forced to figure things out through trial and error or painstaking (often fruitless) reading of the assembly code.

https://gizmodo.com/in-worrisome-move-kaspersky-agrees-to-turn-over-source-1796587120

No comments:

Post a Comment