Contrary to reports, Assange didn't say Debian is owned by the NSA, but rather that it is easy to backdoor operating systems: https://twitter.com/wikileaks/status/454261872704094208
On 04/10/2014 11:48 AM, rysiek wrote: > Hi there, > > so this has come to my attention. Whaddya guys and gals think? > > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > > http://igurublog.wordpress.com/2014/04/08/julian-assange-debian-is-owned-by-the-nsa/ > > > In his Q&A to his keynote address at the World Hosting Days Global 2014 > conference in April, the world’s largest hosting and cloud event, Julian > Assange discussed encryption technology in the context of hosting > systems. He discussed the cypherpunk credo of how encryption can level > the playing field between powerful governments and people, and about 20 > minutes into his address, he discussed how UNIX-like systems like Debian > (which he mentioned by name) are engineered by nation-states with > backdoors which are easily introduced as ‘bugs’, and how the Linux > system depends on thousands of packages and libraries that may be > compromised. > > I recommend watching his 36 minute Q&A in its entirety, keeping in mind > my recent warnings about how GNU/Linux is almost entirely engineered by > the government/military-affiliated Red Hat corporation. > > The Voice of Russia website has an article on Assange’s address with a > few quotes: > > “To a degree this is a matter of national sovereignty. The news is > all flush with talk about how Russia has annexed the Crimea, but the > reality is, the Five Eyes intelligence alliance, principally the United > States, have annexed the whole world as a result of annexing the > computer systems and communications technology that is used to run the > modern world,” stated Julian Assange in his keynote address… > > Don’t just read the short article, listen to the address yourself, > because Assange goes into many areas, and the work being done in these > fields. > > Assange mentions how Debian famously botched the SSL random number > generator for years (which was clearly sabotaged – a known fact). > Speaking of botched security affecting Red Hat, Debian, Ubuntu, Gentoo, > SuSE, *BSD, and more, the nightmarish OpenSSL recently botched SSL again > (very serious – updated comments on how a defense contractor in Finland > outed the NSA here?) It’s very hard to believe this wasn’t deliberate, > as botching the memory space of private keys is about as completely > incompetent as you can get, as this area is ultra-critical to the whole > system. As a result, many private keys, including of providers, were > potentially compromised, and much private info of service users. Be sure > to update your systems as this bug is now public knowledge. (For more on > how OpenSSL is a nightmare, and why this bug is one among many that will > never be found, listen to FreeBSD developer Poul-Heening Kamp’s > excellent talk at the FOSDEM BSD conference.) > > From the start, my revelations on this blog about Red Hat’s deep control > of Linux, along with their large corporate/government connections, > hasn’t been just about spying, but about losing the distributed > engineering quality of Linux, with Red Hat centralizing control. Yet as > an ex-cypherpunk and crypto software developer, as soon as I started > using Linux years ago, I noted that all the major distributions used > watered-down encryption (to use stronger encryption in many areas, such > as AES-loop, you needed to compile your own kernel and go to great > lengths to manually bypass barriers they put in place to the use of > genuinely strong encryption). This told me then that those who > controlled distributions were deeply in the pockets of intelligence > networks. So it comes as no surprise to me that they jumped on board > systemd when told to, despite the mock choice publicized to users – > there was never any option. > > A computer, and especially hosting services (which often run Linux), are > powerful communication and broadcasting systems into today’s world. If > you control and have unfettered access to such systems, you basically > control the world. As Assange notes in the talk, encryption is only as > strong as its endpoints. eg if you’re running a very secure protocol on > a system with a compromised OS, you’re owned. > > As Assange observed: > > “The sharing of information, the communication of free peoples, > across history and across geography, is something that creates, > maintains, and disciplines laws [governments].” > > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >
