Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Government Security United States Politics Technology

Tech Firms Let Russia Probe Software Widely Used by US Government (reuters.com) 115

Major global technology providers SAP, Symantec, and McAfee have allowed Russian authorities to hunt for vulnerabilities in software deeply embedded across the U.S. government, Reuters reported on Thursday. From the report: The practice potentially jeopardizes the security of computer networks in at least a dozen federal agencies, U.S. lawmakers and security experts said. It involves more companies and a broader swath of the government than previously reported. In order to sell in the Russian market, the tech companies let a Russian defense agency scour the inner workings, or source code, of some of their products. Russian authorities say the reviews are necessary to detect flaws that could be exploited by hackers. But those same products protect some of the most sensitive areas of the U.S government, including the Pentagon, NASA, the State Department, the FBI and the intelligence community, against hacking by sophisticated cyber adversaries like Russia.
This discussion has been archived. No new comments can be posted.

Tech Firms Let Russia Probe Software Widely Used by US Government

Comments Filter:
  • ... that I could be confident our elected officials were at least smart enough not to believe Russian officials also needed root access to all the production machines in order to complete a source code audit.

  • by Anonymous Coward
    China demanded the source code for Microsoft stuff, in order to allow them to do business in the country. This isn't anything new. What needs done is the US to go to F/OSS, where everyone scrutinizes bugs, not the hallowed few who have source code access.
  • by Anonymous Coward

    So if it's wrong/bad for foreign entities to view the source code of software used by the US government, does that mean that the US government should avoid any and all open source software because foreign entities can easily view its source code?

    • by Anonymous Coward

      > So if it's wrong/bad for foreign entities to view the source code of software used by the US government, does that mean that the US government should avoid any and all open source software because foreign entities can easily view its source code?

      Quite the opposite.

      It's a given that other governments -- especially the powerful ones -- will get to view (and review) the source of _closed_ products as a pre-requisite condition to prevent a software product from having its sales vetoed.

      That way, even if you

    • by Altrag ( 195300 )

      The problem isn't that foreign entities can review the source code. The problem is that nobody else gets to, so the foreign entities have the capacity to find bugs and simply not report them. You know, the kind of thing the NSA absolutely never ever would do because the US is so much better than anyone else..

  • Actual headline: (Score:5, Insightful)

    by king neckbeard ( 1801738 ) on Thursday January 25, 2018 @04:28PM (#56002931)
    Here's what the actual headline should be:
    Tech firms let Russia probe software widely used by US government, following same processes US government, and all other governments, use.

    This is a non-story. They try to make it sound like this is some nefarious method to undermine the US government, when the reality is that they're checking to make sure there aren't NSA backdoors.

    • Re: (Score:2, Insightful)

      by Train0987 ( 1059246 )

      Gotta keep that Russians!=BAD narrative alive at all costs.

    • by gweihir ( 88907 ) on Thursday January 25, 2018 @05:00PM (#56003253)

      Indeed. And governments can get access to windows source code as well. It is a good bet that the Russians and the Chinese also have this access.

      • by Anonymous Coward

        It's well-known that they do, as do many Universities. They've had access for many years now.

        This isn't news, it's propaganda.

    • So if the Russian Government uses Windows 10, does that mean that it's certified by the Russian Government to *NOT* contain an NSA backdoor? If so, then I feel better about using it.
      • It means they're aware of any backdoors they found and have thought of mitigations for them.
        It also means any they have a war chest of their own 0-day exploits they've found.

        It could also mean if they use it, they do so only to appear to trust it.

        So basically, it means nothing at all and you can't base anything on it.

    • You'd think the Congress critters would be grateful for the free penetration testing. It's not like Symantec will only patch the vulnerabilities for the Russian edition.
      • It means the Russians won't tell Symantec about the vulnerabilities they find.

        • Of course they would, they'd be vulnerable to it the same as everyone else. I know what the assertion is from the critters, but as usual their inability to comprehend technology results in the wrong conclusions being drawn. Security through obscurity isn't...
  • Stupidity is absolutely everywhere. Yes, let's just give away the keys to the castle. Maybe the US Government will start building its own systems instead of relying on shitty vendors like Oracle or SAP. Systems that have great need for secrecy should be custom developed in house.
    • by Anonymous Coward

      Systems that have great need for secrecy should be custom developed in house.

      Systems with a great need for secrecy, yes, should be developed in-house.

      Systems with a great need for security, no, should absolutely NOT be developed in-house.

      It's like home rolling your own crypto algorithm, it only seems like a good idea to those who don't know anything about cryptography.

    • by gweihir ( 88907 )

      Oh, yes! And I know personally, that *gasp* LINUX is used in federal agencies and banks! They failed to make that source code secret and it is apparently completely open! I was able to just _download_ it!

      In other news, the stupidity-level of your posting is staggering.

    • Stupidity is absolutely everywhere.

      I agree. Perhaps closer than you realize.

    • It's going to be awful hard for the U.S. government to create their own systems that are superior to commercial offerings when they can't acquire or retain talent because the pay is too low and the working conditions suck.

  • by NicknameUnavailable ( 4134147 ) on Thursday January 25, 2018 @04:36PM (#56003017)
    Of course a defense department looking to use a piece of software is going to inspect it for security. Frankly it's more a sign of Russia's lack of security that they would use US software on their systems than anything else. Security through obscurity isn't security so opening the source is irrelevant to anything from a security perspective.
  • by Anonymous Coward on Thursday January 25, 2018 @04:41PM (#56003063)

    That's nothing, Linus Torvalds regularly publishes code that EVERY SINGLE RUSSIAN can access. It's TREASON!

    • Re: (Score:2, Insightful)

      by jon3k ( 691256 )
      I'm really surprised so few people on Slashdot understand the difference between open source software (and "given enough eyeballs, all bugs are shallow") and closed source software being reviewed by a select few actors who have a motive to hide their findings.
    • by Anonymous Coward

      That's nothing, Linus Torvalds regularly publishes code that EVERY SINGLE RUSSIAN can access. It's TREASON!

      Linus even accepts patches from RUSSIAN DEVELOPERS!111!! He was even born in Finland which very conveniently shares a border with Russia and was part of the Russian Empire at one time!

  • by gweihir ( 88907 ) on Thursday January 25, 2018 @04:57PM (#56003225)

    Every large-enough customer can get access to source-code of closed software. This is completely standard and there is nothing nefarious going on here. This only endangers anything US if the US messed up their own review.

    Who writes these demented articles?

  • by Anonymous Coward

    Well, no wonder. From 3 years ago:

    Russian researchers expose breakthrough in U.S. spying program [reuters.com]

    The U.S. National Security Agency has figured out how to hide spying software deep within hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, giving the agency the means to eavesdrop on the majority of the world’s computers, according to cyber researchers and former operatives.

    That long-sought and closely guarded ability was part of a cluster of spying programs discovered by Kaspersky Lab, the Moscow-based security software maker that has exposed a series of Western cyberespionage operations.

    Stuxnet, the hard drive firmware exploits, last year the upload of malware from a NSA developer, and others discoveries of state developed spyware have definitely made KL and other Russian based software companies targets to be hurt economically.

  • Make all security software open source, so everyone can look at it, and the many eyeballs cause problems to be fixed quicker.

  • by Anonymous Coward

    How do you like the global economy now?

  • Unlikely != Impossible .

    The highly rated commenters all think it's impossible that this access benefits the Russians in nefarious ways. It's not impossible. Basically the point of the article is that greedy companies let Mother Russia send her experts in to examine the code of various programs that the US government also uses so they could get sales in Russia. There are lots of smart Russians. I wouldn't say there is no chance that the Russians could find an exploit in such a code review and just c
  • I think not. Am I comfortable about, I think not.
  • Reuters is a British corportation and its US branch exists and operates only as a subsidiary. Its stock trades in the US as a depository share (similar to Alibaba -- a Chinese company). Despite a common language, Britain is NOT part of the US. It has, at times, priorities which are opposed to those of the US (as was clearly evidenced by Britain's Jerusalem embaassy vote in the UN).
    • Genuinely interested, not trying to be a jerk or anything, just want to know: your point is ...?

      • That a British corporation is trying to pretend that we should take in the stride as we take other US corporations while it reports on dealings of Russian corporations. Both Britain and Russia are foreign nations with their own interests which sometimes align with ours and sometimes go contrary to ours.
        • we should take in the stride as we take other US corporations

          Can you explain what you mean by that? I'm familiar with the expression "take in stride", but I'm totally lost on what you are trying to express. What are we taking in stride? What about other U.S. corporations do we take in stride? Are you referring to their inspection of software? And what does Reuters being British have to do with the report? Actually, Reuters isn't British: the headquarters are in the U.K., but Reuters is a division of the Toronto-based Canadian media company Thomson Reuters, so it's a

          • If being Russian should raise a level of suspicions, then so should being British. The fact that British speak the same language as we do does not make them our fellow countrymen.

"All the people are so happy now, their heads are caving in. I'm glad they are a snowman with protective rubber skin" -- They Might Be Giants

Working...