Trust is a Matter of Relationship, Not Magnitude (Size and Authority Aren't the Same)
THE IBM site, or Red Hat's redhat.com
, posted an article about NSA Linux yesterday [1]. What is NSA Linux? Most know it as "SELinux". It's basically an NSA project, but Red Hat now hides the connections to the NSA, which insists on back doors in everything (for selfish gain). There was recently (this month) a controversy over Red Hat's decision to hide the NSA connections rather than tackle those connections.
Over at Planet Fedora, Kushal Das has just said [2] that "Software Bill of Materials became one of the latest buzzword" and it seems truer than ever now that we're meant to blindly trust the NSA when it comes to security. Remember that the Chief Security Officer of Microsoft's GitHub is a 20-year NSA veteran. These people don't value security; they mandate back doors in American software.
There's some more news this week (e.g. [3]) about state-connected cracking operations. Some of them target Android, which uses Linux, so clearly just having some label on something (like "SELinux", which mentions "Linux" but not "NSA") is no guarantee of safety.
Trust is not derived from "Big Brands" but from a relationship with actual people, who aren't indebted to a salary from state-connected (and sometimes state-funded) "Big Brands". █
Related/contextual items from the news:
-
How SELinux improves Red Hat Enterprise Linux security
Security is a paramount concern in the digital world, and operating systems play a critical role in maintaining data and systems' integrity, confidentiality, and availability. One powerful security feature that stands out in the realm of Linux-based operating systems, notably Red Hat Enterprise Linux (RHEL), is Security-Enhanced Linux (SELinux).
This article is the first in a two-part series that will cover all aspects of SELinux, including different modes (enforcing), benefits, how it impacts running web applications on RHEL servers, creating custom policies, deploying the same configuration across a fleet of servers, and packaging SELinux policies in containers.
-
Kushal Das: SBOM and vulnerability scanning
Software Bill of Materials became one of the latest buzzword. A lot of people and companies talking about it like a magical thing, if you use it then all of your security problems will be solved, just like what happened with Blockchain!!.
Though a hand full of projects (or companies building those projects) focused on the actual tooling part. Things we can use and see some useful output than blogposts/presentations with fancy graphics.
-
Pakistani APT Uses YouTube-Mimicking RAT to Spy on Android Devices
New versions of Pakistan-linked APT Transparent Tribe’s CapraRAT Android trojan mimic the appearance of YouTube.