- Thread Author
-
- #1
After seeing the last Ransomware attack and read posts about what NSA is doing. I strongly believe, that NSA is part of the security problem that we face now.
Companies like Microsoft give NSA build in back-doors and other ways to go into computers of billions of people to identify potential criminals or terrorists. But what is the problem? By creating custom back-doors it is just a matter of time before someone finds it and abuses it to wreak havoc, just like these days with the ransomware attacks. But this is in the news. I think that smart criminals and terrorists will never expose themselves publicly like that.
Operating systems have been around for many years, and still Microsoft and others cannot create a perfect secure OS? How is this possible???
So my idea is: NSA is part to blame, because they force companies to implement back-doors etc.
(no idea if forcing is the right word...)
Companies like Microsoft give NSA build in back-doors and other ways to go into computers of billions of people to identify potential criminals or terrorists. But what is the problem? By creating custom back-doors it is just a matter of time before someone finds it and abuses it to wreak havoc, just like these days with the ransomware attacks. But this is in the news. I think that smart criminals and terrorists will never expose themselves publicly like that.
Operating systems have been around for many years, and still Microsoft and others cannot create a perfect secure OS? How is this possible???
So my idea is: NSA is part to blame, because they force companies to implement back-doors etc.
(no idea if forcing is the right word...)
Solution
- Joined
- Jul 4, 2015
- Messages
- 8,998
Well I think you have some misinformation here. Companies don't give the government back doors into their systems. In some cases the government will subpoena a company for data or a way to access data, but typically the company will and do fight this. All of the methods used by the NSA were based on flaws in the operating system in the case of this latest ransonware there was a flaw in the SMB v1 protocol (remote file access) that the NSA discovered and exploited.
To your other question about perfect security. It doesn't exist and not because companies don't want it, but because it's impossible to account for every possible way a system can be attacked plus the fact that an operating system is millions of lines of code any one of them could have a bug that can be discovered and exploited. For those reasons security researchers and criminals alike find ways to manipulate data in such a way that it causes the code to behave in ways not intended or create a scenario the code can't handle.
To your other question about perfect security. It doesn't exist and not because companies don't want it, but because it's impossible to account for every possible way a system can be attacked plus the fact that an operating system is millions of lines of code any one of them could have a bug that can be discovered and exploited. For those reasons security researchers and criminals alike find ways to manipulate data in such a way that it causes the code to behave in ways not intended or create a scenario the code can't handle.
(seems I made 2 accounts.....my bad)
If NSA can find security holes, how fast can criminals find the same holes? Just as fast I think. So my opinion is that NSA is not really helping but just abusing security holes for their own agenda. Which I understand, but they way they work is just very wrong.
NSA should work together with software companies to have legit ways to tap data if needed. That way these security holes can be monitored by Microsoft or protective software suites more closely and can be secured more easy and prevent malicious use.
If NSA can find security holes, how fast can criminals find the same holes? Just as fast I think. So my opinion is that NSA is not really helping but just abusing security holes for their own agenda. Which I understand, but they way they work is just very wrong.
NSA should work together with software companies to have legit ways to tap data if needed. That way these security holes can be monitored by Microsoft or protective software suites more closely and can be secured more easy and prevent malicious use.
Similar threads
- Article