Greetings My fellow hackers!.
Its been long since I last visited and I must say I'm very much impressed with the community's growth since I left. Its always nice to see new threads and members around making the forum live each passing minute. I think I should also mention, I sometimes check Null-Byte forum threads from my schools computer lab, just that I don't comment or give my opinion or help. You guys are really awesome in all your ways.
I am home for school break and I decided to check whats trending on the web.
Latest: NSA Releases Open Source Network Security Tool for Linux
Its kinda funny because the same National Security Agency ( NSA ), I mean our own NSA that wants its hands on our data now offers an open source tool. The network security tool is for the Government and the private sectors to help secure their networks against cyber attacks. Hehehe, Cyber Attacks.
The network tool dubbed Systems Integrity Management Platform (SIMP) makes it easier for government organizations and the private sector to "fortify their networks against cyber threats."
SIMP is a framework that aims to provide a reasonable combination of security compliance and operational flexibility.
The ultimate goal of the project is to provide a complete management environment focused on compliance with the various profiles in the SCAP Security Guide Project and industry best practice.
Though it is fully capable out of the box, the intent of SIMP is to be molded to your target environment in such a way that deviations are easily identifiable to both Operations Teams and Security Officers.
At this time, there are no commercial requirements for the use of SIMP outside of the purchase of Red Hat Enterprise Linux licenses as applicable.
Currently, SIMP supports operating systems including Red Hat Enterprise Linux (RHEL) Versions 6.6 and 7.1 as well as Community Enterprise Operating System (CentOS) Versions 6.6 and 7.1-1503-01.
A Reply From NSA
"By releasing SIMP, the agency seeks to reduce duplication of effort and promote greater collaboration within the community: The wheel would not have to be reinvented for every organization" - NSA.
Now The Real Question: Is the NSA's SIMP tool Backdoored
The question here is not how much security NSA's tool offers, but the question is: Should we trust NSA tool?
Until now, the entire world is aware of the NSA's Global surveillance practices. The internal data exposed by former contractor Edward Snowden shown the extent of surveillance and bulk data collection by NSA, which range from US citizens to leaders of allied governments.
Several US government officials, including the NSA Director Mike Rogers, outgoing US Attorney General Eric Holder, and the FBI director James Comey, have all suggested that major tech companies such as Apple and Google should provide law enforcement agencies special access to their users' encrypted data, demanding secret backdoors.
Knowing this, one must think twice before adopting NSA's latest SIMP tool. However, the security of a Linux is a massive subject and tools are used to provide additional security on a Linux computer. So, it is always important to choose a right tool.
Where's the code?!
For those out there that just want the goods, the actual code for the SIMP project is hosted under the SIMP GitHub Organization.
Discussion
Lets hear your views on the topic since I am really skeptical about the tool's genuineness. Thanks for reading.
# Sergeant
26 Responses
I personally won't trust anything with NSA or the government. Whether servers, data, company, security, devices or life. They have had enough already, Spying on everything we have. Whether it is open source or closed source. It is from NSA and for NSA's history I won't want to associate myself with it.
So to cut the matter short: F**k NSA. Thank-you
I have to agree, Joe. NSA goals are not the same as ours. They would not release anything that they did not have a backdoor to. It may make you more secure from cyber criminals, but not from the NSA.
No Thanks!
True !!! ... And I wonder how they got the gut to release the tool knowing perfectly how they are been noted for their various activities.
Oops !!! ... Funny though, OTW, I thought you would go with NSA on this one since you are the Linux, Network Security guy and this tool is for such. But its good to know your opinion.
( I have to say, Thanks for your response on my tutorials when I wasn't around, I really appreciate )
# Sergeant
Considering it's open-source, why not just wait and see how the audit will end ?
Also if their goal is to distribute it to the administrations, it can be good for global knowledge to understand how it work to know a specific defense line no ?
NSA ..... LOL !!! , Until i see and notice there are no problems with the tool. My suspicions are high. I have never heard or read NSA doing something good with our lives. So for this one, Am completely backing off and @Joe, I agree with you: F**k NSA
Thanks Birkhoff ... Seems we stand same on the issue. And for the guts part, I have to say, They truely got balls.
# Sergeant
Hi Sploit! It's great to see you back ;-)
Well done report about the topic.
Ciuffy:
Hey, Me too. I was about to send you a PM. For the report, I was just skeptical about NSA releasing a tool for a good course and wanted to hear your opinions on the matter. Its great to hear from you.
# Sergeant
Source code doesn't always go with backdooring. I mean, it's source code. As far as I know, I wouldn't even trust Metasploit Community edition neither Kali: signed means it has a scope, it's aiming at something. Try to ask "Why would NSA release an open source hacking tool?". I don't have the answer neither I want to sound like an expert, but this questione has no easy answer both sides. Humans can't make long termine predictions. Maybe it's part of a bigger picture, maybe not. Eeither way, it is open source. Take it and munch it 'till you can, scavenger, always play knowledge's sake game.
Unless I understand every line of code and can alter the code and can compile it myself and can build it from scratch and no other issues or notices from other users. I wouldn't try such a tool.
I still wont try it since its from NSA. I thought OTW would have gone with NSA on this one though :)
# Sergeant
I don't mean using it, but having a copy from stuff coming from NSA, good or bad, sounds like a good move. Just so you know you can say "I was there!" or "I told you all!"
Very True.
# Sergeant
Thanks for the article. I wouldn't use anything they gave me even if it was 'The Gibson'.
Hahaha Funny .... Ok .. then i think am not paranoid about this issue. I was like "Heavens Forbid" but it seems am not the only one. Good to know we 're on the same side.
As always you still haven't changed.
# Sergeant
"Project Structure
As you can probably tell, the master branch of this project is empty."
Back away slowly... (5 pages of confusion)
Yeah i noticed buh am surely its gonna be functional soon.
# Sergeant
Don't eat the yellow snow. Don't trust it. All it take is one hidden lib. Can anyone say CC.
I feel your point.
# Sergeant
Welcome back.
Also, I wouldn't touch anything that has an NSA stamp with a 10 ft pole. Sorry.
ghost_
Oh Ok ... so i guess nobody likes spying. I thought I was the only one.
# Sergeant
Superman going to the dark side huh?
It's simple, we don't trust NSA.
NSA is the modern day equivalent of the Nazi secret police hiding in a trojan horse.
basically White hats now have to fight Blk hats and Governments...nuff said.
I don't think NSA would be using backdoors on this tool, it's not something like Metasploit or Aircrack. But I also don't think there is anything to stop themfrom doing so. Internal conflict.
I remember some similar defense tool being released by Mozilla. Forgot the name but found it somewhere on GitHub. They should create a page listing ALL their projects.
I think people should also get to spy NSA. After all, that's what democracy is about.
-The Joker
SHA is developed by NSA, and is one of the most popular family of digest functions that everyone use.
Share Your Thoughts