{"id":618,"date":"2014-07-13T16:00:34","date_gmt":"2014-07-13T13:00:34","guid":{"rendered":"http:\/\/oss-it.su\/?p=618"},"modified":"2016-09-21T09:36:44","modified_gmt":"2016-09-21T06:36:44","slug":"%d0%b8%d0%bd%d1%84%d0%be%d1%80%d0%bc%d0%b0%d1%86%d0%b8%d0%be%d0%bd%d0%bd%d0%b0%d1%8f-%d0%b1%d0%b5%d0%b7%d0%be%d0%bf%d0%b0%d1%81%d0%bd%d0%be%d1%81%d1%82%d1%8c-%d0%b2-%d1%81%d0%be%d0%b2%d1%80%d0%b5","status":"publish","type":"post","link":"https:\/\/oss-it.su\/en\/618","title":{"rendered":"Information security in today&#8217;s world"},"content":{"rendered":"<p>To those having some interest in the field of information security all is clear when it comes to proprietary systems by <a href=\"http:\/\/www.wired.com\/images_blogs\/threatlevel\/2010\/02\/microsoft-online-services-global-criminal-compliance-handbook.pdf\" target=\"_blank\">Microsoft<\/a> and <a href=\"http:\/\/www.forbes.com\/sites\/erikkain\/2013\/12\/30\/the-nsa-reportedly-has-total-access-to-your-iphone\/\" target=\"_blank\">Apple corporations<\/a>. However, a conventional wisdom is still around telling that the Linux operation system securely protects the personal data of its users from third parties. Aside from the signature <a href=\"http:\/\/www.crypt.gen.nz\/selinux\/disable_selinux.html\" target=\"_blank\">SELinux module by the NSA USA<\/a> that is built into the Linux core, the most of contemporary distributives has proprietary packages built-in, the coded contents of which are anybody\u2019s guess.<\/p>\n<p>In theory, ignoring <a href=\"http:\/\/mirrors.slackware.com\/mirrorlist\/\" target=\"_blank\">Slackware<\/a> and GNU-distributives released more than two years ago (such as <a href=\"http:\/\/download.zenwalk.org\/i486\/zenwalk-7.0\/ISO\/\" target=\"_blank\">Zenwalk<\/a>), one can suppose that the NSA vulnerabilities that are available in popular Linux repositories (RedHat and Debian at the first place, along with other 90% that are based on these two) continue to emerge on an annoyingly regular basis \u2013 more often than they can be identified.<br \/>\nAnd considering the news warning about the OpenSSL compromises (such as <a href=\"https:\/\/lists.debian.org\/debian-security-announce\/2008\/msg00152.html\" target=\"_blank\">one<\/a>, <a href=\"http:\/\/www.theguardian.com\/technology\/2014\/apr\/11\/heartbleed-developer-error-regrets-oversight\" target=\"_blank\">two<\/a> and <a href=\"http:\/\/arstechnica.com\/security\/2014\/06\/still-reeling-from-heartbleed-openssl-suffers-from-crypto-bypass-flaw\/\" target=\"_blank\">three<\/a>) \u2013 one can come to the conclusion that embedding backdoors into the source code presently takes the effort of much more people than there are open software enthusiasts monitoring the source code of possibly dangerous packages.<\/p>\n<p>But for those who do not like the idea of being transparent for USA security services there is, at last, a durable solution, provided with a Russian-speaking technical support and an audit from Russian intelligence services: Mandriva-based <a href=\"http:\/\/www.rosalab.com\/products\/\" target=\"_blank\">ROSA distributives<\/a>, certified by FSTEC and Russian Ministry of Defence. These distributives have been <a href=\"http:\/\/hghltd.yandex.net\/yandbtm?fmode=inject&amp;url=http%3A%2F%2Fwww.pingwinsoft.ru%2Fpages%2Fo-kompanii%2Fvakansii&amp;tld=ru&amp;lang=ru&amp;la=&amp;text=www.pingwinsoft.ru%2Fpages%2Fo-kompanii%2Fvakansii&amp;l10n=ru&amp;mime=html&amp;sign=fdc3e403ea8bdc2f51fc91b1dcd2c3b1&amp;keyno=0\" target=\"_blank\">diligently customized by the application software developers of SNORT, VYATTA and Information Security Systems<\/a>, <a href=\"http:\/\/habrahabr.ru\/post\/131810\/\" target=\"_blank\">as part of a project to create a national software platform prototype<\/a>. Using the ROSA distributives, you can make yourself and your data unavailable to the American intelligence services.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The proprietary systems by Adobe and Microsoft carry no doubts regarding their stability for those having at least basic interest into the field of information security. Still, widespread is a popular stereotype telling that the Linux operating systems properly secure a user&#8217;s personal data from accessing it by third\u00adparties. Apart from a special SELinux module that is built into the Linux core by the U.S. NSA, the most of contemporary Linux distributives contain integrated proprietary packages, the contents of which is open to doubt.<\/p>\n","protected":false},"author":1,"featured_media":686,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[14],"class_list":["post-618","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-security"],"_links":{"self":[{"href":"https:\/\/oss-it.su\/en\/wp-json\/wp\/v2\/posts\/618","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/oss-it.su\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/oss-it.su\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/oss-it.su\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/oss-it.su\/en\/wp-json\/wp\/v2\/comments?post=618"}],"version-history":[{"count":1,"href":"https:\/\/oss-it.su\/en\/wp-json\/wp\/v2\/posts\/618\/revisions"}],"predecessor-version":[{"id":687,"href":"https:\/\/oss-it.su\/en\/wp-json\/wp\/v2\/posts\/618\/revisions\/687"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/oss-it.su\/en\/wp-json\/wp\/v2\/media\/686"}],"wp:attachment":[{"href":"https:\/\/oss-it.su\/en\/wp-json\/wp\/v2\/media?parent=618"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/oss-it.su\/en\/wp-json\/wp\/v2\/categories?post=618"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/oss-it.su\/en\/wp-json\/wp\/v2\/tags?post=618"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}