> alex@crackpot.org scribbled:
> 
> 
> On Mar 20, 2009, at 10:47 AM, Matt Graham wrote:
> 
> > Also, if it truly uses a different engine for rendering, it'll break
> > all the sites that are IE-only, and a bunch of people will have a
> > large number of cows.  So yeah, that's probably not going to happen.
> > Unless they put in a "switch between old rendering engine and new
> > one" button, which will merely keep the old problems around.
> 
> That's already the plan for IE8.
> 
> "Microsoft's solution is a compatibility button that users can press  
> to make IE8 render the page similarly to how IE7 would."
> http://arstechnica.com/microsoft/news/2009/03/mix09-internet-explorer-8-released-progress-unmistakable.ars 
>   (in the 'Standards' section)

Those who don't remember history are bound to repeat it:



Special access codes prepared by the US National
Security Agency have been built into Windows. The NSA access
system is built into every version of the Windows operating system now
in use, except early releases of Windows 95 (and its predecessors).  Similar to US software giant, Lotus, who built an NSA "help
information" trapdoor into its Notes system, where security functions on other software systems had been deliberately crippled. 




 
The first discovery of
the new NSA access system was made in 1998 ago by British researcher
Dr Nicko van Someren. In 2000 a second
researcher rediscovered the access system in unreported development upgrades.  With it, he found the
evidence linking it to NSA.



 
Computer security specialists have been aware for 11
years that unusual features are contained inside a standard Windows
software "driver" used for security and encryption functions. The
driver, ADVAPI.DLL, enables and controls a range of security
functions. 


The evidence related to the NSAKEY (Wikipedia has a summary at http://en.wikipedia.org/wiki/NSAKEY) is too ambiguous to determine which side the NSA was playing in that case.  





Any reading of the _NSAKEY episode, whether by loony conspiracy theorists or by cooler heads, necessarily implies that the NSA has had a consultative role in Windows design for a long time now.





In the SELinux case, the NSA played an entirely positive role with respect to Linux kernel
development, so on that basis I might be willing to give them the
benefit of the doubt. It would be easier to trust the  NSA/MS collaboration if the source code were available, though.




Industry wide, grave issues exist inherent in OSI layer down,
including Javascript, JAVA low level controls, and especially PRNG. 
Without these handled, users must rely on third party tools that
potentially break some single source of control/reporting the MS/NSA
engineered. 


Obnosis | (503)754-4452




PLUG Linux Security Labs 2nd Saturday Each Month@Noon - 3PM



_________________________________________________________________
Windows Live™ SkyDrive: Get 25 GB of free online storage.
http://windowslive.com/online/skydrive?ocid=TXT_TAGLM_WL_skydrive_032009