It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
(visit the link for the full news article)
"Working in partnership with Microsoft and (the Department of Defense), NSA leveraged our unique expertise and operational knowledge of system threats and vulnerabilities to enhance Microsoft's operating system security guide without constraining the user's ability to perform their everyday tasks," Richard Schaeffer, the NSA's Information Assurance Director, told the Senate Judiciary Committee in a statement prepared for a hearing held this morning in Washington. "All this was done in coordination with the product release, not months or years later in the product cycle."
The National Security Agency (NSA) stepped in to help Microsoft develop a configuration of its next-generation operating system that would meet U.S. Department of Defense (DOD) requirements, said NSA Spokesman Ken White.
They are coming
A couple of weeks ago, DID noted that Microsoft may be making a push for a larger share of the defense market in the area of interoperability and collaboration. It would appear that those predictions are beginning to come true.
Microsoft has just launched a public relations campaign to highlight the role of the company’s products in the military’s data-sharing and network-centric warfare operations. This push is apparently part of their determination to pursue new work in major military programs, including the $10 billion dollar Net-Centric Enterprise Services contract and $2 billion Space Operations Center Weapon System Integrator contract.
Microsoft officials are citing their spend of $28 billion on R&D in the past seven years, and plans to spend $40 billion on it in the next six years with an emphasis on interoperability. As part of that effort, they cite products that aid data sharing in five military systems. They are:
1. The Army’s Information Dissemination Management-Tactical (IDM-T) software, which lets commanders and soldiers easily find information in 11 applications that provides warfighting data such as intelligence, weather updates and information about artillery stocks.
2. The Army’s Deployed Theater Accountability Software
3. The Navy-Marine Corps Mobilization Processing System
4. The Air Force’s Single Integrated Space Picture system; and
5. The Air Force’s Synchronized Air Power Management (SAPM) system
The $10 billion Net-Centric Enterprise Services initiative will give warfighters access to military and intelligence networks by customizing searches and combining intelligence, surveillance and reconnaissance data to target and attack enemies.
The Air Force’s $2 billion Air and Space Operations Center Weapon System Integrator contract will manage and update the hardware and software at 17 air and space operations centers worldwide.
Posted Tue, Dec 18 2007 12:50 AM by Autonomist0
Various tech bloggers are reporting that Microsoft will include the NSA-recommended random algorithm suspected of containing a backdoor vulnerability in the upcoming Windows Vista service pack. According to Microsoft, the "Dual Elliptical Curve (Dual EC) PRNG from SP 800-90 is also available for customers who prefer to use it," so this algorithm is an option, not the default. Why would Microsoft intentionally include an inefficient and unsecure algorithm? Very likely, because it will eventually be required in governments contracts.
It is hard to blame Microsoft for not wanting to lose government contracts, or to alienate customers who depend on them. The real danger is the (inevitable?) attempts by the state to force this algorithm on everyone else, including requirements that make it mandatory for government contracts, and thus attempt to influence the default configuration by virtue of the state's dominant market share.
It’s the most secure distribution version of Windows XP ever produced by Microsoft: More than 600 settings are locked down tight, and critical security patches can be installed in an average of 72 hours instead of 57 days. The only problem is, you have to join the Air Force to get it.
The Air Force persuaded Microsoft CEO Steve Ballmer to provide it with a secure Windows configuration that saved the service about $100 million in contract costs and countless hours of maintenance. At a congressional hearing this week on cybersecurity, Alan Paller, research director of the Sans Institute, shared the story as a template for how the government could use its massive purchasing power to get companies to produce more secure products. And those could eventually be available to the rest of us.
Security experts have been arguing for this “trickle-down” model for years. But rather than wield its buying power for the greater good, the government has long wimped out and taken whatever vendors served them. If the Air Force case is a good judge, however, things might be changing.
Threat Level spoke with former CIO of the Air Force, John Gilligan, to get the details.
Gilligan, who served as CIO of the Air Force from 2001 to 2005 and now runs a consulting firm, said it all began in 2003 after the NSA conducted penetration tests on the Air Force network as part of its regular testing of Pentagon cybersecurity.
NSA pen-testers made Swiss cheese of the network, and found that more than two-thirds of their intrusions were possible because of poorly configured software that created vulnerabilities. In some cases, the culprit was an operating system or application that came bloated with unsecured features that were never re-configured securely by Air Force administrators. In other cases, systems that were configured securely became vulnerable later (for instance, when a system crashed and original software was re-installed without patches that had been on the system before the crash).
“It was really an easy target,” Gilligan says. “All the NSA had to do was scan the network.”
Originally posted by damwel
Don't worry MA, anything that's in Windows 7 has been there as long as you have been using windows. Windows 7 is worth it, at least it runs well.