Go Back   Wireless and Wifi Forums > News > Newsgroups > comp.security.misc
Register FAQ Forum Rules Members List Calendar Search Today's Posts Advertise Mark Forums Read

 
Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 07-26-2007, 03:00 PM
plenty560@yahoo.com
Guest
 
Posts: n/a
Default Could it be that OpenOffice binary has NSA spyware in it?

Hi folks,

Has anybody here ever built OpenOffice from sources, or know of
someone who has recently, who can say that doing so is possible?

I ask because I am curious as to whether I should be trusting
the binaries coming from Sun.

After all, it seems that so many big US corporations are
eager to cave in to the demands of the NSA or RIAA/MPAA.
I have to wonder whether OO maybe has spyware in
the binary download that is not in the source code download.
AT&T, Comcast, etc... why would Sun be any less unethical?

Thanks.


Reply With Quote
  #2 (permalink)  
Old 07-26-2007, 03:06 PM
google01013
Guest
 
Posts: n/a
Default Re: Could it be that OpenOffice binary has NSA spyware in it?

On Thu, 26 Jul 2007 11:00:03 -0400, <plenty560@yahoo.com> wrote:

> Hi folks,
>
> Has anybody here ever built OpenOffice from sources, or know of
> someone who has recently, who can say that doing so is possible?
>
> I ask because I am curious as to whether I should be trusting
> the binaries coming from Sun.
>
> After all, it seems that so many big US corporations are
> eager to cave in to the demands of the NSA or RIAA/MPAA.
> I have to wonder whether OO maybe has spyware in
> the binary download that is not in the source code download.
> AT&T, Comcast, etc... why would Sun be any less unethical?
>
> Thanks.
>


***? and whose binaries do you trust?

--
OpenSuse 10.2 x64, KDE 3.5, Opera 9.x weekly

Reply With Quote
  #3 (permalink)  
Old 07-26-2007, 03:40 PM
Robin T Cox
Guest
 
Posts: n/a
Default Re: Could it be that OpenOffice binary has NSA spyware in it?

On Thu, 26 Jul 2007 08:00:03 -0700, plenty560 wrote:

> Hi folks,
>
> Has anybody here ever built OpenOffice from sources, or know of
> someone who has recently, who can say that doing so is possible?
>
> I ask because I am curious as to whether I should be trusting
> the binaries coming from Sun.
>
> After all, it seems that so many big US corporations are
> eager to cave in to the demands of the NSA or RIAA/MPAA.
> I have to wonder whether OO maybe has spyware in
> the binary download that is not in the source code download.
> AT&T, Comcast, etc... why would Sun be any less unethical?
>
> Thanks.


Reminds me of the recent story about the US government checking up on
Vista owners.

http://www.whitedust.net/news/3984/U...on_terror?.../
http://tinyurl.com/2potgq

Reply With Quote
  #4 (permalink)  
Old 07-26-2007, 04:31 PM
Colin B.
Guest
 
Posts: n/a
Default Re: Could it be that OpenOffice binary has NSA spyware in it?

In comp.security.misc plenty560@yahoo.com wrote:
> Hi folks,
>
> Has anybody here ever built OpenOffice from sources, or know of
> someone who has recently, who can say that doing so is possible?
>
> I ask because I am curious as to whether I should be trusting
> the binaries coming from Sun.
>
> After all, it seems that so many big US corporations are
> eager to cave in to the demands of the NSA or RIAA/MPAA.
> I have to wonder whether OO maybe has spyware in
> the binary download that is not in the source code download.
> AT&T, Comcast, etc... why would Sun be any less unethical?


One could dismiss this as paranoid trolling or ranting. However, I'll
take it as a serious question.

First of all, you're blurring the difference between software companies
and service providers. AT&T, Comcast, etc., don't provide software--they
just sell service. It's an ethically different perspective between allowing
(and maybe even aiding) the various agencies access, and explicitly creating
access in your code. It also doesn't take into account that the various
telecom/internet/infrastructure providers are government licensed, and are
somewhat more beholden to the government as a result.
Look at it another way: Are there any major hardware/software product
companies that have been shown to be illicitly collaborating with the various
three (or four) letter agencies? If not, then why would Sun be the first?

Secondly, building OO from source is absolutely no guarantee, for a long
series of reasons. First of all, building from source doesn't mean the
same thing as reading the source. If someone put a trojan in the source
code, how long would it be before someone discovered it? Days? Weeks?
Months? Years even? Hard to say, but unless YOU read every line of code,
you are farming out your trust to someone else.

Having said that, there's no reason that clean source code will actually
compile without spyware. Read this article by Ken Thompson, and you'll
realise that you're totally screwed with regards to trustable software:
http://www.acm.org/classics/sep95/

OK, paranoid yet? Depressed yet? Good. Now let's consider the opposite
side of the coin.

#1: Sun isn't OpenOffice.org. The compiled OO binaries come from the OO
group, not from Sun. Sun produces StarOffice from the same code base,
and could put crap in that if they wanted, but...
#2: Why would they? What would they possibly gain by adding spyware and/or
trojans to their product? If it happened and was discovered, then they
would immediately lose all credibility in the industry.
#3: There's also the method of the purported spyware. If software reports
information back to an agency, then it will (likely) be sent over a
network and can be easily detected with a packet sniffer. If some
inappropriate information is added to a file, it can be sussed out
quite easily given that OO.org stores files in compressed XML, which
can be read by humans.

Is it possible? Absolutely--anything is possible.
Is it likely? Not in my mind. There are so many more effective and sneaky
ways to obtain information, that it just doesn't make any sense.

Mind you, if you're actually doing something that's going to get you
arrested and thrown in a cell somewhere, paranoia is never misplaced.

Colin

Reply With Quote
  #5 (permalink)  
Old 07-26-2007, 04:36 PM
Robert M. Riches Jr.
Guest
 
Posts: n/a
Default Re: Could it be that OpenOffice binary has NSA spyware in it?

On 2007-07-26, Colin B. <cbigam@somewhereelse.nucleus.com> wrote:
> <snip>
>
> Look at it another way: Are there any major hardware/software product
> companies that have been shown to be illicitly collaborating with the various
> three (or four) letter agencies? If not, then why would Sun be the first?


Does the Sony rootkit not count, maybe because the RIAA is
not exactly a government agency?

--
Robert Riches
spamtrap42@verizon.net
(Yes, that is one of my email addresses.)

Reply With Quote
  #6 (permalink)  
Old 07-26-2007, 05:19 PM
Volker Birk
Guest
 
Posts: n/a
Default Re: Could it be that OpenOffice binary has NSA spyware in it?

In comp.security.misc plenty560@yahoo.com wrote:
> Has anybody here ever built OpenOffice from sources, or know of
> someone who has recently, who can say that doing so is possible?


It is possible. To do so, please read:

http://wiki.services.openoffice.org/..._with_ooobuild

> I ask because I am curious as to whether I should be trusting
> the binaries coming from Sun.


And don't forget to read http://www.acm.org/classics/sep95/ ;-)

Yours,
VB.
--
> Ja, ZA hat bei mir in den letzten 5 Jahren (?), genauer: noch nie,
> Probleme bereitet.

Das Schälchen Weihwasser neben meinem Monitor auch nicht.
(Bjoern Schliessmann in d.c.s.f.)

Reply With Quote
  #7 (permalink)  
Old 07-26-2007, 05:29 PM
Colin B.
Guest
 
Posts: n/a
Default Re: Could it be that OpenOffice binary has NSA spyware in it?

In comp.security.misc Robert M. Riches Jr. <spamtrap42@verizon.net> wrote:
> On 2007-07-26, Colin B. <cbigam@somewhereelse.nucleus.com> wrote:
>> <snip>
>>
>> Look at it another way: Are there any major hardware/software product
>> companies that have been shown to be illicitly collaborating with the various
>> three (or four) letter agencies? If not, then why would Sun be the first?

>
> Does the Sony rootkit not count, maybe because the RIAA is
> not exactly a government agency?


Good point. I'd forgotten about them. I generally dismiss Sony as a company
too low to deal with anyways, so it slipped off my my radar.

I guess they're still a major company, if not respectable.
Colin

Reply With Quote
  #8 (permalink)  
Old 07-26-2007, 06:37 PM
Ari
Guest
 
Posts: n/a
Default Re: Could it be that OpenOffice binary has NSA spyware in it?

On Thu, 26 Jul 2007 16:31:16 GMT, Colin B. wrote:

> Look at it another way: Are there any major hardware/software product
> companies that have been shown to be illicitly collaborating with the various
> three (or four) letter agencies? If not, then why would Sun be the first?


Tongue-in-cheek?

Reply With Quote
  #9 (permalink)  
Old 07-27-2007, 02:10 AM
Ari
Guest
 
Posts: n/a
Default Re: Could it be that OpenOffice binary has NSA spyware in it?

On 26 Jul 2007 21:13:35 GMT, Juergen Nieveler wrote:

> "Colin B." <cbigam@somewhereelse.nucleus.com> wrote:
>
>> Look at it another way: Are there any major hardware/software product
>> companies that have been shown to be illicitly collaborating with the
>> various three (or four) letter agencies?

>
> Crypto AG comes to mind...
>
> Juergen Nieveler


At&T and the NSA?
--
"You can't trust code that you did not totally create yourself"
Ken Thompson "Reflections on Trusting Trust"
http://www.acm.org/classics/sep95/

Reply With Quote
  #10 (permalink)  
Old 07-27-2007, 12:07 PM
Gregory Shearman
Guest
 
Posts: n/a
Default Re: Could it be that OpenOffice binary has NSA spyware in it?

plenty560@yahoo.com wrote:

> Hi folks,
>
> Has anybody here ever built OpenOffice from sources, or know of
> someone who has recently, who can say that doing so is possible?


Yes. I build OOO from source whenever a new version comes out.

I run Gentoo Linux which makes it easy to build such gigantic projects.

> After all, it seems that so many big US corporations are
> eager to cave in to the demands of the NSA or RIAA/MPAA.
> I have to wonder whether OO maybe has spyware in
> the binary download that is not in the source code download.
> AT&T, Comcast, etc... why would Sun be any less unethical?


Anything could be hidden in the hundreds of megabytes of OOO source code.
Don't think you are safe when building a binary.

I think you may be a bit paranoid.

--
Regards,

Gregory.
Gentoo Linux - Penguin Power

Reply With Quote
  #11 (permalink)  
Old 07-31-2007, 02:21 AM
Barry Margolin
Guest
 
Posts: n/a
Default Re: Could it be that OpenOffice binary has NSA spyware in it?

In article <46a8cc41@news.nucleus.com>,
"Colin B." <cbigam@somewhereelse.nucleus.com> wrote:

> In comp.security.misc plenty560@yahoo.com wrote:
> > Hi folks,
> >
> > Has anybody here ever built OpenOffice from sources, or know of
> > someone who has recently, who can say that doing so is possible?
> >
> > I ask because I am curious as to whether I should be trusting
> > the binaries coming from Sun.
> >
> > After all, it seems that so many big US corporations are
> > eager to cave in to the demands of the NSA or RIAA/MPAA.
> > I have to wonder whether OO maybe has spyware in
> > the binary download that is not in the source code download.
> > AT&T, Comcast, etc... why would Sun be any less unethical?

>
> One could dismiss this as paranoid trolling or ranting. However, I'll
> take it as a serious question.
>
> First of all, you're blurring the difference between software companies
> and service providers. AT&T, Comcast, etc., don't provide software--they
> just sell service.


Actually, most ISPs *do* provide software, typically to brand browsers
with the ISP's name ("Internet Explorer powered by Comcast", or
something like that) or configure network settings (default home page,
SMTP/POP servers, etc.) automatically. Use of it is generally optional,
but lots of newbies don't realize that and dutifully install the ISP's
CD.

--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***

Reply With Quote
  #12 (permalink)  
Old 07-31-2007, 04:09 PM
new@beee.net
Guest
 
Posts: n/a
Default Re: Could it be that OpenOffice binary has NSA spyware in it?

In article <barmar-7077D7.22211430072007@newsgroups.comcast.net>,
barmar@alum.mit.edu says...
> In article <46a8cc41@news.nucleus.com>,
> "Colin B." <cbigam@somewhereelse.nucleus.com> wrote:
>
> > In comp.security.misc plenty560@yahoo.com wrote:
> > > Hi folks,
> > >
> > > Has anybody here ever built OpenOffice from sources, or know of
> > > someone who has recently, who can say that doing so is possible?
> > >
> > > I ask because I am curious as to whether I should be trusting
> > > the binaries coming from Sun.
> > >
> > > After all, it seems that so many big US corporations are
> > > eager to cave in to the demands of the NSA or RIAA/MPAA.
> > > I have to wonder whether OO maybe has spyware in
> > > the binary download that is not in the source code download.
> > > AT&T, Comcast, etc... why would Sun be any less unethical?

> >
> > One could dismiss this as paranoid trolling or ranting. However, I'll
> > take it as a serious question.
> >
> > First of all, you're blurring the difference between software companies
> > and service providers. AT&T, Comcast, etc., don't provide software--they
> > just sell service.

>
> Actually, most ISPs *do* provide software, typically to brand browsers
> with the ISP's name ("Internet Explorer powered by Comcast", or
> something like that) or configure network settings (default home page,
> SMTP/POP servers, etc.) automatically. Use of it is generally optional,
> but lots of newbies don't realize that and dutifully install the ISP's
> CD.
>
> --
> Barry Margolin, barmar@alum.mit.edu
> Arlington, MA
> *** PLEASE post questions in newsgroups, not directly to me ***
> *** PLEASE don't copy me on replies, I'll read them in the group ***
>


And of course if you have any microsoft software installed at all your PC
is a open book anyway. Both to the NSA and anyone else who can be
bothered enough to find out how to read it.

Reply With Quote
Reply


« Newbie question on encryption keys | Deletion confirmation tool »
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Any good free spyware scan that I can run in bat file so I can schedule it daily Lawrence M. Seldin, CMC, CPC alt.computer.security 9 06-22-2007 09:01 PM
Spyware Doctor interfering with legitimate programs, and won't uninstall Steve alt.computer.security 0 08-24-2006 03:05 AM
SSRT4884 rev.6 - HP-UX TCP/IP Remote Denial of Service (DoS) Security Alert comp.security.misc 0 08-16-2005 04:48 PM
SSRT4884 rev.5 - HP-UX TCP/IP Remote Denial of Service (DoS) Security Alert comp.security.misc 0 07-25-2005 06:15 PM
SSRT4884 rev.4 - HP-UX TCP/IP Remote Denial of Service (DoS) Security Alert comp.security.misc 0 07-12-2005 11:28 AM


All times are GMT. The time now is 12:31 PM.



Powered by vBulletin® Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.6.0 PL2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45