Security researchers warn that an open source tool is widely used, causing “continuous” risk for the United States

0


“The nation’s countries have a strategic position,” says George Barnes, a former deputy director of the National Security Agency, who spent 36 years in the NSA. Barnes says the hackers in Russian intelligence can see Easyjson as a potential opportunity for future abuse.

“This code is fully efficient. There is no known vulnerability about it, so no other company has identified any problems,” Barnes says. “However, the people who actually own it are covered by VK, which is firm with the Kremlin,” he says. “If I’m sitting there in GRU or FSB and looking at the laundry opportunity list … it’s great. It just lies there,” Barnes says.

The VK Group did not respond to the Wired request to comment on Easyjson. The US Department of Defense did not respond to the request to comment on the inclusion of Easyjson in its software setting.

“NSA has no idea to provide this special software,” says a spokesman for the National Security Agency. “The NSA Cyber ​​Security Cooperation Center welcomes the private sector points – when one point is received, the NSA shares the tip against our insights to fully understand the threat and, if approved, sharing any reduction in society.” “We intend to refer you to hunting laboratories,” said a spokesman for the US Cyber ​​Security and Infrastructure Agency, which is under Trump’s second government.

GitHub, a Microsoft -owned code repository, says that while examining the issues and where its policies are broken, he does something, but he is not aware of the malicious code in Easyjson and the VK is not punished. The treatment of other technology companies is different from VK. Following the British boycott, the leaders of Russian banks, who owned their shares in VK in September 2022, for example, Apple eliminated its social media program from its app store.

Dan Lawrence, managing director of the Changuard Security Security Company, says that with Easyjson, communications with Russia are in “simple vision” and there is a “slightly higher” cyber security risk than other software libraries. He adds that red flags around open source technology may not be very obvious.

“In the open source space, you don’t even need to even know where people are most of the time,” says Lorenk. “The code is what we have to trust and the code and systems used to build that code. People are important, but we are not just in the world where we can trust people,” says Lawrence.

Since Russia’s full invasion of Ukraine has been revealed, it has been investigated about the use of open source systems and the impact of sanctions on the institutions involved in development. In October last year, a Linux 11 core preservative eliminated Russian developer who participated in the Open Souce project, and widely cited sanctions as the cause of the change. Then, in January this year, the Linux Foundation issued guidance that how international sanctions could affect the free source, saying that developers must be cautious about who interact and interact.

About The Author

Leave a Reply

Your email address will not be published. Required fields are marked *