Could it be that OpenOffice binary has NSA spyware in it?

Hi folks,

Has anybody here ever built OpenOffice from sources, or know of
someone who has recently, who can say that doing so is possible?

I ask because I am curious as to whether I should be trusting
the binaries coming from Sun.

After all, it seems that so many big US corporations are
eager to cave in to the demands of the NSA or RIAA/MPAA.
I have to wonder whether OO maybe has spyware in
the binary download that is not in the source code download.
AT&T, Comcast, etc... why would Sun be any less unethical?

Thanks.

Re: Could it be that OpenOffice binary has NSA spyware in it?

On Thu, 26 Jul 2007 11:00:03 -0400, wrote:

> Hi folks,
>
> Has anybody here ever built OpenOffice from sources, or know of
> someone who has recently, who can say that doing so is possible?
>
> I ask because I am curious as to whether I should be trusting
> the binaries coming from Sun.
>
> After all, it seems that so many big US corporations are
> eager to cave in to the demands of the NSA or RIAA/MPAA.
> I have to wonder whether OO maybe has spyware in
> the binary download that is not in the source code download.
> AT&T, Comcast, etc... why would Sun be any less unethical?
>
> Thanks.
>

WTF? and whose binaries do you trust?

--
OpenSuse 10.2 x64, KDE 3.5, Opera 9.x weekly

Re: Could it be that OpenOffice binary has NSA spyware in it?

On Thu, 26 Jul 2007 08:00:03 -0700, plenty560 wrote:

> Hi folks,
>
> Has anybody here ever built OpenOffice from sources, or know of
> someone who has recently, who can say that doing so is possible?
>
> I ask because I am curious as to whether I should be trusting
> the binaries coming from Sun.
>
> After all, it seems that so many big US corporations are
> eager to cave in to the demands of the NSA or RIAA/MPAA.
> I have to wonder whether OO maybe has spyware in
> the binary download that is not in the source code download.
> AT&T, Comcast, etc... why would Sun be any less unethical?
>
> Thanks.

Reminds me of the recent story about the US government checking up on
Vista owners.

http://www.whitedust.net/news/3984/United_States_Government_ Online_Watchdogs?_Part_of_the_war_on_terror?.../
http://tinyurl.com/2potgq

Re: Could it be that OpenOffice binary has NSA spyware in it?

In comp.security.misc plenty560@yahoo.com wrote:
> Hi folks,
>
> Has anybody here ever built OpenOffice from sources, or know of
> someone who has recently, who can say that doing so is possible?
>
> I ask because I am curious as to whether I should be trusting
> the binaries coming from Sun.
>
> After all, it seems that so many big US corporations are
> eager to cave in to the demands of the NSA or RIAA/MPAA.
> I have to wonder whether OO maybe has spyware in
> the binary download that is not in the source code download.
> AT&T, Comcast, etc... why would Sun be any less unethical?

One could dismiss this as paranoid trolling or ranting. However, I'll
take it as a serious question.

First of all, you're blurring the difference between software companies
and service providers. AT&T, Comcast, etc., don't provide software--they
just sell service. It's an ethically different perspective between allowing
(and maybe even aiding) the various agencies access, and explicitly creating
access in your code. It also doesn't take into account that the various
telecom/internet/infrastructure providers are government licensed, and are
somewhat more beholden to the government as a result.
Look at it another way: Are there any major hardware/software product
companies that have been shown to be illicitly collaborating with the various
three (or four) letter agencies? If not, then why would Sun be the first?

Secondly, building OO from source is absolutely no guarantee, for a long
series of reasons. First of all, building from source doesn't mean the
same thing as reading the source. If someone put a trojan in the source
code, how long would it be before someone discovered it? Days? Weeks?
Months? Years even? Hard to say, but unless YOU read every line of code,
you are farming out your trust to someone else.

Having said that, there's no reason that clean source code will actually
compile without spyware. Read this article by Ken Thompson, and you'll
realise that you're totally screwed with regards to trustable software:
http://www.acm.org/classics/sep95/

OK, paranoid yet? Depressed yet? Good. Now let's consider the opposite
side of the coin.

#1: Sun isn't OpenOffice.org. The compiled OO binaries come from the OO
group, not from Sun. Sun produces StarOffice from the same code base,
and could put crap in that if they wanted, but...
#2: Why would they? What would they possibly gain by adding spyware and/or
trojans to their product? If it happened and was discovered, then they
would immediately lose all credibility in the industry.
#3: There's also the method of the purported spyware. If software reports
information back to an agency, then it will (likely) be sent over a
network and can be easily detected with a packet sniffer. If some
inappropriate information is added to a file, it can be sussed out
quite easily given that OO.org stores files in compressed XML, which
can be read by humans.

Is it possible? Absolutely--anything is possible.
Is it likely? Not in my mind. There are so many more effective and sneaky
ways to obtain information, that it just doesn't make any sense.

Mind you, if you're actually doing something that's going to get you
arrested and thrown in a cell somewhere, paranoia is never misplaced.

Colin

Re: Could it be that OpenOffice binary has NSA spyware in it?

On 2007-07-26, Colin B. wrote:
>
>
> Look at it another way: Are there any major hardware/software product
> companies that have been shown to be illicitly collaborating with the various
> three (or four) letter agencies? If not, then why would Sun be the first?

Does the Sony rootkit not count, maybe because the RIAA is
not exactly a government agency?

--
Robert Riches
spamtrap42@verizon.net
(Yes, that is one of my email addresses.)

Re: Could it be that OpenOffice binary has NSA spyware in it?

In comp.security.misc plenty560@yahoo.com wrote:
> Has anybody here ever built OpenOffice from sources, or know of
> someone who has recently, who can say that doing so is possible?

It is possible. To do so, please read:

http://wiki.services.openoffice.org/wiki/Building_with_ooobu ild

> I ask because I am curious as to whether I should be trusting
> the binaries coming from Sun.

And don't forget to read http://www.acm.org/classics/sep95/ ;-)

Yours,
VB.
--
> Ja, ZA hat bei mir in den letzten 5 Jahren (?), genauer: noch nie,
> Probleme bereitet.
Das Schälchen Weihwasser neben meinem Monitor auch nicht.
(Bjoern Schliessmann in d.c.s.f.)

Re: Could it be that OpenOffice binary has NSA spyware in it?

In comp.security.misc Robert M. Riches Jr. wrote:
> On 2007-07-26, Colin B. wrote:
>>
>>
>> Look at it another way: Are there any major hardware/software product
>> companies that have been shown to be illicitly collaborating with the various
>> three (or four) letter agencies? If not, then why would Sun be the first?
>
> Does the Sony rootkit not count, maybe because the RIAA is
> not exactly a government agency?

Good point. I'd forgotten about them. I generally dismiss Sony as a company
too low to deal with anyways, so it slipped off my my radar.

I guess they're still a major company, if not respectable.
Colin

Re: Could it be that OpenOffice binary has NSA spyware in it?

On Thu, 26 Jul 2007 16:31:16 GMT, Colin B. wrote:

> Look at it another way: Are there any major hardware/software product
> companies that have been shown to be illicitly collaborating with the various
> three (or four) letter agencies? If not, then why would Sun be the first?

Tongue-in-cheek?

Re: Could it be that OpenOffice binary has NSA spyware in it?

Post removed (X-No-Archive: yes)

Re: Could it be that OpenOffice binary has NSA spyware in it?

On 26 Jul 2007 21:13:35 GMT, Juergen Nieveler wrote:

> "Colin B." wrote:
>
>> Look at it another way: Are there any major hardware/software product
>> companies that have been shown to be illicitly collaborating with the
>> various three (or four) letter agencies?
>
> Crypto AG comes to mind...
>
> Juergen Nieveler

At&T and the NSA?
--
"You can't trust code that you did not totally create yourself"
Ken Thompson "Reflections on Trusting Trust"
http://www.acm.org/classics/sep95/

Re: Could it be that OpenOffice binary has NSA spyware in it?

plenty560@yahoo.com wrote:

> Hi folks,
>
> Has anybody here ever built OpenOffice from sources, or know of
> someone who has recently, who can say that doing so is possible?

Yes. I build OOO from source whenever a new version comes out.

I run Gentoo Linux which makes it easy to build such gigantic projects.

> After all, it seems that so many big US corporations are
> eager to cave in to the demands of the NSA or RIAA/MPAA.
> I have to wonder whether OO maybe has spyware in
> the binary download that is not in the source code download.
> AT&T, Comcast, etc... why would Sun be any less unethical?

Anything could be hidden in the hundreds of megabytes of OOO source code.
Don't think you are safe when building a binary.

I think you may be a bit paranoid.

--
Regards,

Gregory.
Gentoo Linux - Penguin Power

Re: Could it be that OpenOffice binary has NSA spyware in it?

In article <46a8cc41@news.nucleus.com>,
"Colin B." wrote:

> In comp.security.misc plenty560@yahoo.com wrote:
> > Hi folks,
> >
> > Has anybody here ever built OpenOffice from sources, or know of
> > someone who has recently, who can say that doing so is possible?
> >
> > I ask because I am curious as to whether I should be trusting
> > the binaries coming from Sun.
> >
> > After all, it seems that so many big US corporations are
> > eager to cave in to the demands of the NSA or RIAA/MPAA.
> > I have to wonder whether OO maybe has spyware in
> > the binary download that is not in the source code download.
> > AT&T, Comcast, etc... why would Sun be any less unethical?
>
> One could dismiss this as paranoid trolling or ranting. However, I'll
> take it as a serious question.
>
> First of all, you're blurring the difference between software companies
> and service providers. AT&T, Comcast, etc., don't provide software--they
> just sell service.

Actually, most ISPs *do* provide software, typically to brand browsers
with the ISP's name ("Internet Explorer powered by Comcast", or
something like that) or configure network settings (default home page,
SMTP/POP servers, etc.) automatically. Use of it is generally optional,
but lots of newbies don't realize that and dutifully install the ISP's
CD.

--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***

Re: Could it be that OpenOffice binary has NSA spyware in it?

In article <46a8cc41@news.nucleus.com>,
"Colin B." wrote:

> In comp.security.misc plenty560@yahoo.com wrote:
> > Hi folks,
> >
> > Has anybody here ever built OpenOffice from sources, or know of
> > someone who has recently, who can say that doing so is possible?
> >
> > I ask because I am curious as to whether I should be trusting
> > the binaries coming from Sun.
> >
> > After all, it seems that so many big US corporations are
> > eager to cave in to the demands of the NSA or RIAA/MPAA.
> > I have to wonder whether OO maybe has spyware in
> > the binary download that is not in the source code download.
> > AT&T, Comcast, etc... why would Sun be any less unethical?
>
> One could dismiss this as paranoid trolling or ranting. However, I'll
> take it as a serious question.
>
> First of all, you're blurring the difference between software companies
> and service providers. AT&T, Comcast, etc., don't provide software--they
> just sell service.

Actually, most ISPs *do* provide software, typically to brand browsers
with the ISP's name ("Internet Explorer powered by Comcast", or
something like that) or configure network settings (default home page,
SMTP/POP servers, etc.) automatically. Use of it is generally optional,
but lots of newbies don't realize that and dutifully install the ISP's
CD.

--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***

Re: Could it be that OpenOffice binary has NSA spyware in it?

In article ,
barmar@alum.mit.edu says...
> In article <46a8cc41@news.nucleus.com>,
> "Colin B." wrote:
>
> > In comp.security.misc plenty560@yahoo.com wrote:
> > > Hi folks,
> > >
> > > Has anybody here ever built OpenOffice from sources, or know of
> > > someone who has recently, who can say that doing so is possible?
> > >
> > > I ask because I am curious as to whether I should be trusting
> > > the binaries coming from Sun.
> > >
> > > After all, it seems that so many big US corporations are
> > > eager to cave in to the demands of the NSA or RIAA/MPAA.
> > > I have to wonder whether OO maybe has spyware in
> > > the binary download that is not in the source code download.
> > > AT&T, Comcast, etc... why would Sun be any less unethical?
> >
> > One could dismiss this as paranoid trolling or ranting. However, I'll
> > take it as a serious question.
> >
> > First of all, you're blurring the difference between software companies
> > and service providers. AT&T, Comcast, etc., don't provide software--they
> > just sell service.
>
> Actually, most ISPs *do* provide software, typically to brand browsers
> with the ISP's name ("Internet Explorer powered by Comcast", or
> something like that) or configure network settings (default home page,
> SMTP/POP servers, etc.) automatically. Use of it is generally optional,
> but lots of newbies don't realize that and dutifully install the ISP's
> CD.
>
> --
> Barry Margolin, barmar@alum.mit.edu
> Arlington, MA
> *** PLEASE post questions in newsgroups, not directly to me ***
> *** PLEASE don't copy me on replies, I'll read them in the group ***
>

And of course if you have any microsoft software installed at all your PC
is a open book anyway. Both to the NSA and anyone else who can be
bothered enough to find out how to read it.