-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 03/18/2016 04:18 PM, Sean Lynch wrote:
On Fri, Mar 18, 2016 at 1:37 PM, Anthony Papillion <anthony@cajuntechie.org <mailto:anthony@cajuntechie.org>> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
On 03/18/2016 03:35 PM, Sean Lynch wrote:
On Fri, Mar 18, 2016 at 1:25 PM, Anthony Papillion <anthony@cajuntechie.org <mailto:anthony@cajuntechie.org>
<mailto:anthony@cajuntechie.org <mailto:anthony@cajuntechie.org>>> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
On 03/18/2016 01:02 PM, dan@geer.org <mailto:dan@geer.org> <mailto:dan@geer.org
<mailto:dan@geer.org>> wrote:
Apple will have its Snowden.
That's not a given. Everyone believes that Windows has backdoors and spying components in it but we've not seen a single Snowden from Microsoft. Why would we from Apple, an even more secretive company than Microsoft?
Or, just playing devils' advocate, perhaps we haven't seen any Snowdens from Microsoft because there's nothing to be leaked? Perhaps, instead of demanding cooperation from vendors and risking getting caught, the government focuses on building the capability to exploit bugs and opsec failures on the part of their targets.
That /could/ be true. But why should we believe that they wouldn't have enlisted the cooperation of Microsoft prior to the dates on the Snowden leaks? The NSA has been cooperating with companies since the 1970's (and got in a lot of trouble about it). Why would they ignore a company that has 90%+ of the desktop market worldwide? Possible but unlikely IMHO.
Just Occam's Razor. Why bother getting cooperation when the software is not secure to begin with? There are too many ways to gain access to Windows that aren't vulnerable to leaks. And we know for sure this is true and has been for a long time; just look at the thousands of exploit kits out there, most of which have been made by people without much in the way of resources or experience. If that's what the script kiddies can do, imagine what an agency with a $50B budget can do.
You bring up good points. It not only saves money but also allows them to hide their true capabilities. -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJW7HMIAAoJEAKK33RTsEsVD9wQAJzd8z5s7/qrlaR9S9l+e7Yo 8w6drsQvpn4XaR9kzCAz7i1xl+MEzCdqbaIKFNw0Kf5JoAeqRhJ6/pgfMjs6SS9L 1zolofmybjezMmh5d6USvExsDZivvikt6BtsO1o6x33FsMczZrBSfQ1zdA2qsvQY ch/Ms0jZt92iXsefvaxHMZEuGLvZViiB5v1mgU0eBc+GEKiFN469wunPmOXuihWi ngkKZCIJHWd+T/Qtcl8DW9mrNlICs9qmIcTn4mMvl6aJWIj7UenK8Rg33M0/Lv2+ ccyGanXt9kZbsz77PKrZGDcRQ0N0c+37fZaysmY6s9ywwZKKpj1L2BQO40QA4yTC LbUl9hrhu19TE4LZglemlfQXHdZgQYFsz5c6hriyK36oJBi01iEXB1vo30yKIx98 /es0j0xRGCBgbHmQWi+86y4QHhgp+FiRiy9UBv4o5kwV1mPGnZyh7dvX2+i0Eg2a Zr2xPIUBWou+7aL0xv2b+HoiwMzBlNSkyXQ+HxfNqXIKHXq03Liwkel0uiEl7NHg AKhYFm5edtKPlRmzwIBavAQRiVrmilBRT3XBcYfz1Fu4SlLf08SUs5qWAycIOVGN fMDBlXEssQz7xGYK++zw+gi7ejTOdN9/UOzHnYyvP/WO4IMww8pQxxfWH7Qfjl9p bzmWceCXS5QT6UDGujs0 =BmuW -----END PGP SIGNATURE-----