A few days ago, I was thinking about ways to compromise even the most secure systems and I came across a fairly obvious way: through operating system updates. I admit that I am not up to date on the latest security research so please excuse me if this has been discussed before or is 'common knowledge'. What's stopping the FBI or other US law enforcement agency from compelling a US based operating system vendor, let's say Red Hat, from delivering a specialized update to a user that would allow the agency privileged and maybe even undetectable access to a target system? Since Red Hat has root on our systems, they could install whatever they want and most users wouldn't notice. For a company like Red Hat, it would be trivial since they know who you are as you are tied to your Red Hat subscription But this is by no means limited to them. Microsoft could do this too with a little more work. What are your thoughts? Am I crazy? Is this a 'well, we KNOW THAT already' moment that I am just catching up on? Thanks! Anthony -- Skype: cajuntechie XMPP/Jabber: papillion@dukgo.com PGP Key: 0xCC9D1E072AC97369 Validate My Key: https://keybase.io/cajuntechie Other Info: http://www.cajuntechie.org/p/my-pgp-key.html