On Fri, Mar 18, 2016 at 1:37 PM, Anthony Papillion <anthony@cajuntechie.org> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
On 03/18/2016 03:35 PM, Sean Lynch wrote:
On Fri, Mar 18, 2016 at 1:25 PM, Anthony Papillion <anthony@cajuntechie.org <mailto:anthony@cajuntechie.org>> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
On 03/18/2016 01:02 PM, dan@geer.org <mailto:dan@geer.org> wrote:
Apple will have its Snowden.
That's not a given. Everyone believes that Windows has backdoors and spying components in it but we've not seen a single Snowden from Microsoft. Why would we from Apple, an even more secretive company than Microsoft?
Or, just playing devils' advocate, perhaps we haven't seen any Snowdens from Microsoft because there's nothing to be leaked? Perhaps, instead of demanding cooperation from vendors and risking getting caught, the government focuses on building the capability to exploit bugs and opsec failures on the part of their targets.
That /could/ be true. But why should we believe that they wouldn't have enlisted the cooperation of Microsoft prior to the dates on the Snowden leaks? The NSA has been cooperating with companies since the 1970's (and got in a lot of trouble about it). Why would they ignore a company that has 90%+ of the desktop market worldwide? Possible but unlikely IMHO.
Just Occam's Razor. Why bother getting cooperation when the software is not secure to begin with? There are too many ways to gain access to Windows that aren't vulnerable to leaks. And we know for sure this is true and has been for a long time; just look at the thousands of exploit kits out there, most of which have been made by people without much in the way of resources or experience. If that's what the script kiddies can do, imagine what an agency with a $50B budget can do.