Malicious, targeted, OS updates. How likely do you think it is?
Anthony Papillion
anthony at cajuntechie.org
Wed Jan 18 11:15:01 PST 2017
A few days ago, I was thinking about ways to compromise even the most
secure systems and I came across a fairly obvious way: through operating
system updates. I admit that I am not up to date on the latest security
research so please excuse me if this has been discussed before or is
'common knowledge'.
What's stopping the FBI or other US law enforcement agency from
compelling a US based operating system vendor, let's say Red Hat, from
delivering a specialized update to a user that would allow the agency
privileged and maybe even undetectable access to a target system? Since
Red Hat has root on our systems, they could install whatever they want
and most users wouldn't notice. For a company like Red Hat, it would be
trivial since they know who you are as you are tied to your Red Hat
subscription But this is by no means limited to them. Microsoft could do
this too with a little more work.
What are your thoughts? Am I crazy? Is this a 'well, we KNOW THAT
already' moment that I am just catching up on?
Thanks!
Anthony
--
Skype: cajuntechie
XMPP/Jabber: papillion at dukgo.com
PGP Key: 0xCC9D1E072AC97369
Validate My Key: https://keybase.io/cajuntechie
Other Info: http://www.cajuntechie.org/p/my-pgp-key.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20170118/861fc45e/attachment.sig>
More information about the cypherpunks
mailing list