Malicious, targeted, OS updates. How likely do you think it is?

John Newman jnn at synfin.org
Wed Jan 18 11:30:44 PST 2017


Use FreeBSD, build from source ;)

--
John

> On Jan 18, 2017, at 2:15 PM, Anthony Papillion <anthony at cajuntechie.org> wrote:
> 
> A few days ago, I was thinking about ways to compromise even the most
> secure systems and I came across a fairly obvious way: through operating
> system updates. I admit that I am not up to date on the latest security
> research so please excuse me if this has been discussed before or is
> 'common knowledge'.
> 
> What's stopping the FBI or other US law enforcement agency from
> compelling a US based operating system vendor, let's say Red Hat, from
> delivering a specialized update to a user that would allow the agency
> privileged and maybe even undetectable access to a target system?  Since
> Red Hat has root on our systems, they could install whatever they want
> and most users wouldn't notice. For a company like Red Hat, it would be
> trivial since they know who you are as you are tied to your Red Hat
> subscription But this is by no means limited to them. Microsoft could do
> this too with a little more work.
> 
> What are your thoughts? Am I crazy? Is this a 'well, we KNOW THAT
> already' moment that I am just catching up on?
> 
> Thanks!
> Anthony
> 
> -- 
> Skype:            cajuntechie
> XMPP/Jabber:      papillion at dukgo.com
> PGP Key:          0xCC9D1E072AC97369
> Validate My Key:  https://keybase.io/cajuntechie
> Other Info:       http://www.cajuntechie.org/p/my-pgp-key.html
> 
> 



More information about the cypherpunks mailing list