Malicious, targeted, OS updates. How likely do you think it is?
John Newman
jnn at synfin.org
Wed Jan 18 11:30:44 PST 2017
Use FreeBSD, build from source ;)
--
John
> On Jan 18, 2017, at 2:15 PM, Anthony Papillion <anthony at cajuntechie.org> wrote:
>
> A few days ago, I was thinking about ways to compromise even the most
> secure systems and I came across a fairly obvious way: through operating
> system updates. I admit that I am not up to date on the latest security
> research so please excuse me if this has been discussed before or is
> 'common knowledge'.
>
> What's stopping the FBI or other US law enforcement agency from
> compelling a US based operating system vendor, let's say Red Hat, from
> delivering a specialized update to a user that would allow the agency
> privileged and maybe even undetectable access to a target system? Since
> Red Hat has root on our systems, they could install whatever they want
> and most users wouldn't notice. For a company like Red Hat, it would be
> trivial since they know who you are as you are tied to your Red Hat
> subscription But this is by no means limited to them. Microsoft could do
> this too with a little more work.
>
> What are your thoughts? Am I crazy? Is this a 'well, we KNOW THAT
> already' moment that I am just catching up on?
>
> Thanks!
> Anthony
>
> --
> Skype: cajuntechie
> XMPP/Jabber: papillion at dukgo.com
> PGP Key: 0xCC9D1E072AC97369
> Validate My Key: https://keybase.io/cajuntechie
> Other Info: http://www.cajuntechie.org/p/my-pgp-key.html
>
>
More information about the cypherpunks
mailing list