[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 25/03/14 14:51, Martijn Grooten wrote: > On Tue, Mar 25, 2014 at 02:09:03PM +0000, bad apple wrote: >> A direct quote from the second link: >> >> "Thanks to Edward Snowden, it is now established that intelligence >> agencies modify hardware (computers, routers, firewalls, etc) and >> software (Microsoft Windows, probably all Apple operating systems, >> probably one GNU-Linux distribution, etc)" > > Put like this, it smells like FUD. I don't remember seeing any Snowden > leak that showed that intelligence agencies modify hardware or software > during the process of manufacturing or writing respectively - so before > it is being sold. > > What various leaks have revealed is that the NSA and others are able to > hack into just about any device, using vulnerabilities in hardware and > software. This is bad, but shouldn't be surprising. Firstly, because > hardware and software tends to be vulnerable. Which means that if you > have enough money and thus enough skills, you can exploit these > vulnerabilities to break into the devices. > > And secondly because this is kind of what the NSA (or at least its > offensive part) is set up to do: spy on the communication of (potential) > enemies. Now some people (myself included) will argue that it's still > bad, but it's likely that they would have gotten away with this if they > hadn't been spying on just about anyone. > > As for the petition, I am not unsympathetic towards it.* But they make > it sound as if intelligence agencies can break into some devices, but > not into others and that we can thus protect ourselves better against > them if only we are able to choose the software that runs on the > devices we purchase. > > * actually, I think there's nothing wrong in principle with bundled > sales. It's just that in the case of the PC market, one particular > software package has obtained a more than healthy marketshare. And > that's not good. > > Martijn. > > Did you miss the backdooring of the RSA standard, intercepting individuals IT orders on delivery and installing hardware keyloggers, etc, before sending it on to the target, strong-arming all US-based IT vendors (admittedly as yet we've had no definitive intel on just how compromised Cisco, Apple, Microsoft et al products are but it would be profoundly unwise to assume other than approximately 100%)... I totally agree that the three letter agencies definitely *seem* to depend more on custom 0 day exploits, tapping fibre trunks and other depressingly sophisticated and clever attacks but there is already plenty of evidence piling up that they do indeed spend a lot of effort effectively sabotaging products before they even leave the factory floors. Careful googling - to eliminate the mountains of crackpot lunacy conspiracy rubbish - should turn up plenty of chilling info if your stomach can take it. As for the petition, it's idiotic. The administration in question has already shown exactly how much it cares about these citizen-activist initiatives and have a particular scorn for these stupid online petitions. As if the NSA gives a crap what a bunch of internet hippies think about their operations, apart from of course routinely scooping up the IPs of anyone moronic enough to waste their time signing one. Regards -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq