[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Tue, Mar 25, 2014 at 06:52:01PM +0000, bad apple wrote:
> Did you miss the backdooring of the RSA standard
I'm well aware of that. It's my "favourite" part of all the Snowden
leaks. But it involved backdooring a standard (in plain sight!), not
software or hardware. It wasn't even a secret that RSA (and others)
had implemented the standard.
Moreover, I think it didn't really affect the kind of software that
comes pre-installed on devices (end-user operating systems). So it's
rather irrelevant here.
> intercepting
> individuals IT orders on delivery and installing hardware keyloggers,
> etc, before sending it on to the target, strong-arming all US-based IT
> vendors (admittedly as yet we've had no definitive intel on just how
> compromised Cisco, Apple, Microsoft et al products are but it would be
> profoundly unwise to assume other than approximately 100%)...
But this only affected specific targets. There's no evidence that they
were only able to backdoor certain kinds of software. ("Bugger, Target X
has opted not to have any operaring system pre-installed on his new PC.
Now we can't spy on him.") So being able to choose what software, if
any, is installed doesn't make you any safter against this program.
The existence of such a program also suggests that they haven't
backdoored all operating systems, as it would be pointless. (Although
there's always the chance of false flag operations.)
> Careful googling - to eliminate the mountains of crackpot lunacy
> conspiracy rubbish - should turn up plenty of chilling info if your
> stomach can take it.
That's the thing: I have followed the Snowden revelations rather
closely. I haven't read anything about backdooring hardware or software
at a large scale.
> As for the petition, it's idiotic. The administration in question has
> already shown exactly how much it cares about these citizen-activist
> initiatives and have a particular scorn for these stupid online
> petitions. As if the NSA gives a crap what a bunch of internet hippies
> think about their operations, apart from of course routinely scooping up
> the IPs of anyone moronic enough to waste their time signing one.
I agree that the NSA won't care about an Avaaz petition, but petitions
like this will help make the NSA an agency people won't want to work
for, unless they make significant changes. This will hurt them in the
end.
It's just that this particular petition uses the NSA to make an
irrelevant point, by spreading fear. Even if I have some sympathy the
the goal of the petition, and even if I think the NSA has been up to
some pretty bad things.
Martijn.
PS I really should have said "intelligence agencies" rather than "the
NSA". Many others (hello, GCHQ!) are just as bad, if not worse. At least
the petition gets that bit right.
--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq