On Sat, 07 Sep 2013 09:33:28 +0100
Brian Gladman <b...@gladman.plus.com> wrote:

> On 07/09/2013 01:48, Chris Palmer wrote:
> >> Q: "Could the NSA be intercepting downloads of open-source
> >> encryption software and silently replacing these with their own
> >> versions?"
> > 
> > Why would they perform the attack only for encryption software? They
> > could compromise people's laptops by spiking any popular app.
> Because NSA and GCHQ are much more interested in attacking
> communictions in transit rather than attacking endpoints.

Except, one implication of recent revelations is that stealing keys
from endpoints has been a major activity of NSA in the last decade.

I'm not going to claim that altering patches and software during
download has been a major attack vector they've used for that -- I have
no evidence for the contention whatsoever and besides, endpoints seem
to be fairly vulnerable without such games -- but clearly attacking
selected endpoints is now an NSA passtime.

The cryptography mailing list

Reply via email to