On Wed, Sep 11, 2013 at 09:58:12AM +0200, Peter N. M. Hansteen wrote: > Re-evaluation and auditing is very much a part of the general OpenBSD > development process (see eg http://www.openbsd.org/goals.html and > http://www.openbsd.org/security.html, with links therein) already, > but I wouldn't be surprised if recent revelations lead to more activity > on that front. On a related note, I quite enjoyed reading FreeBSD > developer Colin Percival's take on the various revelations and claims: > http://www.daemonology.net/blog/2013-09-10-I-might-be-a-spook.html
I'm not sure there will be that much more activity. First, we had several "scares" in the past already, and we're perpetually paranoid, so... business as usual. Second, low hanging fruit. There's so much crappy software and hardware out there that you have to be REALLY paranoid to think the NSA would target us. I mean, come on, there are BROADSIDE BARNS in - windows - iOS - linux why bother with us ? people are most generally NOT careful. So, hey, what if you can't break in OpenBSD ? you've got all kinds of access to people's web activity, cellphone records, credit card records, hospital records, whatever. If there's one thing that's sure, it's that there is exactly ZERO security in administration's infrastructures in general. Yes, some of them do care. But most of them don't care enough. And there are IDIOTS everywhere. I suspect the NSA spooks are good hackers. And so they're lazy. The challenge is extracting useful information from TB of unencrypted traffic and broken encryptions. Breaking secure encryption ? sure... you think it's going to give you new data ? think again...
