On Wed, Sep 11, 2013 at 10:49:46AM +0200, Martin Schröder wrote: > 2013/9/11 Marc Espie <[email protected]>: > > Second, low hanging fruit. > > > > There's so much crappy software and hardware out there that you have to be > > REALLY paranoid to think the NSA would target us. I mean, come on, there > > You think openssh isn't a valuable target?
portable openssh relies on posix interfaces. Corrupt the interfaces, and you have a broken openssh. Remember the one bug in openssh, the one that was mitigated by privsep, but where linux couldn't get the mitigation because their privsep was broken ? > You think openbsd isn't used in commercial firewall/vpn appliances? So buy the guys building commercial appliances. This being BSD, it doesn't have to be opensource. It's much simpler to corrupt the derivative product, and ways less dangerous.
