And lets not forget that guy that modified the compiler to inject code when
compiling a specific software. ( apache, I think it was ) . Code review of the
target software would never find anything, but after compiling the supposed
safe code, the backdoors would be back ...
----- Original Message -----
From: Andrew S. Baker
To: ntsysadm
Sent: Saturday, November 23, 2013 10:24 PM
Subject: Re: [NTSysADM] It's unlikely I will ever buy an LG Smart TV, but
Just remember... The open source projects that are large enough, also have
enough lines of code in there that it's not necessarily trivial to code review
on anything approaching a regular basis.
And I suspect that there's no, "If X=5, Send Code to NSA" lines in there...
There are code weaknesses and other types of things they would introduce in
order to allow themselves the privilege of snooping elsewhere down the line.
ASB
http://XeeMe.com/AndrewBaker
Providing Virtual CIO Services (IT Operations & Information Security)
for the SMB market…
On Wed, Nov 20, 2013 at 5:08 PM, Matthew W. Ross <[email protected]>
wrote:
The NSA has the power currently to record everything they can. And
according to the leaked notes, they pretty much are. That means everything you
put on the internet is suspect of being spied upon.
Google's traffic was being replicated between their own COLOs over their
own dark fiber... So they thought they were safe. The leak in the security
there was, apparently, the repeaters on said dark fiber. Thus, Google (and now
apparently Yahoo as well) is now encrypting everything, even between their own
servers. Not an easy task.
Is open source better? It makes it possible to prove that the program
itself is secure. That doesn't make it better, just more transparent. There are
(likely) many superior closed source and just as secure applications, it just
can't be proved in the same fashion.
I use a Roku at home. And a Pogo Plug. And a ReadyNAS. And an XBox. And a
"smart" JVC tv. Do I trust these guys to be behaving on my network, not
secretly attempting to glean banking information and sending them to nefarious
do-no-gooders? Yes, I do. But that's mostly because I don't have the energy to
be that parinoid. I trust the wisdom of the crowds, and that people with
interests in these matters will find the flaws in the system (like the LG TVs).
I use good practices (Passwords and encryption on what I feel is valuable) and,
otherwise, don't sweat the small stuff.
--Matt Ross
Ephrata School District
Jon D , 11/20/2013 1:06 PM:
Wow, this is good to know.
Even though I don't break the law, I know the RIAA and MPIAA are sue
happy and don't seem to care if they're suing the right person or not. I would
rather avoid being in anyone's database.
+1 for XBMC.
I think 2014 is going to be the year of open source. The only thing safe
post 1983.
.
On Wed, Nov 20, 2013 at 2:06 PM, Kurt Buff <[email protected]> wrote:
On Wed, Nov 20, 2013 at 10:25 AM, Ben Scott <[email protected]>
wrote:
> On Wed, Nov 20, 2013 at 1:11 PM, Kurt Buff <[email protected]>
wrote:
>>>> You assume I have *any* of those technologies.
>>>> I do not - and intend never to have them, for this very reason,
and others.
>>>
>>> A privacy paranoid posting from a Gmail address. How ironic. ;-)
>>
>> Not ironic. In this case, a cost/benefit analysis.
>
> On this list, in the past, more than once, you've taken and held an
> absolute position in the face of several "cost/benefit"
> counter-arguments, and dismissed such arguments outright.
>
> So... more irony. :-)
>
>> Lies, and poor customer service - that's the crux of the matter.
>
> Oh, I agree, completely.
>
> But it's not like GOOG scores any better.
No, GOOG scores much better.
Kurt
