Good point, Silvio Here's one reference to this: http://www.reddit.com/r/programming/comments/1m19ay/a_c_compiler_that_inserts_backdoor_code_when_it/
*ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker> *Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market…* On Sun, Nov 24, 2013 at 10:14 AM, Silvio L. Nisgoski <[email protected]>wrote: > And lets not forget that guy that modified the compiler to inject code > when compiling a specific software. ( apache, I think it was ) . Code > review of the target software would never find anything, but after > compiling the supposed safe code, the backdoors would be back .... > > > ----- Original Message ----- > *From:* Andrew S. Baker <[email protected]> > *To:* ntsysadm <[email protected]> > *Sent:* Saturday, November 23, 2013 10:24 PM > *Subject:* Re: [NTSysADM] It's unlikely I will ever buy an LG Smart TV, > but > > Just remember... The open source projects that are large enough, also > have enough lines of code in there that it's not necessarily trivial to > code review on anything approaching a regular basis. > > And I suspect that there's no, "If X=5, Send Code to NSA" lines in there... > > There are code weaknesses and other types of things they would introduce > in order to allow themselves the privilege of snooping elsewhere down the > line. > > > > > > > *ASB**http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker> > *Providing Virtual CIO Services (IT Operations & Information Security) for > the SMB market…* > > > > > On Wed, Nov 20, 2013 at 5:08 PM, Matthew W. Ross <[email protected] > > wrote: > >> The NSA has the power currently to record everything they can. And >> according to the leaked notes, they pretty much are. That means everything >> you put on the internet is suspect of being spied upon. >> >> Google's traffic was being replicated between their own COLOs over their >> own dark fiber... So they thought they were safe. The leak in the security >> there was, apparently, the repeaters on said dark fiber. Thus, Google (and >> now apparently Yahoo as well) is now encrypting everything, even between >> their own servers. Not an easy task. >> >> Is open source better? It makes it possible to prove that the program >> itself is secure. That doesn't make it better, just more transparent. There >> are (likely) many superior closed source and just as secure applications, >> it just can't be proved in the same fashion. >> >> I use a Roku at home. And a Pogo Plug. And a ReadyNAS. And an XBox. And a >> "smart" JVC tv. Do I trust these guys to be behaving on my network, not >> secretly attempting to glean banking information and sending them to >> nefarious do-no-gooders? Yes, I do. But that's mostly because I don't have >> the energy to be that parinoid. I trust the wisdom of the crowds, and that >> people with interests in these matters will find the flaws in the system >> (like the LG TVs). I use good practices (Passwords and encryption on what I >> feel is valuable) and, otherwise, don't sweat the small stuff. >> >> >> --Matt Ross >> Ephrata School District >> >> >> Jon D , 11/20/2013 1:06 PM: >> >> Wow, this is good to know. >> Even though I don't break the law, I know the RIAA and MPIAA are sue >> happy and don't seem to care if they're suing the right person or not. I >> would rather avoid being in anyone's database. >> +1 for XBMC. >> I think 2014 is going to be the year of open source. The only thing safe >> post 1983. >> >> . >> >> >> >> On Wed, Nov 20, 2013 at 2:06 PM, Kurt Buff <[email protected]> wrote: >> >> On Wed, Nov 20, 2013 at 10:25 AM, Ben Scott <[email protected]> >> wrote: >> > On Wed, Nov 20, 2013 at 1:11 PM, Kurt Buff <[email protected]> wrote: >> >>>> You assume I have *any* of those technologies. >> >>>> I do not - and intend never to have them, for this very reason, and >> others. >> >>> >> >>> A privacy paranoid posting from a Gmail address. How ironic. ;-) >> >> >> >> Not ironic. In this case, a cost/benefit analysis. >> > >> > On this list, in the past, more than once, you've taken and held an >> > absolute position in the face of several "cost/benefit" >> > counter-arguments, and dismissed such arguments outright. >> > >> > So... more irony. :-) >> > >> >> Lies, and poor customer service - that's the crux of the matter. >> > >> > Oh, I agree, completely. >> > >> > But it's not like GOOG scores any better. >> >> >> No, GOOG scores much better. >> >> Kurt >> >> >> >> >
