Re: Malicious, targeted, OS updates. How likely do you think it is?

On Wed, Jan 18, 2017 at 01:15:01PM -0600, Anthony Papillion wrote: > What are your thoughts? Am I crazy? Is this a 'well, we KNOW THAT > already' moment that I am just catching up on? i think you discovered the use-case for reproducible builds.

Re: Malicious, targeted, OS updates. How likely do you think it is?

On 1/19/2017 8:59 AM, John Newman wrote: lol i know, it becomes increasingly apparent how impossible a full audit of all the hardware and software that led to the software that is running your computer would be, even with a totally open source OS ;) Well, of course, there is FORTH, the

Re: Malicious, targeted, OS updates. How likely do you think it is?

> On Jan 18, 2017, at 4:17 PM, Steve Kinney wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > >> On 01/18/2017 02:30 PM, John Newman wrote: >> Use FreeBSD, build from source ;) > > Security regression paradox: What's to prevent whoever might have > replaced

Re: Malicious, targeted, OS updates. How likely do you think it is?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/18/2017 02:30 PM, John Newman wrote: > Use FreeBSD, build from source ;) Security regression paradox: What's to prevent whoever might have replaced the binary in the repo - or replaced it in transit to you - from also rigging the source? So

Re: Malicious, targeted, OS updates. How likely do you think it is?

Use FreeBSD, build from source ;) -- John > On Jan 18, 2017, at 2:15 PM, Anthony Papillion > wrote: > > A few days ago, I was thinking about ways to compromise even the most > secure systems and I came across a fairly obvious way: through operating > system updates. I