[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Malicious, targeted, OS updates. How likely do you think it is?
- Subject: Malicious, targeted, OS updates. How likely do you think it is?
- From: jnn at synfin.org (John Newman)
- Date: Wed, 18 Jan 2017 14:30:44 -0500
- In-reply-to: <[email protected]>
- References: <[email protected]>
Use FreeBSD, build from source ;)
--
John
> On Jan 18, 2017, at 2:15 PM, Anthony Papillion <anthony at cajuntechie.org> wrote:
>
> A few days ago, I was thinking about ways to compromise even the most
> secure systems and I came across a fairly obvious way: through operating
> system updates. I admit that I am not up to date on the latest security
> research so please excuse me if this has been discussed before or is
> 'common knowledge'.
>
> What's stopping the FBI or other US law enforcement agency from
> compelling a US based operating system vendor, let's say Red Hat, from
> delivering a specialized update to a user that would allow the agency
> privileged and maybe even undetectable access to a target system? Since
> Red Hat has root on our systems, they could install whatever they want
> and most users wouldn't notice. For a company like Red Hat, it would be
> trivial since they know who you are as you are tied to your Red Hat
> subscription But this is by no means limited to them. Microsoft could do
> this too with a little more work.
>
> What are your thoughts? Am I crazy? Is this a 'well, we KNOW THAT
> already' moment that I am just catching up on?
>
> Thanks!
> Anthony
>
> --
> Skype: cajuntechie
> XMPP/Jabber: papillion at dukgo.com
> PGP Key: 0xCC9D1E072AC97369
> Validate My Key: https://keybase.io/cajuntechie
> Other Info: http://www.cajuntechie.org/p/my-pgp-key.html
>
>