On Fri, 19 Dec 2008 20:23:57 GMT, n3td3v said: > You're giving the bad guys clues on what to avoid or will the bad guys > be aware of all the possible attack vectors the government might be > using already? Hint: Think about the attack vectors the government can use to deliver what is essentially malware, and the attack vectors the bad guys can use to do the same thing. They're essentially the same, except that the government has a few more options on how to implement "cause a major vendor to ship a backdoored update". Note that OpenSSH, Sendmail, and recently Redhat/Fedora (among many others) have all had issues in the past with this, even without governmental interference. However, note that although the government *could* possibly pull off such a trick, their hands are somewhat tied, for the exact same reason why in WWII, the Allies couldn't take full advantage of having broken Enigma, going so far as to intentionally let some convoys get sunk rather than letting the Germans know Enigma had been broken.
Attachment:
pgp32dcCnIomV.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/