The Startling Array of Hacking Tools In NSA's Armory 215
littlekorea writes "A series of servers produced by Dell, air-gapped Windows XP PCs and switches and routers produced by Cisco, Huawei and Juniper count among the huge list of computing devices compromised by the NSA, according to crypto-expert and digital freedom fighter Jacob Applebaum. Revealing a trove of new NSA documents at his 30c3 address (video), Applebaum spoke about why the NSA's program might lead to broader adoption of open source tools and gave a hot tip on how to know if your machines have been owned."
2013 (Score:5, Informative)
Re:Open source? (Score:5, Informative)
You don't trust your compiler (and compiler vendor)?
http://cm.bell-labs.com/who/ken/trust.html [bell-labs.com]
Re:Open source? (Score:2, Informative)
Seeing as how it's the binary you're running, what's the difference? If a company is compromised, they're screwed. People won't buy their software again, they'll know to stop using it. This should make companies careful, and if they're not, they'll get in trouble soon enough. Some anonymous party puts up a clever back door in a patch, what is a user to do then? Whose reputation is damaged?
I am by no means claiming closed source is more secure than open source, I'm saying they're equally insecure. I'm also saying, that at least with closed source, you know who to blame when something goes wrong.
Re:Open source? (Score:4, Informative)
You should be pointing people to this instead:
"Fully Countering Trusting Trust through Diverse Double-Compiling (DDC) - Countering Trojan Horse attacks on Compilers"
http://www.dwheeler.com/trusting-trust/ [dwheeler.com]