[GLLUG] RedHat spooked ?

Matt Molyneaux moggers87 at googlemail.com
Wed Jul 2 23:28:05 UTC 2014


On Thu, 2014-07-03 at 00:00 +0100, Alain Williams wrote:
*snip*
> Do not get me wrong: I have nothing against the folk at Red Hat; but you must
> admit that you are a tempting target.
> 
> > Don't believe me because I work for the same evil corporation?  Grab
> > the sources and check for yourself.  Recompile the binaries from the
> > sources.  Disassemble Red Hat's binaries.
> 
> I am looking at doing that; however I doubt that doing binary compares is quite
> so straight forwards.
> 
> > What's the motivation here?  Why would Red Hat risk putting back doors
> > into the binaries or sources, that could be discovered with relative
> > ease by researchers?  It makes no sense that we would risk our
> > reputation like this.
> 
> [**] 'I' am prob not a target that is worth their while, but some others who do
> use RedHat & the other big distros will be.
> 

Why not just go straight to the source? If you can find an exploit in a
popular network security library and keep quiet about it, maybe no one
will notice. You don't have to trust outsiders to keep state secrets and
you'll be able to target more than just RedHat customers.

Apparently, this happened with Tor:
https://blog.torproject.org/blog/yes-we-know-about-guardian-article

Either that or Richard Jones is really Admiral Michael S. Rogers and has
come to spy on us personally.

Yours tin-foiledly,
Moggers
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20140702/1be5b339/attachment.pgp>


More information about the GLLUG mailing list