[CentOS] OT: systemd Poll - So Long, and Thanks for All the fish.

Sun Apr 16 14:34:57 UTC 2017
Alice Wonder <alice at domblogger.net>

On 04/16/2017 06:51 AM, Andrew Holway wrote:
>> There is no doubt that most security agencies have a long list of zero-
>>> day exploits in their toolbox - I would hazard to suggest that they
>>> wouldn't be doing their job if they didn't! But I seriously doubt they
>>> would commission exploitable code in something that is openly
>>> auditable.
>>> P.
>> P., I used to think that too... indeed, I was thoroughly convinced of it.
>> But reality changed my mind.
> Indeed. I think the assertion "OSS is somehow safer because of community
> audit" is a logical fallacy. How would one go about "auditing" in the first
> place? Even if the various Intelligence agencies are not injecting
> vulnerabilities then they would certainly be in a strong position to
> discover some of the holes already existing some time before they become
> public.

I'm more worried about cloud services and the large number of root 
certificates that software trusts by default.

That's where a lot of the hacks are going to happen, and AFAIK the only 
defense against it is DNSSEC + DANE which very few zones actually utilize.