[CentOS] OT: systemd Poll - So Long, and Thanks for All the fish.
Alice Wonder
alice at domblogger.net
Sun Apr 16 14:34:57 UTC 2017
On 04/16/2017 06:51 AM, Andrew Holway wrote:
>>
>> There is no doubt that most security agencies have a long list of zero-
>>> day exploits in their toolbox - I would hazard to suggest that they
>>> wouldn't be doing their job if they didn't! But I seriously doubt they
>>> would commission exploitable code in something that is openly
>>> auditable.
>>>
>>> P.
>>>
>>
>> P., I used to think that too... indeed, I was thoroughly convinced of it.
>> But reality changed my mind.
>
>
> Indeed. I think the assertion "OSS is somehow safer because of community
> audit" is a logical fallacy. How would one go about "auditing" in the first
> place? Even if the various Intelligence agencies are not injecting
> vulnerabilities then they would certainly be in a strong position to
> discover some of the holes already existing some time before they become
> public.
I'm more worried about cloud services and the large number of root
certificates that software trusts by default.
That's where a lot of the hacks are going to happen, and AFAIK the only
defense against it is DNSSEC + DANE which very few zones actually utilize.
More information about the CentOS
mailing list