[CentOS] OT: systemd Poll - So Long, and Thanks for All the fish.
Alice Wonder
alice at domblogger.netSun Apr 16 14:34:57 UTC 2017
- Previous message: [CentOS] OT: systemd Poll - So Long, and Thanks for All the fish.
- Next message: [CentOS] OT: systemd Poll - So Long, and Thanks for All the fish.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 04/16/2017 06:51 AM, Andrew Holway wrote: >> >> There is no doubt that most security agencies have a long list of zero- >>> day exploits in their toolbox - I would hazard to suggest that they >>> wouldn't be doing their job if they didn't! But I seriously doubt they >>> would commission exploitable code in something that is openly >>> auditable. >>> >>> P. >>> >> >> P., I used to think that too... indeed, I was thoroughly convinced of it. >> But reality changed my mind. > > > Indeed. I think the assertion "OSS is somehow safer because of community > audit" is a logical fallacy. How would one go about "auditing" in the first > place? Even if the various Intelligence agencies are not injecting > vulnerabilities then they would certainly be in a strong position to > discover some of the holes already existing some time before they become > public. I'm more worried about cloud services and the large number of root certificates that software trusts by default. That's where a lot of the hacks are going to happen, and AFAIK the only defense against it is DNSSEC + DANE which very few zones actually utilize.
- Previous message: [CentOS] OT: systemd Poll - So Long, and Thanks for All the fish.
- Next message: [CentOS] OT: systemd Poll - So Long, and Thanks for All the fish.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list