It could make one wonder if there aren't NSA employees working full time as open source contributors to make sure open source encryption software (or even OSes..) remains un user friendly and out of general use.
I would certainly prefer to believe the current state of the OpenPGP ecosystem was due to malice rather than incompetence.
It's possible, but not likely. Targeting proprietary, commercial vendors is probably a lot easier than open source, as it's much easier to hide what you're doing. And many more of the targets they are trying to attack are likely buying fully supported solutions from commercial vendors, not COTS hardware and installing open-source software themselves.
Even for open source software, it would be easier to just target the integrator, such as the binary packages provided by the distro or preinstalled on hardware by a system integrator, rather than introducing vulnerabilities or causing problems in the upstream open source project.
Considering that such an approach would be a lot cheaper than nearly any other, I'd say of course it's happening. Imagine offering someone the Google salary that Google will pay plus pay from NSA and all the pension benefits, etc.
[+] [-] jmccree|12 years ago|reply
I would certainly prefer to believe the current state of the OpenPGP ecosystem was due to malice rather than incompetence.
[+] [-] lambda|12 years ago|reply
Even for open source software, it would be easier to just target the integrator, such as the binary packages provided by the distro or preinstalled on hardware by a system integrator, rather than introducing vulnerabilities or causing problems in the upstream open source project.
[+] [-] grandalf|12 years ago|reply
[+] [-] misiti3780|12 years ago|reply
[+] [-] grandalf|12 years ago|reply
[+] [-] biscuitsandsc1s|12 years ago|reply
(E.g. do you think yesterday's encryption article was "tabloidesque"? Do you like when newspapers post source documents?)
[+] [-] beltsonata|12 years ago|reply
[+] [-] mumbi|12 years ago|reply