Or, it was a stupid mistake. The kind that happens every day, in every program, in the known universe.
If we're going to entertain conspiracy theories, I favour "A rogue Google agent snuck in to Apple headquarters and edited the file whilst the user was out for lunch". Or perhaps Zergloids. Come on people, we're getting as bad as Slashdot over here!
If I understand correctly this is the diff between two releases of this code, and we have no way of knowing what each checkin, including the culprit, actually looked like.
So even though at the two end points we see the addition of only one line in a block (which is being touted as the justification for this accusation), the intermediate steps could have included the addition and subtraction of other lines in that block.
(A plausible example might be the addition of another hash updating if statement + goto fail, then the removal of only the if statement.)
As a security person I enjoy blaming the NSA and conspiracies as much as anyone.
That said sorry but I don't buy this. Just seeing a diff with that one + makes me more inclined to believe there was an if(...) goto fail that someone removed without removing the statement as well.
There is more than enough incompetence in our industry that a deliberate job is completely unnecessary, why bother when engineers break security all the time anyways?
[+] [-] archgrove|12 years ago|reply
If we're going to entertain conspiracy theories, I favour "A rogue Google agent snuck in to Apple headquarters and edited the file whilst the user was out for lunch". Or perhaps Zergloids. Come on people, we're getting as bad as Slashdot over here!
[+] [-] yuvadam|12 years ago|reply
[+] [-] abalone|12 years ago|reply
And the author of that headline is possibly beating his wife.
[+] [-] babesh|12 years ago|reply
[+] [-] chavesn|12 years ago|reply
So even though at the two end points we see the addition of only one line in a block (which is being touted as the justification for this accusation), the intermediate steps could have included the addition and subtraction of other lines in that block.
(A plausible example might be the addition of another hash updating if statement + goto fail, then the removal of only the if statement.)
[+] [-] pencilo|12 years ago|reply
That said sorry but I don't buy this. Just seeing a diff with that one + makes me more inclined to believe there was an if(...) goto fail that someone removed without removing the statement as well.
There is more than enough incompetence in our industry that a deliberate job is completely unnecessary, why bother when engineers break security all the time anyways?
[+] [-] kevinday|12 years ago|reply
[+] [-] officialjunk|12 years ago|reply
[+] [-] DArcMattr|12 years ago|reply
[+] [-] yalogin|12 years ago|reply
Even if its Apple and really tempting to target I don't buy it.
[+] [-] rootein|12 years ago|reply