Re: Wiretapping Linux?

[Marc Perkel <marc@perkel.com>]

Steven Rostedt wrote:
> On Tue, 16 May 2006, Marc Perkel wrote:
>
>   
>> As most of you know the United States is tapping you telephone calls and
>> tracking every call you make. The next logical step is to start tapping
>> your computer implanting spyware into operating systems. Since Windows
>> and OS-X are proprietary this can be done more easilly with the
>> cooperation of Microsoft and Apple.
>>
>> So what about Linux? With thousands of people working on the Kernel if
>> someone from the NSA wanted to slip a back door into the Kernel, could
>> the do that?
>>     
>
> Well, yes and no.
>
> It's highly unlikely that it would get into the kernel. Definitely not
> kernel.org, since all patches are public.
>
> But it's not the kernel that you have to always worry about.  But it's
> what you install.  Especially as root.
>
> There's so much free stuff out there, that people download and install
> blindly, that I'm sure if someone wanted to really badly, they could get
> it on some boxes.  If they were slime and added something to a binary,
> and supplied the source without the backdoor, that might last a while.
> Unless you compile everything yourself, it's not easy to make sure that
> all binaries came from the source you have.
>
> But there are a lot of hackers out there (the good kind, not the crackers
> that the press call "hackers").  And they are aways looking at things
> and breaking them to see how they work.
>
> So, really, I doubt anyone could really get a lot on lots of people's
> Linux boxes.  But, if we ever had an evil Debian maintainer, that allowed
> it, then it might happen.  But that would usually be discovered rather
> quickly.
>
> -- Steve
>
>   

Thanks for your reply Steve. I've thought it would be discovered but 
thought I'd ask the question anyway just to make sure. But - do you 
think if OS-X or Windows had a government hack that it would be 
discovered. I know it would be discovered as easilly, but I wonder if 
that would get noticed?