<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.28.3">
</HEAD>
<BODY>
Okay...this then brings up an interesting proposition. Is it possible to build a tenable backdoor in a distro that would go unnoticed at source code level? For security purposes would it be better to develop (as a state) your own updates rather than take distro updates from source? Could this mark a threat to security as we see it?<BR>
<BR>
Please keep in mind that I'm new to Linux and NOT a programmer...more of a designer. <BR>
<BR>
<BR>
-----Original Message-----<BR>
<B>From</B>: wolf@wolfhalton.info <<A HREF="mailto:%22wolf@wolfhalton.info%22%20%3cwolf@wolfhalton.info%3e">wolf@wolfhalton.info</A>><BR>
<B>Reply-to</B>: Atlanta Linux Enthusiasts - Yes! We run Linux! <ale@ale.org><BR>
<B>To</B>: <A HREF="mailto:mhw@wittsend.com">mhw@wittsend.com</A>, Atlanta Linux Enthusiasts - Yes! We run Linux! <<A HREF="mailto:Atlanta%20Linux%20Enthusiasts%20-%20Yes!%20We%20run%20Linux!%20%3cale@ale.org%3e">ale@ale.org</A>><BR>
<B>Subject</B>: Re: [ale] China chooses FreeBSD as basis for secure OS<BR>
<B>Date</B>: Tue, 12 Oct 2010 21:35:02 -0400<BR>
<BR>
It would at least be a little more of a challenge than Window$<BR>
<BR>
-----Original Message-----<BR>
<B>From</B>: Michael H. Warfield <<A HREF="mailto:%22Michael%20H.%20Warfield%22%20%3cmhw@wittsend.com%3e">mhw@wittsend.com</A>><BR>
<B>Reply-to</B>: mhw@wittsend.com, Atlanta Linux Enthusiasts - Yes! We run Linux! <ale@ale.org><BR>
<B>To</B>: Atlanta Linux Enthusiasts - Yes! We run Linux! <<A HREF="mailto:Atlanta%20Linux%20Enthusiasts%20-%20Yes!%20We%20run%20Linux!%20%3cale@ale.org%3e">ale@ale.org</A>><BR>
<B>Cc</B>: <A HREF="mailto:mhw@wittsend.com">mhw@wittsend.com</A><BR>
<B>Subject</B>: Re: [ale] China chooses FreeBSD as basis for secure OS<BR>
<B>Date</B>: Tue, 12 Oct 2010 17:26:40 -0400<BR>
<BR>
<PRE>
On Tue, 2010-10-12 at 15:58 -0400, Chuck Payne wrote:
> On Tue, Oct 12, 2010 at 3:13 PM, George Allen <<A HREF="mailto:glallen01@gmail.com">glallen01@gmail.com</A>> wrote:
> > Apparently China is moving their entire Dept of Defense to a hardened
> > version of FreeBSD.
> > <A HREF="http://blogs.techrepublic.com.com/security/?p=1682">http://blogs.techrepublic.com.com/security/?p=1682</A>
> > _______________________________________________
> > Ale mailing list
> > <A HREF="mailto:Ale@ale.org">Ale@ale.org</A>
> > <A HREF="http://mail.ale.org/mailman/listinfo/ale">http://mail.ale.org/mailman/listinfo/ale</A>
> > See JOBS, ANNOUNCE and SCHOOLS lists at
> > <A HREF="http://mail.ale.org/mailman/listinfo">http://mail.ale.org/mailman/listinfo</A>
> >
> Good Choose.
I presume you meant choice and I concur. Give that some reports are
putting the level of Stuxnet infections at over 1 million machines in
Iran and more than 6 million machines in China, anything, other that
Windows, would be a smooth move. Nobody really knows who is behind the
Stuxnet but I would put it at 99% probability that it's "state
sponsored" and the leading contenders are Israel, the US, and Russia.
Unfortunately, any of those players are more than capable of building
something nasty for FreeBSD or Linux, or even OpenBSD if they really set
their minds to it.
Regards,
Mike
_______________________________________________
Ale mailing list
<A HREF="mailto:Ale@ale.org">Ale@ale.org</A>
<A HREF="http://mail.ale.org/mailman/listinfo/ale">http://mail.ale.org/mailman/listinfo/ale</A>
See JOBS, ANNOUNCE and SCHOOLS lists at
<A HREF="http://mail.ale.org/mailman/listinfo">http://mail.ale.org/mailman/listinfo</A>
</PRE>
<BR>
<PRE>
_______________________________________________
Ale mailing list
<A HREF="mailto:Ale@ale.org">Ale@ale.org</A>
<A HREF="http://mail.ale.org/mailman/listinfo/ale">http://mail.ale.org/mailman/listinfo/ale</A>
See JOBS, ANNOUNCE and SCHOOLS lists at
<A HREF="http://mail.ale.org/mailman/listinfo">http://mail.ale.org/mailman/listinfo</A>
</PRE>
<BR>
</BODY>
</HTML>