|
Posted by Colin B. on July 26, 2007, 12:31 pm
If you were Registered and logged in, you could reply and use other advanced thread options
In comp.security.misc plenty560@yahoo.com wrote:
> Hi folks,
>
> Has anybody here ever built OpenOffice from sources, or know of
> someone who has recently, who can say that doing so is possible?
>
> I ask because I am curious as to whether I should be trusting
> the binaries coming from Sun.
>
> After all, it seems that so many big US corporations are
> eager to cave in to the demands of the NSA or RIAA/MPAA.
> I have to wonder whether OO maybe has spyware in
> the binary download that is not in the source code download.
> AT&T, Comcast, etc... why would Sun be any less unethical?
One could dismiss this as paranoid trolling or ranting. However, I'll
take it as a serious question.
First of all, you're blurring the difference between software companies
and service providers. AT&T, Comcast, etc., don't provide software--they
just sell service. It's an ethically different perspective between allowing
(and maybe even aiding) the various agencies access, and explicitly creating
access in your code. It also doesn't take into account that the various
telecom/internet/infrastructure providers are government licensed, and are
somewhat more beholden to the government as a result.
Look at it another way: Are there any major hardware/software product
companies that have been shown to be illicitly collaborating with the various
three (or four) letter agencies? If not, then why would Sun be the first?
Secondly, building OO from source is absolutely no guarantee, for a long
series of reasons. First of all, building from source doesn't mean the
same thing as reading the source. If someone put a trojan in the source
code, how long would it be before someone discovered it? Days? Weeks?
Months? Years even? Hard to say, but unless YOU read every line of code,
you are farming out your trust to someone else.
Having said that, there's no reason that clean source code will actually
compile without spyware. Read this article by Ken Thompson, and you'll
realise that you're totally screwed with regards to trustable software:
http://www.acm.org/classics/sep95/
OK, paranoid yet? Depressed yet? Good. Now let's consider the opposite
side of the coin.
#1: Sun isn't OpenOffice.org. The compiled OO binaries come from the OO
group, not from Sun. Sun produces StarOffice from the same code base,
and could put crap in that if they wanted, but...
#2: Why would they? What would they possibly gain by adding spyware and/or
trojans to their product? If it happened and was discovered, then they
would immediately lose all credibility in the industry.
#3: There's also the method of the purported spyware. If software reports
information back to an agency, then it will (likely) be sent over a
network and can be easily detected with a packet sniffer. If some
inappropriate information is added to a file, it can be sussed out
quite easily given that OO.org stores files in compressed XML, which
can be read by humans.
Is it possible? Absolutely--anything is possible.
Is it likely? Not in my mind. There are so many more effective and sneaky
ways to obtain information, that it just doesn't make any sense.
Mind you, if you're actually doing something that's going to get you
arrested and thrown in a cell somewhere, paranoia is never misplaced.
Colin
|
|
Posted by Robert M. Riches Jr. on July 26, 2007, 12:36 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> <snip>
>
> Look at it another way: Are there any major hardware/software product
> companies that have been shown to be illicitly collaborating with the various
> three (or four) letter agencies? If not, then why would Sun be the first?
Does the Sony rootkit not count, maybe because the RIAA is
not exactly a government agency?
--
Robert Riches
spamtrap42@verizon.net
(Yes, that is one of my email addresses.)
|
|
Posted by Colin B. on July 26, 2007, 1:29 pm
If you were Registered and logged in, you could reply and use other advanced thread options >> <snip>
>>
>> Look at it another way: Are there any major hardware/software product
>> companies that have been shown to be illicitly collaborating with the various
>> three (or four) letter agencies? If not, then why would Sun be the first?
>
> Does the Sony rootkit not count, maybe because the RIAA is
> not exactly a government agency?
Good point. I'd forgotten about them. I generally dismiss Sony as a company
too low to deal with anyways, so it slipped off my my radar.
I guess they're still a major company, if not respectable.
Colin
|
|
Posted by Ari on July 26, 2007, 2:37 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> Look at it another way: Are there any major hardware/software product
> companies that have been shown to be illicitly collaborating with the various
> three (or four) letter agencies? If not, then why would Sun be the first?
Tongue-in-cheek?
|
|
Posted by Juergen Nieveler on July 26, 2007, 5:13 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> Look at it another way: Are there any major hardware/software product
> companies that have been shown to be illicitly collaborating with the
> various three (or four) letter agencies?
Crypto AG comes to mind...
Juergen Nieveler
--
"The people united can never be ignited!"-Sgt. Colon,Ankh-Morpork Watch
|
| Similar Threads | Posted | | Re: Could it be that OpenOffice binary has NSA spyware in it? | July 26, 2007, 11:06 am |
| Re: Could it be that OpenOffice binary has NSA spyware in it? | July 26, 2007, 11:40 am |
| Re: Could it be that OpenOffice binary has NSA spyware in it? | July 26, 2007, 1:19 pm |
| Re: Could it be that OpenOffice binary has NSA spyware in it? | July 27, 2007, 8:07 am |
| Could it be that OpenOffice binary has NSA spyware in it? | July 26, 2007, 11:00 am |
| Why does OpenOffice supply its own libstdc++.so ? | September 15, 2007, 6:41 pm |
| OpenOffice proof-of-concept macro virus | May 25, 2007, 5:57 pm |
| Encrypting binary and text data | October 4, 2007, 10:00 am |
| Encryption Wizard Offers Large Object Binary support for Oracle Customers. | May 20, 2005, 12:52 pm |
| New at Spyware, need help | June 28, 2004, 8:46 am |
|
XML site map