Trust

NSA Header
The NSA header on their website.

This will be short because I am not a security expert. Another NSA activity has come to light. There is a very good article on it.

iSpy Campaign to Steal Apple’s Secrets

Before you relegate this to only a threat to Apple, consider this classic by Ken Thompson.

Reflections on Trusting Trust

The upshot of all this is that it is possible to bootstrap spy code into an Open Source compiler such as GCC, CLANG/LLVM, etc. How? You have to insert the code into the first compiler in the chain that is used to start building a new compiler. This very effectively hides the code as it is passed on to the compilers that use it as a bootstrap to build the new compilers.

Edits:

Craig Hockenberry writes: Xcode Compromised

TechCrunch writes: Apple Products May Have Been Compromised By CIA

John Gruber’s Daring Fireball: The Intercept: CIA Campaign to Compromise Apple’s Developer Tools

EFF: Guess Who Wasn’t Invited to the CIA’s Hacker Jamboree?