Defacing OpenSSL's website might be low-value, but backdooring OpenSSL code (tru... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		beambot on Jan 3, 2014 \| parent \| context \| favorite \| on: OpenSSL site defacement involving hypervisor hack ... Defacing OpenSSL's website might be low-value, but backdooring OpenSSL code (trusting-trust style!) would be about as high-value a target as I could imagine.

jonah on Jan 3, 2014 [–]

If they were smart enough to backdoored the code, I'd hope they were smart enough to be as stealth as possible and not deface the site too.

spenvo on Jan 3, 2014 | [–]

There's no way to know that there was only one party involved.

In other words, who's to say that the NSA (/GHCQ,etc) was the same party that ultimately defaced the website?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact