The backdoor, known for years by vendors that sold the technology but not necessarily by customers, exists in an encryption algorithm baked into radios sold for commercial use in critical infrastructure.

    • Ducks@ducks.dev
      link
      fedilink
      English
      arrow-up
      21
      arrow-down
      2
      ·
      1 year ago

      Anyone saying that is definitely wrong, it is neither more secure or less secure just on the basis that it is closed or open source. There are processes that all types of software must take to ensure there are limited vulnerabilities. Security audits, pen testing, code scanning, etc.

      • AstralWeekends@lemm.ee
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        1
        ·
        1 year ago

        To add to this, in this case there is even some rationale for being closed source - given the critical nature of the code, less visibility means availability to examine it for exploit opportunities. But that’s just one side of it, right? Open source might mean more opportunities to find and fix possible exploits as well.

    • phx@lemmy.ca
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      There is some security to obscurity, but I’d argue that the more prevalent a system is the more having visible source adds security. When it comes to unscrupulous behavior by vendors - like those who would embed backdoors in communications element - shining light on the farm corners of their code definitely provides some security.

      At the very least, if the company that supplies a product goes under, there’s a better possibility of getting a new vendor to support or patch it if they can actually get their hands on the source.

    • redcalcium@lemmy.institute
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      1 year ago

      Might be related, Archive.today has this strange configuration where you can’t connect to their sites if you use a DNS server that don’t send EDNS Client Subnet (e.g. cloudflare dns 1.1.1.1).