Spies Gonna Spy


Today the news broke that the CIA has apparently been trying to target Apple's Xcode development tools for years. This is a pretty important revelation since, if an unsuspecting App developer were to use compromised developer tools to build apps, there could be security exploits in these apps leaving users open to attacks, even if the developer's own code was completely secure. As developers there's little we can do other than to make sure that we always download the tools we use from legitimate sources.

The same message should hold true for all computer users. Avoid downloading software from untrusted sites. Who knows what you're really getting when you download that cracked version of Office or Photoshop.

For all the details: The CIA's Campaign to Steal Apple's Secrets

Then go deeper with Craig Hockenberry’s great analysis: Xcode Compromised

For the truly motivated, a golden oldie by Ken Thompson Reflections on Trusting Trust from 1984 is a still very relevant look at how an attack like this works.

You can't trust code that you did not totally create yourself.

Visit the Archive for more posts.