[Cryptography] NSA and cryptanalysis

Christian Huitema huitema at huitema.net
Mon Sep 2 16:14:00 EDT 2013

> > > Do we know they produced fake windows updates without assistance
> > > from Microsoft?
> > 
> > Given the reaction from Microsoft, yes.
> > 
> > The Microsoft public affairs people have been demonstrating real
> > anger at the Flame attack in many forums.
> But of course, sufficiently paranoid people might contend that
> perhaps the Microsoft people who complained might not have been
> briefed by the ones who cooperated.

I would be very surprised if they had gotten any assistance from Microsoft.
It goes against the grain. Microsoft engineers are really indoctrinated with
the "trustworthy computing" agenda, with mandatory security training every
year, specialized design reviews, code reviews, tests and all that. Not
saying there are no bugs or oversights in Microsoft's code, but a deliberate
action like that is very unlikely. Also, It would be very difficult to keep
something like that secret for long, and the leak would have dire effects on
the company's reputation.

-- Christian Huitema

More information about the cryptography mailing list