I’m amused that everyone thinks Apple is so infallible. Sure, the NSA could be doing this, but Apple doesn’t have the best track record at security or bothering to patch those holes. I mean who releases a security fix for iOS and then there’s no emergency patch for OSX? It’s a fucking one liner.
Also, remember this gem? A debug flag left passwords in plain text in log files, and they couldn’t be bothered to fix it until 3 months later when it was discussed on a crypto mailing list.
Gross incompetence or malice? I would need to see a bit more circumstantial evidence for the latter. What does git blame say? For example, someone hacking into a CVS server to slip in two lines of code is definitely a backdoor attempt. This? This could just be an idiot.
Anyway, the hacker news discussion on this is also amusing, if only for the fact that people think OpenSSL is written by monkeys and that there have been similar OpenSSL fiascos in Debian.
