Following up the post below this one, I notice per the Merc News that terror-support suspect Rahmat Abdhir has worked at a company called Applied Identity since 2006.
Applied Identity is a network security tech company. They have at least one contract with a US government agency.
Not sure what Abdhir did for them, but I thought that was worth its own post. What do you geeky types think?
Having been inside that kind of thing myself, I frankly worry far more about shoddy code than deliberate subversion. Given what snorom these guys are, the idea that they could make some subtle hack work without breaking something else is not very plausible.
If you wanted to infiltrate, you’d go for the databsae, not the software. Seriously, most (if not the vast majority) of security breaches are via social engineering, not hacking. Way easier to sweet talk some identity database maintainer than put hacks in to constantly changing codebase.
