Date: Mon Dec 11 2000 - 00:53:43 PST
Brian A. LaMacchia writes:
> As for "fed back doors", I hope you're referring to something
> other than the well-debunked NSAKEY non-stories.
Indeed. I'm referring to trusting a huge glob of closed source coming
from a manufacturer with a well documented track record of doing
something sneaky when they thought no one was looking. Redmond's moral
integrity in business practices is legendary.
Plus, as a point in physical and legal space they're subjectable to
fed pressures. Because the product is closed source, you can't screen
it either for blatant back doors or convenient remotely exploitable
hooks (a magic packet sequence just happens to break the system in the
right way so you can conveniently remotely insert code, and back out
cleanly as well).
While you certainly can insert such stuff into OpenSource OS'ses, it
can at least in principle be detected and removed by a code review,
and trace back to the mole who inserted it.
I think it is good practice not to use such untrusted code even for
This archive was generated by hypermail 2b29 : Mon Dec 11 2000 - 01:17:26 PST