lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040212201810.GA21493@batray.net>
From: cptnug-fulldisclosure at batray.net (cptnug)
Subject: How much longer?

On Thu, Feb 12, 2004 at 11:29:22AM -0600, Clint Bodungen wrote:
> From: "Gregory A. Gilliss" <ggilliss@...publishing.com>
> > And just to make you *really* cringe, I can't prove it, but I believe
> > he's correct. 'nuf said.
> 
> Ok put down the tabloids and comic books.  I've written commercial software
> for small firms as well as some very well known fortune 500 firms and I've
> never had anyone looking over my should, holding my hand, or snapping
> pictures of me in the deli because I didn't leave a back door in the
> software for the govt. to regulate.  I've never even had a run in with the
> Mafia.  " 'nuf said."  Maybe that's why you can't prove it.

Perhaps not, but we do know that the government has explicitly required
"backdoors" in exported products using encryption, (e.g. ITAR and the
specific example of Lotus Notes). It's hardly an unreasonable leap to think
it might happen, at least sometimes, covertly in other pieces of software.

My own opinion is that most software is so bad security-wise there's just
no need for explicit backdoors. The US government TLAs can trust software
developers (and if not them, the users) to make enough mistakes that they
don't need to force or ask them to put in backdoors on purpose.

-- 
   cptnug


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ