[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <4235F7CA.9050600@sdf.lonestar.org>
From: bkfsec at sdf.lonestar.org (bkfsec)
Subject: Re: Microsoft to give holes info to Uncle Sam
first
Nick FitzGerald wrote:
>And does anyone really think it's entirely coincidental that the
>creator of the Morris worm (Robert Tappan (sp?) Morris Jr.) was the son
>of Robert T. Morris, the chief scientist of the NSA's National Computer
>Security Center? (No conspiracy theory here, but the old adage "like
>father, like son" springs to mind...)
>
>
>
>
Well, it goes back even further than that. In a sense breaking cyphers
during the various wars can be considered finding holes in algorithms,
just not the kind we're thinking of.
Aside from donning my own tin-foil hat (which, as much as I would like
to put it on), there are numerous legitimate reasons that I can think of
why the US government would want to have the patches and exploits before
the public:
- Early warning.
- Early patch planning. (Though not wide-spread, it would never
remain a secret.)
- Access to the data early enough in the Q&A cycle to begin
looking for groups that might use that hole to attack US infrastructure.
Now, donning my own tin-foil hat, I can say that I wouldn't doubt if
they were collecting these exploits for their own early-use scenarios...
having said that, I also am quite sure that the military has their own
bug finders that they can train and employ at length to look for
exploitable code, and access to more of the code than most security
community members have... so I wouldn't think that they'd be terribly
handicapped if deprived of information from vendors.
-Barry
Powered by blists - more mailing lists