lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <43C81F15.9020300@science.org>
Date: Fri Jan 13 21:43:28 2006
From: jasonc at science.org (Jason Coombs)
Subject: Steve Gibson smokes crack?

bkfsec wrote:
> A few incidents ("NSA" backdoor) aside, Microsoft's history with 
> security has been one of ineptness, not "maliciousness" per-se.

The Microsoft corporate entity may not be malicious in terms of 
purposefully planting backdoors with knowledge and consent of Gates et 
al (this assertion is of course questionable) however, individual 
programmers at Microsoft have probably planted backdoors on purpose. 
This happens frequently in many software shops.

The corporate culture at Microsoft made it easy to do so, and get away 
with it, as you so accurately described. Individual product managers who 
encouraged the least safe configurations and least safe feature/code 
designs might have done so for the purpose of preserving widespread 
access to such backdoors.

It would be relatively simple for Microsoft to determine whether any 
particular individuals were responsible for writing the bad code and 
deploying flawed architectures over and over again through the years.

Perhaps Microsoft has bothered to look into this by now, and has quietly 
dismissed the perpetrators.

Beware of ex-Microsoft programmers.

Regards,

Jason Coombs
jasonc@...ence.org

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ