[4923] in cryptography@c2.net mail archive
Re: Could Open Source Software Help Prevent Sabotage? (fwd)
daemon@ATHENA.MIT.EDU (Eugene Leitl)
Mon Jun 21 16:31:17 1999
From: Eugene Leitl <eugene.leitl@lrz.uni-muenchen.de>
Date: Mon, 21 Jun 1999 13:17:28 -0700 (PDT)
To: Will Rodger <rodger@worldnet.att.net>
Cc: Zombie Cow <waste@zor.hut.fi>, cryptography@c2.net,
InfoSec News <isn@repsec.com>
In-Reply-To: <4.1.19990620224745.00922880@mail>
Will Rodger writes:
> Zombie Cow quoted an interesting letter to the editor which posited the
> following:
>
> >Imagine a Chinese agent working at Microsoft. How difficult do you think
> it would be to insert a little "backdoor" into a Windows .dll >file or
> somewhere else? With the Government jumping into NT left and right, a
Both OS kernels and applications are riddled with exploitable holes
(constructive buffer overruns) -- no need to introduce them by
hand. Of course having the source would help to find them -- but it's
not really necessary. A team of clever hackers could penetrate any
system on the market, provided it is online. Even email access can
suffice.
All man-made sofware will forever drag this Achilles' heel. Thorough
debugging helps to reduce the amount of holes, but will never
eliminate all of them.
