[117661] in Cypherpunks
Re: NSA key in Windows
daemon@ATHENA.MIT.EDU (Bill Stewart)
Wed Sep 8 05:23:33 1999
Message-Id: <3.0.5.32.19990908001342.00a40100@idiom.com>
Date: Wed, 08 Sep 1999 00:13:42 -0700
To: Zombie Cow <waste@zor.hut.fi>, cypherpunks@algebra.com
From: Bill Stewart <bill.stewart@pobox.com>
In-Reply-To: <Pine.LNX.4.10.9909080321530.30396-100000@zor.hut.fi>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Reply-To: Bill Stewart <bill.stewart@pobox.com>
At 03:25 AM 9/8/99 +0300, Zombie Cow wrote:
>Plausible deniability is always a requirement for any backdoor.
>See some security reports on buffer overflows for a better example of
>possible ex-backdoors. You can probably bribe a programmer to leave a
>bug in the code for a few thousand dollars.
>
>Suppose that you have to decide how to spend $30+ billion dollars
>entirely on spying on behalf of the US government. What would you do
>with the money? How and where would you invest it?
>
>Spending a few thousand dollars to get a few "backdoors" in
>various software programs would seem like a very good investment
>to me. The same goes for a lot of various hardware systems.
You don't need to bribe a programmer to leave bugs in code;
almost any code of any major size has plenty of bugs in it.
You could start a small computer company on the money a couple
of amateurs made exploiting design weaknesses in the telephone system;
surely Trained Professionals could make Microsoft products easy to crack.
If the NSA wanted to invest a few thousand dollars in
anonymous caffeine donations to the Cult of the Dead Cow and L0pHt,
and surreptitiously spike Microsoft's campus with Decaf,
there'd be BackOrifice-like tools released right and left.
Thanks!
Bill
Bill Stewart, bill.stewart@pobox.com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639