nanog mailing list archives
Re: India cites security concerns, blocks Huawei bid to expand their indian ops
From: "Steven M. Bellovin" <smb () cs columbia edu>
Date: Thu, 18 Aug 2005 11:45:44 -0400
In message <200508180155.j7I1tnXw009434 () turing-police cc vt edu>, Valdis.Kletni eks () vt edu writes:
--==_Exmh_1124330148_3161P Content-Type: text/plain; charset=us-asciiRequesting the source code and/or having access to it is really meaningless unless you have the skill and capabilities to compile it *and* use it. There is no sure way to know that the source code in your left hand is what was used to compile the binary in your right hand.Even if you compile your left hand into your right hand. See Ken Thompson's "Reflections On Trusting Trust" (http://www.acm.org/classics/sep95/). To complete the references, Reference 4 ("An unknown Air Force document") is Karger & Schell's paper on a Multics pen-test, which is available at http://www.acsac.org/2002/papers/classic-multics-orig.pdf Karger and Schell did a "30 years later" retrospective, also available at http://www.acsac.org/2002/papers/classic-multics.pdf Between the India/Huawei thing and the MS05-039 mess, this is a good time for everybody who hasn't read all 3 of them to read them - under 40 pages for all 3, and the 24 pages of the first Karger&Schell you can probably skim.....)
Also bear in mind how hard it is to find a cleverly-concealed back door. Think how hard it is for reviewers to find ordinary bugs, let alone one that someone tried to conceal. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb
Current thread:
- India cites security concerns, blocks Huawei bid to expand their indian ops Suresh Ramasubramanian (Aug 17)
- Re: India cites security concerns, blocks Huawei bid to expand their indian ops Florian Weimer (Aug 17)
- RE: India cites security concerns, blocks Huawei bid to expand their indian ops Neil J. McRae (Aug 17)
- Re: India cites security concerns, blocks Huawei bid to expand their indian ops Alexander Bochmann (Aug 17)
- Re: India cites security concerns, blocks Huawei bid to expand their indian ops Deepak Jain (Aug 17)
- Re: India cites security concerns, blocks Huawei bid to expand their indian ops Jim Popovitch (Aug 17)
- Re: India cites security concerns, blocks Huawei bid to expand their indian ops Valdis . Kletnieks (Aug 17)
- Re: India cites security concerns, blocks Huawei bid to expand their indian ops Steven M. Bellovin (Aug 18)
- RE: India cites security concerns, blocks Huawei bid to expand their indian ops Neil J. McRae (Aug 17)
- Re: India cites security concerns, blocks Huawei bid to expand their indian ops Florian Weimer (Aug 17)
- <Possible follow-ups>
- Re: India cites security concerns, blocks Huawei bid to expand their indian ops Brandon Butterworth (Aug 17)