Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: Microsoft to give holes info to Uncle Sam first

From: bkfsec <bkfsec () sdf lonestar org>
Date: Mon, 14 Mar 2005 15:44:58 -0500
Nick FitzGerald wrote:
And does anyone really think it's entirely coincidental that the creator of the Morris worm (Robert Tappan (sp?) Morris Jr.) was the son of Robert T. Morris, the chief scientist of the NSA's National Computer Security Center? (No conspiracy theory here, but the old adage "like father, like son" springs to mind...)
Well, it goes back even further than that. In a sense breaking cyphers during the various wars can be considered finding holes in algorithms, just not the kind we're thinking of.
Aside from donning my own tin-foil hat (which, as much as I would like to put it on), there are numerous legitimate reasons that I can think of why the US government would want to have the patches and exploits before the public: 

      - Early warning.
- Early patch planning. (Though not wide-spread, it would never remain a secret.) - Access to the data early enough in the Q&A cycle to begin looking for groups that might use that hole to attack US infrastructure.
Now, donning my own tin-foil hat, I can say that I wouldn't doubt if they were collecting these exploits for their own early-use scenarios... having said that, I also am quite sure that the military has their own bug finders that they can train and employ at length to look for exploitable code, and access to more of the code than most security community members have... so I wouldn't think that they'd be terribly handicapped if deprived of information from vendors. 

                  -Barry


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: