Full Disclosure mailing list archives
RE: Steve Gibson smokes crack
From: "William Lefkovics" <william () lefkovics net>
Date: Fri, 13 Jan 2006 14:28:26 -0800
Notwithstanding the high probability that there was an unintended bug in the intentionally planted bug. (Which bug do they patch?) And no matter, the subject line of the thread remains true regardless. -----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of bkfsec Sent: Friday, January 13, 2006 1:58 PM To: jasonc () science org Cc: full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] Steve Gibson smokes crack? Jason Coombs wrote:
The Microsoft corporate entity may not be malicious in terms of purposefully planting backdoors with knowledge and consent of Gates et al (this assertion is of course questionable) however, individual programmers at Microsoft have probably planted backdoors on purpose. This happens frequently in many software shops.
Oh I'm quite certain that it happens...
The corporate culture at Microsoft made it easy to do so, and get away with it, as you so accurately described. Individual product managers who encouraged the least safe configurations and least safe feature/code designs might have done so for the purpose of preserving widespread access to such backdoors.
Perhaps... it's really tough to tell the difference. My assertion would be that it can be difficult to tell the difference between an accidental bug, a design flaw, and an intentionally planted bug. Of course, that would depend on the bug and any evidence in the code regarding the bug, but unless there's something that says "My exploit here", as sort of happened with the NSA backdoor fiasco, it still might be difficult to prove. Even then, we still don't know that that was an NSA backdoor beyond a shadow of a doubt. There are worms out there with copyright notices listing the government of China. Did China actually create the worm? Why would it put a copyright notice in the code? More likely that data is there for the purpose of deception. So even comments and symbols aren't 100% trustworthy. (Not the same scenario, but still illustrates that trust is difficult) I think we need to be careful about making accusations without solid evidence. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Steve Gibson smokes crack? Morning Wood (Jan 13)
- Re: Steve Gibson smokes crack? Stan Bubrouski (Jan 13)
- Re: Steve Gibson smokes crack? Jason Coombs (Jan 13)
- Re: Steve Gibson smokes crack? eric williams (Jan 13)
- Re: Steve Gibson smokes crack? bkfsec (Jan 13)
- Re: Steve Gibson smokes crack? Stan Bubrouski (Jan 13)
- Re: Steve Gibson smokes crack? Jason Coombs (Jan 13)
- Re: Steve Gibson smokes crack? bkfsec (Jan 13)
- RE: Steve Gibson smokes crack William Lefkovics (Jan 13)
- Re: Steve Gibson smokes crack? Jason Coombs (Jan 13)
- Re: Steve Gibson smokes crack? Stan Bubrouski (Jan 13)
- Re: Steve Gibson smokes crack? eric williams (Jan 13)
- Re: Steve Gibson smokes crack? Stan Bubrouski (Jan 13)
- RE: Steve Gibson smokes crack? Peter Ferrie (Jan 13)
- Re: Steve Gibson smokes crack? eric williams (Jan 13)
- RE: Steve Gibson smokes crack? Peter Ferrie (Jan 15)