[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Defense Secretary Defends Microsoft

To: "Cypherpunks" <cypherpunks@toad.com>
Subject: Re: Defense Secretary Defends Microsoft
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Tue, 23 Feb 1999 16:13:11 -0500
Priority: Normal
Reply-To: "Jean-Francois Avon" <jf_avon@citenet.net>
Sender: owner-cypherpunks@toad.com

On Tue, 23 Feb 1999 09:02:57 -0800, Michael Motyka wrote:

>Sorry for dragging out the thread, but I find the topic of subverted
>HW/SW at least mildly interesting. It's not exactly crypto but it's a
>first cousin and as a topic for discussion beats the hell out of sleazy,
>stupid politicians or sleazy, smart politicians.

I definitely agree with you.  I am the one who posted the first questions 
about striping.  Of course, I was labeled as clueless, which is the truth, but 
to me, the issue is much wider than the story of one specific company doing it 
or not.

Security goes far beyond the use of a given software and I found that people 
since a while (since W95 versions of PGP came up) are pretty loose on the side 
of security.

If I were an evil entity wishing to bust PGP, I would try to spike the system.  
Why bother cracking PGP when it is so simple to suck up info when connected?

There were always a lot of undocumented features in closed OSes.  And owing to 
the sheer size of the task, AFAIK, nobody ever compiled his own binaries of a 
disassembled one.  Remember the little funny faces with the name of the 
programmers that appeared in Win 3.11 when you hit a sequence of ctrl, shift 
and alt keys?  How long were they there before it became public?  Years!

Assuming that your comms are safe under anything that you did not code-review 
is absolutely delusionnal.  I keep saying "there are many ways to skin a cat", 
but a large group of arrogant CPunks shit on anybody who reminds it to them.
They are probably carefully cultivated by the goons too, and they are probably 
too clueless to figure that out by themselves!  

Viruses are a darn good example.  Thousand of them were created!  And a lot of 
them were detected because they cause a visible anomaly of the system they 
attack.  But what about all thoses that were never detected because they were 
designed for discretion? 

It seems that many people, even on CPunks, think that leaking information has 
to be obvious.  But that is PRECISELY the difficulty encountered in writing 
good crypto-apps!  Leaking information IS easy!    What about using some 
unused fields and bits of the TCP or IP protocol to encode and leak out 
information?  What about encoding information in the form of TCP or IP errors!  
It doesn't even darn need to be a true written bit for the conveyance of 
information to happen, for gawd's sake!

There are many ways to skin a cat, and anybody pretending to the contrary is 
either idiot, clueless or purposefully misleading...

I encourage you to put efforts on tracing such information leaks and thank you 
in advance for any such efforts!

Ciao!

jfa

Prev by Date: [ISN] Are Pentagon computers compromised? (fwd)
Next by Date: re: Announcing New Dual Mount Copy Holder by Rubbermaid
Prev by thread: RE: Defense Secretary Defends Microsoft
Next by thread: export question
Index(es):
- Date
- Thread