<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Sun, Dec 22, 2013 at 4:51 PM, Jonathan Thornburg <span dir="ltr"><<a href="mailto:jthorn@astro.indiana.edu" target="_blank">jthorn@astro.indiana.edu</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Sun, 22 Dec 2013, Bill Cox wrote:<br>
[[re Peter Gutmann's claim that backdoors in source-code<br>
may escape discovery in audits]]<br>
> Nonsense. Most other equally capable developers should be able to discover</blockquote><div><br></div><div><br></div><div>With open source code the NSA would be foolish to install a true back door.</div><div><br></div>
<div>i.e. The NSA would be foolish to assume that they could craft a side door in open </div><div>source code that would withstand the scrutiny of another nations security agency</div><div>(ANSA). The folk I have encountered that work there (short and old list) are not</div>
<div>foolish or stupid. Their data integrity folk are darn good.</div><div><br></div><div>I can see weaknesses to establish a class of ability or a time window. For example in</div><div>the days that RSA and the NSA negotiated the $10M contract FPGA and ASIC attacks</div>
<div>were the tools of a rare and limited set of nations and corporations. My memory may </div><div>be fading but I recall this time frame and believe I heard "smart" folk indicate that this was </div><div>not clearly beyond the tools of the spooks but was beyond the tool reach of even organized </div>
<div>crime at that time. Key concept "at that time".</div><div><br></div><div>I make weakness level security decisions all the time. I do not have the worlds strongest </div><div>lock on my home. I have also not replaced the locks on my car. My gym locker lock is</div>
<div>an easy to open high school grade combination padlock. Most of these locks I can still</div><div>open with my eyes closed in moments the same as I could back in high school.</div><div><br></div><div>Down the road is a high voltage transformer with a lock on it. OK it looks like a lock </div>
<div>but is a seal in the shape of a padlock. It is made of aluminum(?) for the most part and</div><div>is designed to be cut off with cutters. The same as used to cut heavy aluminum and copper </div><div>cables. It is tamper evident, it should withstand an attack for a little bit of time with</div>
<div>a hammer or bashing with a rock. If a teenager busted in and fried his little brain till</div><div>it burst the power company clearly is not maintaining an attractive nuisance. There is </div><div>no master key to be lost. It could be made of more durable material like hardened steel </div>
<div>and more but it does not need to be.</div><div><br></div><div>My thoughts on this is that if you wish to be NSA proof you have some work to do.</div><div><br></div><div>All of this does take me to a couple places:</div>
<div><br></div><div>First is a reminder of the Morris worm attacks.</div><div>The Dad wrote a book and none in the community addressed these design flaws and bugs</div><div>Jr. crafted a worm that escaped or was let free on the world. Not zero day, no criminal</div>
<div>element, no national security enemy. The BSD folk seem to have learned this lesson.</div><div><br></div><div>Second: "Target"... clearly criminals were involved , national interests & government sponsored... not likely. </div>
<div>The Price tag of the breach at Target is possibly astounding. Some credit card </div><div>companies have eviscerated their limits to limit their risk. All they have to do is </div><div>write a report.... "if Used @ Target establish limits and throttle the limit of abuse</div>
<div>and liability". There are many lessons to be learned here.</div><div><br></div><div>Third: can wait for the new year. </div><div><br></div><div>Forth/Fourth: All things are not equal and too many take two things as all the proof</div>
<div>needed to take a product to market. Code reviews and code review tools need</div><div>work today. The bad guys are looking at the same code you have. Clear, precise,</div><div>testable.... etc... It is interesting that the word code is used in so many ways.</div>
<div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div></div><br clear="all"><div><br></div>-- <br><div dir="ltr"> T o m M i t c h e l l</div>
</div></div>