New toy: SSLbar
Andy Isaacson
adi at hexapodia.org
Wed Jun 25 11:53:29 EDT 2003
On Wed, Jun 25, 2003 at 12:02:39PM +0100, Pete Chown wrote:
> On the other hand, once a back door is installed in binary-only
> software, it is much less likely to be found. The Interbase back door
> was only found when the source was opened.
I doubt the truth of this statement. Certainly, the back door was only
published after the source was opened. But, just as Matt Blaze found
out when he published his attack on pin-and-tumbler locks, fields other
than computer security do not have a culture of public disclosure. In
all likelihood the Interbase back door was discovered and carefully
promulgated among the gray- and black-hat communities interested in that
product.
Closed-source is not much of a guarantee in the face of a determined
attacker. Or in the face of a large number of capable, interconnected,
curious hackers (in the traditional sense of the word).
-andy
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list