On Sat, Jul 22, 2000 at 12:01:05AM -0700, you [bodnar42@bodnar42.dhs.org] claimed:
> On Sat, 22 Jul 2000, Stephen Frost wrote:
> > > Since no one trusted that, I know what I am doing and required full
> > > disclosure before I could complete the protection, we have to suffer the
> > > outcome and work to prevent it now.
> >
> > Peer review has shown itself to be a good thing. This is how
> > Linux came to be as it is today.
>
> I've seen in many-a-changelogs of Alan's patches things along the lines of
> 'plugged a security hole that nobody knew about until now'. There are
You can never be sure that when you find a security hole, you're the first
one to find it. Not even if it hasn't been announced before.
Think of national security agencies (NSA, and the Chinese, Russian,
British, French etc corresponding organisations), terrorist groups etc. I
would be surprised if most of these organisations wouldn't be actively
searching for security holes in commonly used software. And when somebody
like NSA is up to the task, there's reason to believe there have a lot of
resources - and skilled resources. Even more than the few sleepy eyes that
hack the the code after school and occasionally post their findings to
bugtraq.
What would be a better weapon for a IT warfare unit or a terrorist group
than a repidly spreading worm that destroys all the hard drives in the PC
machine? That would halt a whole nation's economy in no time. Or do you
think NSA (or similar) wouldn't want to be able to get in to any Windows,
Linux, *BSD box through holes nobody else knows about? For Windows, they
can force Microsoft to put in a NSA supplied backdoor, but for the open
source OS's, they'll just have to find holes before they are fixed (and
commonly known about).
Just a thought.
-- v --
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Jul 23 2000 - 21:00:18 EST