__/ [ Dean G. ] on Friday 04 May 2007 19:45 \__
> On May 4, 1:34 pm, AB <fardblos...@xxxxxxxxx> wrote:
>> On 2007-05-04, Doug Mentohl <doug_ment...@xxxxxxxxxxxxx> claimed:
>>
>> > 'It is possible for a hacker contributing to the development team for an
>> > open source program to insert an obscure trap door or other artefact
>> > that is deliberately hard to detect in routine review. Here, a
>> > malicious hacker would use the open process not to find a vulnerability
>> > but to insert one at the outset'
>>
>> "It is possible for a hacker(sic) contributing to the development
>> team for a proprietary program to insert an obscure trap door or
>> other artefact that is deliberately hard to detect in routine
>> review. Here, a malicious hacker(sic) would use the closed process
>> not to find a vulnerability but to insert one at the outset"
>>
>
> Exactly, and because it is closed source, you have no oportunity to
> find the malicious code. This makes it more likely to have a problem
> with proprietary software than with open source, where anyone can
> review or audit the code. Proprietary software is always a big
> question mark, and there is nothing you can do about it.
For that reason, closed-source code is what crackers favour? What coding
style does Microsoft favour again? I guess the function call to PhoneHome()
isn't something they want visible.
--
~~ Best regards
Roy S. Schestowitz | Open the Gate$ to Hell
http://Schestowitz.com | Free as in Free Beer ¦ PGP-Key: 0x74572E8E
Load average (/proc/loadavg): 0.42 0.56 0.33 2/118 32021
http://iuron.com - semantic search engine project initiative
|
|
