On Monday 22 January 2001 09:43, you wrote:
> Hey Civileme:
> Could you please enlighten me/us as to what you meant by "...backdoors
> based on the phrase Netscape engineers are weenies (reversed) that go
> undiscovered for years." in a post to another list which was talking about
> the much ado over the recent redhat server security problem?
Heeheehee... OK
It might be in various archives, but it refers to Windows NT version 4 .
There was a backdoor in it based on a 62 character sliderule encryption
scheme with the key "Netscape engineers are weenies!" backwards. Microsoft
claimed it was unaware of the backdoor and promised to discover the employees
responsible; the headlines vanished, and apparently it also vanished from the
memory of most people. It had limited scope, but the summary is here:
http://www.securiteam.com/exploits/Dvwssr_dll_allows_downloading_of_ASP_source_code___Netscape_engineers_are_weenies__.html
and here:
http://archives.neohapsis.com/archives/bugtraq/2000-04/0059.html
This was some time after the flap about the second cryptographic key in
Windows not being a backup but actually a back door for the NSA (See
http://www.cryptonym.com and read their archives).
And there are many other back doors in commercial code which have even more
blatant consequences. http://www.insecure.org has some three-year old ones
for programs that will shock you. There are some games you may not want to
play again over the 'net. Of course, some have been open-sourced and fixed
since then. The point was and is, systems based on free software are
inherently more secure for the user.
Here's another example:
http://slashdot.org/article.pl?sid=01/01/11/1318207
Civileme
