In message <[EMAIL PROTECTED]>, Matt Blaze writes:
>> But I still don't believe there are secret back-doors in commercial OSes
>> because such things are too hard to keep secret. And I think the Lotus
>> incident is more evidence that NSA isn't going to try to keep something
>> like that secret since they can't depend on it staying secret.
>
>I agree, assuming we're talking about *deliberate* back doors. But,
>as we all know all too well, the major commercial OSs have repeatedly
>proven to ship with bugs (and default configurations) that make them
>vulnerable to all kinds of mischief, secret back doors or not.
Precisely. Remember that NSA et al. -- as well as the industry of the country
they're trying to protect -- use those same systems. I don't think they'd
take the risk of such a back door leaking; it would endanger too many other
systems.
>
>But this a problem more believably attributed to the usual software bloat,
>bad quality assurance practices, incompetent programming, and overly
>aggressive schedules, than to the secret influence of spies.
Precisely.
--Steve Bellovin
