On Wed, Jun 25, 2003 at 12:02:39PM +0100, Pete Chown wrote: > On the other hand, once a back door is installed in binary-only > software, it is much less likely to be found. The Interbase back door > was only found when the source was opened.
I doubt the truth of this statement. Certainly, the back door was only published after the source was opened. But, just as Matt Blaze found out when he published his attack on pin-and-tumbler locks, fields other than computer security do not have a culture of public disclosure. In all likelihood the Interbase back door was discovered and carefully promulgated among the gray- and black-hat communities interested in that product. Closed-source is not much of a guarantee in the face of a determined attacker. Or in the face of a large number of capable, interconnected, curious hackers (in the traditional sense of the word). -andy --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]