bkfsec wrote:
A few incidents ("NSA" backdoor) aside, Microsoft's history with security has been one of ineptness, not "maliciousness" per-se.
The Microsoft corporate entity may not be malicious in terms of purposefully planting backdoors with knowledge and consent of Gates et al (this assertion is of course questionable) however, individual programmers at Microsoft have probably planted backdoors on purpose. This happens frequently in many software shops.
The corporate culture at Microsoft made it easy to do so, and get away with it, as you so accurately described. Individual product managers who encouraged the least safe configurations and least safe feature/code designs might have done so for the purpose of preserving widespread access to such backdoors.
It would be relatively simple for Microsoft to determine whether any particular individuals were responsible for writing the bad code and deploying flawed architectures over and over again through the years.
Perhaps Microsoft has bothered to look into this by now, and has quietly dismissed the perpetrators.
Beware of ex-Microsoft programmers. Regards, Jason Coombs [EMAIL PROTECTED] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
