Mailinglist Archive: opensuse (1784 mails)

[mogmios@xxxxxxxxxxxxxxxxx (Michael)]

Date: Wed, 6 Dec 2000 14:17:05 -0600 (CST)
From: Michael <mogmios@xxxxxxxxxxxxxxxxx>
Message-ID: <Pine.LNX.4.21.0012061416330.8407-100000@xxxxxxxxxxxxxxxxx>
Subject: Re: [SLE] A very interesting paper by Ken Thompson..



Never trust anything that isn't opensource. Learn to code at least enough
to look for obvious holes. Is the only way to be safe. :)

*^*^*^*
Have the courage to take your own thoughts seriously, for they will shape
you. -- Albert Einstein

On Wed, 6 Dec 2000, Cliff Sarginson wrote:

> On Wednesday 06 December 2000 00:39, Jerry Kreps wrote:
> > I don't know if my email from work made it through the firewall
> > so I am resending the source for the pgp backdoor.
> >
> > http://www.cert.org/advisories/CA-2000-18.html
> >
> > JLK
> >
> > On Tuesday 05 December 2000 08:02, peter hollings wrote:
> > > It's interesting (from a civil liberties perspective) that there is
> > > a backdoor into PGP.  Can you tell me more? How did this come
> > > about?  Was it publicized?  Does encryption technology without
> > > backdoors exist?  If so, how can we be sure?
> > >
> > > Also, of potential interest is the FBI's "Carnivore" system.
> > > Carnivore basically automates the surveillance process on the
> > > Internet.  If one combines backdoors with surveillance, one has
> > > quite a capability.  For a recent study on Carnivore see:
> > > http://www.usdoj.gov/jmd/publications/carniv_entry.htm   .
> > >
> > > For SuSE this may be off-topic.  If we hear any objection, I
> > > propose that we move it off the list.
> > >
> I would think anyone on this list concerned with security would be
> well advised to take an interest in this !
> 
> (just when you thought it was safe to go into the water...)
> 
> Cliff
> 
> > > Regards,
> > >
> > > Peter Hollings
> > >
> > >
> > > ----- Original Message -----
> > > From: "Jerry Kreps" <jerrykreps@xxxxxxxxxxx>
> > > To: "zentara" <zentara@xxxxxxxxxxxxx>; "peter hollings"
> > > <phollings@xxxxxxxxxxxxxxxx>
> > > Cc: <adams@xxxxxxxxxxx>; <jkreps@xxxxxxxxxxxxxxx>; "suse-linux-e"
> > > <suse-linux-e@xxxxxxxx>
> > > Sent: Monday, December 04, 2000 5:28 PM
> > > Subject: Re: [SLE] A very interesting paper by Ken Thompson..
> > >
> > > > On Monday 04 December 2000 15:36, zentara wrote:
> > > > > peter hollings wrote:
> > > > > > Yes, the NSA is a possibility, but I'd be more concerned
> > > > > > about the ill effects on society that could be brought about
> > > > > > via a widely distributed, closed, proprietary system such as
> > > > > > Windows. It's another reason for using Linux.
> > > > >
> > > > > I'm an old windows basher, but as the article stated, no OS is
> > > > > immune to the microcode attack.
> > > > > I was discussing a while back whether pgp and other encryption
> > > > > programs had "backdoors" in them, the answer was "if it exists,
> > > > > it's in our c compilers", controlled by very high level people.
> > > > > I have a paranoid streak. :-)
> > > >
> > > > It's not paranoia if it true, and with regards to pgp it is true.
> > > >  The NSA backdoor to version 6.x of pgp (I don't remember if 5.x
> > > > has the backdoor) is verified.  That is why there was a recent
> > > > mass movement from pgp to gpg
> > > >
> > > > --
> > > > Scientific theories, according to Sir Karl Popper, can be
> > > > "falsified," or
> > >
> > > proven wrong, by experiment.
> > >
> > > > Unscientific theories -Marxist dialectical history and Freudian
> > > > psychology
> > >
> > > were Popper's favorites-
> > >
> > > > are formed in such a way that they cannot be falsified by data.
> > > >
> > > >
> > > >
> > > > --
> > > > To unsubscribe send e-mail to suse-linux-e-unsubscribe@xxxxxxxx
> > > > For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
> > > > Also check the FAQ at http://www.suse.com/support/faq
> 
> -- 
> To unsubscribe send e-mail to suse-linux-e-unsubscribe@xxxxxxxx
> For additional commands send e-mail to suse-linux-e-help@xxxxxxxx             
> Also check the FAQ at http://www.suse.com/support/faq      
>