Security ?

JB jb.1234abcd at gmail.com
Thu Dec 16 20:31:00 UTC 2010


Les <hlhowell <at> pacbell.net> writes:

> ... 
> I don't see the message you are responding to, but what do you think
> would justify a back door?

The response is to a "revelation" about a backdoor (real or imagined).
As a matter of fact, it was made public, with names named, without any
backing it up.
To me it has a trash value.

I am not for putting a backdoor in every piece of software, so that some
authority feels safe and in control.

I did express my opinion that there are circumstances (I qualified them) that
would justify inserting a backdoor. They are not common; they are exceptional.

>  And are you including administrative
> operations a back door?  Is it impossible to administer a properly
> designed system without a back door?

I agree with you - there is no place for a backdoor to administer a system.
And I mean a system subject to standard purchase and maintenance agreement.
In special situations it is up to the software seller/service provider and
purchaser to make it a part of a contract between parties to have
e.g. a maintenance/debugging access to it. Official, and restricted in access.

> Some times good intentions and even debugging leads us astray.  Code
> gets "left behind" that should not, or enabled when it should not, or
> even inadvertently promulgated when it should not.

That's something different.
If you are a software development house and you need a backdoor (unofficial
access) to debug it, either in house or at client site, something is wrong
with your business, and ethics too.

> It has been shown that software can be developed and built into a
> compiler that will insert a back door into any code compiled by it.  The
> original intention was debugging, but the technique has other
> applications, not all good.
> 
> Do you know if your code includes such a back door?  How would you
> detect it?

I do not. And I do not pretend to.
My view is, everybody should assume that their software is not 100% secure, up
front.
It will liberate them. They will not fall into a trap.
The only thing secure and in our control is our head (our mind, our thoughts).

JB




More information about the users mailing list