From owner-freebsd-questions Mon Aug 14 6:42: 5 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mail-in-02.piro.net (mail-out-01.piro.net [194.64.31.11]) by hub.freebsd.org (Postfix) with ESMTP id 7216137C00F for ; Mon, 14 Aug 2000 06:41:55 -0700 (PDT) (envelope-from marc.vanwoerkom@science-factory.com) Received: from nil.science-factory.com (ScienceFactory-atm1-153.piro.net [195.135.137.205]) by mail-in-02.piro.net (8.9.3/8.9.3/PN-991208) with ESMTP id PAA30787; Mon, 14 Aug 2000 15:41:48 +0200 Received: by nil.science-factory.com (Postfix, from userid 501) id DB1AC2002; Mon, 14 Aug 2000 15:39:59 +0200 (CEST) From: Marc van Woerkom To: christian@jacken.net Cc: questions@FreeBSD.org In-reply-to: Subject: Re: How safe is FreeBSD? References: Message-Id: <20000814133959.DB1AC2002@nil.science-factory.com> Date: Mon, 14 Aug 2000 15:39:59 +0200 (CEST) Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > and "you say that Microsoft > or NSI possibly have a backdoor to Windows2000, but how can we be sure that > there is no backdoor in Red Hat or FreeBSD"? Hmm.. if it is just about backdoors then it is clear that it is still possible to have hidden vulnerabilities in an open source code, but it is obviously much, much harder to hide such before all eyes than with closed code. There are a couple of security gurus who say that the strongness of a security system should not rely on hidden information about its workings. Look for "security by obscurity". A nice page is this one (by renowned expert Bruce Schneier) http://www.counterpane.com/crypto-gram.html Especially Microsoft was accused to have a backdoor, this is Schneier's opinion on the incident (who thinks it was a bad choice in naming) http://www.counterpane.com/crypto-gram-9909.html#NSAKeyinMicrosoftCryptoAPI Regards, Marc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message