[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Commercial PGP: Verifying Trustworthiness
--- Forwarded mail from Marc Horowitz <[email protected]>
>From [email protected] Mon Aug 30 23:40:01 1993
Received: from relay2.UU.NET by mail.netcom.com (5.65/SMI-4.1/Netcom)
id AA14421; Mon, 30 Aug 93 23:39:57 -0700
Received: from toad.com by relay2.UU.NET with SMTP
(5.61/UUNET-internet-primary) id AA10745; Tue, 31 Aug 93 02:40:50 -0400
Received: by toad.com id AA14781; Mon, 30 Aug 93 23:33:56 PDT
Received: by toad.com id AA14701; Mon, 30 Aug 93 23:31:26 PDT
Return-Path: <[email protected]>
Received: from Athena.MIT.EDU ([184.108.40.206]) by toad.com id AA14688; Mon, 30 Aug 93 23:31:23 PDT
Received: from OLIVER.MIT.EDU by Athena.MIT.EDU with SMTP
id AA00837; Tue, 31 Aug 93 02:28:59 EDT
Received: by oliver.MIT.EDU (AIX 3.2/UCB 5.64/4.7) id AA14903; Tue, 31 Aug 1993 02:28:52 -0400
Message-Id: <[email protected]>
To: [email protected]
Cc: [email protected], [email protected]
Subject: Re: Commercial PGP: Verifying Trustworthiness
In-Reply-To: Your message of Tue, 31 Aug 93 00:14:18 -0400.
Date: Tue, 31 Aug 93 02:28:52 EDT
From: Marc Horowitz <[email protected]>
Marc Horowitz <[email protected]> said:
>> I dunno. The early versions of UNIX had a back door in the login [...]
>I've let a lot of stupid comments go by, but I have to respond to this one.
>It is true that Dennis Ritchie (I believe, if not him, one of the
>other original UNIX authors) proposed such a login/compiler virus.
>But it wasn't in any early version of UNIX.
Stupid? Watch the flame bait...he merely overstated a touch. The back doors
weren't part of any of the full distributions, it's true, but they
were quite a bit more than proposals. Ken Thompson actually distributed
those back doors via a compiler update, warning of a security problem
and urging all sites to recompile. Most did, which inserted the back doors
into the programs. That's close enough to the original claim.
See the Ken Thompson & Dennis Ritchie Turing Award Lecture, which goes
into detail about this. The level of sneakiness involved was amazing.
Compilers are the ultimate security breach.