5 votes

Jon Callas on What Snowden Is Telling Us

Via cryptome :


[...] In his summation, Thompson says:

The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect [...]

(Thompson again)
To what extent should one trust a statement that a program is free of Trojan horses? Perhaps it is more important to trust the people who wrote the software [...]

Jon Callas' WP page:




On Twitter:


Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Cyril's picture

IF all the software and network engineers REALLY WANTED,

IF all the software and network engineers REALLY WANTED, they would hold all these wanna-be tyrannical governments...


Let alone... the BANKSTERS' BALLS.

(Just try to use FORCE over entire populations without having to use any software nor any network, and without having to maintain any of those, nowadays. Just TRY...Right, IRS? Right, FBI? Right, CIA? Right, NSA? Right, ECB? Right, the Federal Reserve? ... F'ing losers.)

"Cyril" pronounced "see real". I code stuff.


"To study and not think is a waste. To think and not study is dangerous." -- Confucius