[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] Re: Popular Net anonymity service back-doored
- To: crypto@clouddancer.com
- Subject: [Full-Disclosure] Re: Popular Net anonymity service back-doored
- From: Bernhard Kuemel <darsie@gmx.at>
- Date: Sun, 24 Aug 2003 11:42:51 +0200
Hi!
Aron Nimzovitch wrote:
> Only a fool would blindly depend on someone else's software to gain
> anonymity without examining the code. If you need anonymity,
> then you should easily be willing to invest sweat equity, or
> have a contractual arrangement when the threat is only
> financial. For more serious threats requiring anonymity,
> not reviewing the source when it is available seems beyond
> stupid.
And surely you would apply your opinion to any kind of
cryptography like pgp, ssl, etc. There are millions of users out
there who do not have the skills (programming, mathematics) to
verify such code. Calling them beyond stupid for that is
inappropriate. Blindly relying on software may be foolish, but if
you keep an open eye for warnings from those that have the skills
and do verify the code of popular software it is ok.
And - who guarantees that the code that is published is the same
that is used on the servers? So reviewing code only helps if you
compile and use it yourself or maybe in situations like remailer
chains you rely on the assumption that at least one remailer will
use the published code. But JAP IMO is not a chain of independent
systems.
Bernhard
--
Low end Serverhousing ab 25 e inkl. 1x 11 e/GB, etc.: http://bksys.at
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html