Information Security News mailing list archives
Re: Editorial comment: Scary hackers
From: "Dominick, David" <David.Dominick () DELTA-AIR COM>
Date: Mon, 30 Oct 2000 10:13:58 -0500
I totally disagree. Sorry to be so blunt, but this simply is not true. If the hackers would choose to flood the newsgroups with, say Office 2000 code, it would definitely hurt Microsoft. And after a the source code was altered with imbedded virus and trojan horses the public would be hurt too. This is not a Linux you are dealing with here. This is not a select group of highly skilled users that are driving the technology. This is Microsoft. Every Tom, Dick and Mary use this suite. They implicitly trust their code and have no way of verifying it is safe. Look at the recent virus that have come out just with people understanding the Windows APIs. Can you picture the havoc that will be reeked when people know the actually source code. Kernel level trojans and virus. No more macros virus; now there will be virus that call on the kernel itself. Wake up! Not everybody out there is a developer with pure motives. While it is true that many of us would love to see how the system works to try to improve it, there are still way too many who would be destructive to dare let the code become public. Just my opinion David Dominick "Did you get rid of all the voices in your head? Do you now miss them and the things that they said?" -----Original Message----- From: InfoSec News [mailto:isn () C4I ORG] Sent: Saturday, October 28, 2000 10:12 PM To: ISN () SECURITYFOCUS COM Subject: [ISN] Editorial comment: Scary hackers http://markets.ft.com/ft/gx.cgi/ftc?pagename=View&c=Article&cid=FT332XA3XEC& live=true Published: October 29 2000 19:47GMT Last Updated: October 29 2000 19:55GMT Scary stories are being told about how computer hackers infiltrated Microsoft's internal network. But if the company is correct they merely wandered around the network and looked at the source code for a future product. There is little in this to chill the spine, even around Hallowe'en. The worrying part is the thought that hackers may have copied or sabotaged the secret source code for its programs. The company says no important code - such as that for the Windows operating system - was copied, and no programs were damaged or altered. But what if they had been? Many groups, such as Microsoft, see intellectual property as their core asset, to be kept under wraps at all costs. If those secrets become publicly known, surely they have lost their value? No. Microsoft's strengths stem not from the individual techniques of its programmers but from its ability to design products skilfully, manage the process of creation, and exploit its brand. None of these is threatened by knowledge of the company's source code. A weaker software group might gain some benefit from knowing the source code for Windows or Word but it would not be transformed into a second Microsoft. The value of intellectual property lies not in the property itself but in the human systems that create and exploit it and the legal rights to use the property. Without those systems and rights, intellectual property is worthless. So, even if all Microsoft's source code is now on a hard disk in St Petersburg, the hackers may find it hard to extract much commercial benefit. The fear of sabotage has greater resonance. The worry is that access to Microsoft's network could have allowed hackers to subtly modify source code, making later releases of Microsoft's programs damaged or vulnerable. Even inspecting the source code might make it easier for hackers to attack computers around the world. This is an exaggerated fear - and in any case the company says it did not happen. But it reveals public concern about over-reliance on Microsoft. If Windows were only one of a number of competing operating systems, the possibility that it might become vulnerable would be a minor inconvenience. Anyone seriously worried by the threat could simply switch. The knowledge that there is no practical alternative gives such fears their power. Resentment about this dependence was one of the motives for the recent Microsoft antitrust case. Like all ghost stories, this one has a deeper message: beware over-reliance on a single set of programs, and a single set of programmers. ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN". ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Re: Editorial comment: Scary hackers Dominick, David (Oct 31)
- <Possible follow-ups>
- Re: Editorial comment: Scary hackers Nathan Dorfman (Nov 03)