Slashdot Mirror
al Qaeda Hacks XP?
acaird writes "According to this article at Newbytes, members of al Qaeda may have worked for Microsoft and planted "trojans, trapdoors, and bugs in Windows XP"."
This stuff screams of hoax to me, but it is showing up on the Washington
Post.
Where is this wonderful place you work?
I've worked for, lessee, eight companies over the years, ranging from the tiny to mammoth international corporations. Only two had code reviews.
At one, a well known company in the computer security field, code for a secure operating system base was reviewed by trust engineers - who were knowledgeable about the theory of security but who were not so knowledgeable about the programming language being use. We'd get questions like "what does char somecstring[16]; somecstring[0] = char(0); mean"?
At the other, a well-known aerospace contractor, reviews of code for a NASA project focused on making sure that your code met the formatting standards required - no one asked me anything at all about the semantics of my code.
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
Whatever. Excel used to have a flight simulator embedded in it, for crying out loud! IIS had a back door password of "Netscape Engineers are Weenies" spelled backwords.
Not to mention the fact that it seems like Windows has an exploit approximately every 3.5 seconds, and that's without access to the source. A terrorist at Microsoft wouldn't even have to try and embed backdoors into the software. They could just keep track of the exploitable buffer overflows and pass them on to their buddies instead of raising attention to them at Microsoft. Microsoft's entire defense stems around the fact that the "bad guys" don't have access to the code and must therefore guess where the problems are (and even still they have more than their share of problems). Someone on the inside (with access to the source) could easily subvert this process.