Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Popular Net anonymity service back-doored
From: Bernhard Kuemel <darsie () gmx at>
Date: Sun, 24 Aug 2003 11:42:51 +0200

Hi!

Aron Nimzovitch wrote:
Only a fool would blindly depend on someone else's software to gain
anonymity without examining the code.  If you need anonymity,
> then you should easily be willing to invest sweat equity, or
> have a contractual arrangement when the threat is only
> financial.  For more serious threats requiring anonymity,
> not reviewing the source when it is available seems beyond
> stupid.

And surely you would apply your opinion to any kind of cryptography like pgp, ssl, etc. There are millions of users out there who do not have the skills (programming, mathematics) to verify such code. Calling them beyond stupid for that is inappropriate. Blindly relying on software may be foolish, but if you keep an open eye for warnings from those that have the skills and do verify the code of popular software it is ok.

And - who guarantees that the code that is published is the same that is used on the servers? So reviewing code only helps if you compile and use it yourself or maybe in situations like remailer chains you rely on the assumption that at least one remailer will use the published code. But JAP IMO is not a chain of independent systems.

Bernhard

--
Low end Serverhousing ab 25 e inkl. 1x 11 e/GB, etc.: http://bksys.at


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault