Re: [ISN] China next to get access to Microsoft source code

From: InfoSec News (isnat_private)
Date: Fri Mar 14 2003 - 00:25:23 PST

  • Next message: InfoSec News: "[ISN] Federal Judge Sentences "Dr. Chaos" to 13 Years"

    Forwarded from: Kurt Seifried <listuserat_private>
    
    One thing I'm wondering. How do you KNOW that the code MS is showing
    you is "real", i.e. not something made up or several versions old?
    Essentially I can take a source rpm/tarball/whatever on a linux/bsd
    systems and chances are good I can create the exact same binary (MD5
    sum et all) as the binary shipped by a given project. Is this possible
    with MS's source code? You would have no idea if the source code they
    are showing you is actually the source code in use.
    
    I'm not trying to be paranoid or anything, but it makes me wonder. Yet
    another fun issue with proprietary software.
    
    
    Kurt Seifried, kurtat_private
    A15B BEE5 B391 B9AD B0EF
    AEB0 AD63 0B4E AD56 E574
    http://seifried.org/security/
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Mar 14 2003 - 02:28:42 PST