 |
More of my sitesWinInfo Daily News
|
About this siteFor six years, the Internet Nexus served as my technology blog, but I've since started blogging at the SuperSite Blog instead. If you're looking for the blog, please head there. --Paul Tuesday, December 02, 2003Eric Raymond is insaneIn a long and, yes, fascinating interview, Open Source poster boy Eric Raymond fools a fawning group of questioners into believing everything he says. But as is so often the case, upon closer examination, Raymond's often-insane beliefs are quite easily proven false. It's impossible to even know where to start, so I'll leave you with a very obvious example. Toward the end of the interview, Raymond uses a long-disproved example of a supposed NSA cryptographic key in Microsoft Office as proof that closed systems like those from Microsoft are insecure for government use (he also neatly skips over the fact that governments can freely view the source code for Windows, but anyway...), an allegation that is so wrong-headed, it's almost astonishing he would use it. "It was discovered that there were a couple of undocumented cryptographic keys in Microsoft Office Suite, one of which was actually labeled internally NSA," Raymond tells his audience. "And at the point when that came out, a lot of intelligence agencies all over the world said, wait a second, we can't afford to have Microsoft Window's software, office software in our sensitive applications, that's a Trojan horse right in the heart of what we're doing. And that is a hidden but very powerful motivator behind even friendly governments going to open-source software where they can audit everything that's going on." Hey, that sounds amazing. Too bad it isn't what happened. "Microsoft dismissed [the] charges as nonsense," a Wired story from 1999 reads. "The company said that the key was named after the spy agency merely to reflect the fact that it had passed a technical review that the agency requires of all security software intended for export. The _NSAKEY is one of two such keys buried deep in the cryptography source code of most Windows operating systems. In other reports, Microsoft said that the _NSAKEY is still a Microsoft-controlled key that will serve as a backup in the event that the first key is compromised." "The key is a Microsoft key -- it is not shared with any party including the NSA," said Windows NT security product manager Scott Culp. "We don't leave backdoors in any products." [ Posted at 12:42 PM | Permalink ]
|
|
Nexus Home | Nexus Archives | Email Paul
|