Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: India cites security concerns, blocks Huawei bid to expand their indian ops

  • From: Steven M. Bellovin
  • Date: Thu Aug 18 11:48:39 2005

In message <>, Valdis.Kletni writes:
>Content-Type: text/plain; charset=us-ascii
>> Requesting the source code and/or having access to it is really
>> meaningless unless you have the skill and capabilities to compile it
>> *and* use it.  There is no sure way to know that the source code in your
>> left hand is what was used to compile the binary in your right hand.
>Even if you compile your left hand into your right hand.  See Ken Thompson's
>"Reflections On Trusting Trust" (  To
>complete the references, Reference 4 ("An unknown Air Force document") is
>Karger & Schell's paper on a Multics pen-test, which is available at
>Karger and Schell did a "30 years later" retrospective, also available at
>Between the India/Huawei thing and the MS05-039 mess, this is a good time for
>everybody who hasn't read all 3 of them to read them - under 40 pages for all 
>and the 24 pages of the first Karger&Schell you can probably skim.....)

Also bear in mind how hard it is to find a cleverly-concealed back 
door.  Think how hard it is for reviewers to find ordinary bugs, let 
alone one that someone tried to conceal.

		--Steven M. Bellovin,

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.