You can never be sure that when you find a security hole, you're the first
one to find it. Not even if it hasn't been announced before.
Think of national security agencies (NSA, and the Chinese, Russian,
British, French etc corresponding organisations), terrorist groups etc. I
would be surprised if most of these organisations wouldn't be actively
searching for security holes in commonly used software. And when somebody
like NSA is up to the task, there's reason to believe there have a lot of
resources - and skilled resources. Even more than the few sleepy eyes that
hack the the code after school and occasionally post their findings to
bugtraq.
What would be a better weapon for a IT warfare unit or a terrorist group
than a repidly spreading worm that destroys all the hard drives in the PC
machine? That would halt a whole nation's economy in no time. Or do you
think NSA (or similar) wouldn't want to be able to get in to any Windows,
Linux, *BSD box through holes nobody else knows about? For Windows, they
can force Microsoft to put in a NSA supplied backdoor, but for the open
source OS's, they'll just have to find holes before they are fixed (and
commonly known about).
Just a thought.
-- v --
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/