[Full-disclosure] Steve Gibson smokes crack?

[Jason Coombs]

bkfsec wrote:
> A few incidents ("NSA" backdoor) aside, Microsoft's history with 
> security has been one of ineptness, not "maliciousness" per-se.

The Microsoft corporate entity may not be malicious in terms of 
purposefully planting backdoors with knowledge and consent of Gates et 
al (this assertion is of course questionable) however, individual 
programmers at Microsoft have probably planted backdoors on purpose. 
This happens frequently in many software shops.

The corporate culture at Microsoft made it easy to do so, and get away 
with it, as you so accurately described. Individual product managers who 
encouraged the least safe configurations and least safe feature/code 
designs might have done so for the purpose of preserving widespread 
access to such backdoors.

It would be relatively simple for Microsoft to determine whether any 
particular individuals were responsible for writing the bad code and 
deploying flawed architectures over and over again through the years.

Perhaps Microsoft has bothered to look into this by now, and has quietly 
dismissed the perpetrators.

Beware of ex-Microsoft programmers.

Regards,

Jason Coombs
jasonc at science.org