Questions for Brett Glass (Score 1)

Brett Glass, After reading and analysing the a few of your articles and posts, and tfish's replies to your posts, I've had a few questions, that I'd like clarified not only for myself, but for the public. 1) you state numerous times that there could be backdoors in back orifice 2000, yet it is open source. You also state that you are aware of the fact that this project is open source but still you state there could be a backdoor. The whole idea behind open source and the GPL movement (if you want to call it that) is that you can read the source and modify it (if you see the need to). So, you can actually see what the program does (if you are competent enough to read the code). The question is this. Wouldn't it be more probable to have a backdoor if it were a closed source project? since the public can't see the source, the programmer could more than easily hide a backdoor in the software. this can be true for any closed source project. even closed source operating systems, such as Windows 95/98/NT and the 2000 series. so you'd think, that open source, which means you can get the actual source for the program being executed on your machine, would be more adventagous as far a security issue, right? 2) you state on numerous occasions that you believe cdc and/or the production team of backorifice 2000 purposely infected the defcon 7 distrobution cd's with the CIH virus. Isn't there a more probably solution? the CIH virus like a good number of virii is both memory resident and infects .exes, which means that when the infected program is run, it loads itself into memory and waits until another .exe is executed and infects it. Now, the solution that I think is most probable explaination is this (btw, I am in no way associated with the production and distrobution of the bo2k cds) one of the developers and/or testers had downloaded a program infected with the CIH virus, which is one of the most common virii in curculation on the net, thus it is labeled wild. they ran this program, thus infecting their machine. they ran the .exe that was later to be put on the cd, with out knowing that the virus had infected their machine. this file was passed onto the the machine that wrote the bo2k cd's which were distributed. thus the cd's had infected binaries on them. REMEMBER: probability over possiblity its more possible that this happened than what you claimed to have happened. in fact, I recieved a product demo cd from a large michigan mining and production corporation in which I am a stockholder (no I'm not naming names, I don't do that) the cd's autorun was infected with the same CIH virus, and they accidentally sent this cd to all of their investors... do you think they did that on purpose? I don't blame the people who burnt the cds, I blame the people who write the virii. what's your view on this? 3) after reading your articles I get this impression. When I was in sixth grade I used to write papers, and as wrote I used a thesarus and inserted words which I thought made sense how I inserted them. Now that I look back on these papers I laugh because the words were used totally out of context and make no sense. This is true of alot of the terms you paste into your writings. An example of this is when you use the term "security through obscurity". this term and your article go entirely different directions. What point are you trying to make by referencing such terms even though you (from my interpertation) don't have a real grasp on the meaning? if you could post a reply it would be most appreciated. Thanks -Optyx http://www.uberhax0r.net