WHITE PAPERS SPONSORED PROFILES JOB BOARD WEBINAR CENTER FREE SOFTWARE BZ RESEARCH ALMSHAREPOINT EVENTS CALENDAR PRINT/PDF EDITION PRINT/PDF BACK ISSUES

SUBSCRIBE TODAY CUSTOMER SERVICE EDITORIAL BEATS GUEST VIEW GUIDE SD TIMES 100 GUIDE EVENTS CALENDAR ADVERTISING ARTICLE REPRINTS REPORT A BUG SITE MAP

ABOUT US BZ MEDIA NEWS BZ RESEARCH NEWS ON MONDAY SPTECHREPORT SPTECHWEB SPTECHCON IPHONE/IPAD DEVCON ANDROID DEVCON PRIVACY POLICY CONTACT US

HOME >> OPINIONS

Letters to the Editor: Backdoors lead to programmatic problems

By SD Times Editorial Board

November 11, 2011 — (Page 1 of 2)
(Re: "Capers Jones: Too many bugs are still reaching end users,"), the sad truth is that while too many developers and organizations fail to avail themselves of ready-to-hand bug remediation, we have a worse problem that goes unmentioned.

Many developers and organizations include flaws quite consciously to allow government intelligence and law enforcement (as well as other purported stakeholders, usually copyright and software-patent vigilantes) multiple layers of access to end-user systems. In a community propagandized to believe it is incapable in standard cases of producing functional products without potentially catastrophic defects, "bugs" provide ready deniability and misdirection on the uncomfortable subject of backdoors.

A few years back, prompted by repeated attacks on my own systems, I looked into exploits, backdoors, and the huge difficulties involved in defending networks against crime in a world driven around the bend by 9/11, with the thought that I would publish the results. What I found was astonishing. The level of industry and developer complicity in rendering our machines and networks defenseless was completely dispiriting.

Sadly, on a lot of machines, copyright jackals, government spooks, and gangsters from Eastern Europe all visit using the same protocols, the same exploits, and the same general code, give or take some sloppiness and repackaging. (Not to mention double translation to put investigators off the scent: It is common for all of the above to use a surface layer of Japanese, Thai or, above all, Chinese, only to find after reversing and extracting that all the important hidden stuff is in English and once in a while Russian.)

Which ones we call the criminals can be a matter of perspective. For me, they were all criminals—the spies and contractors, the software watchdogs, and the identity thieves and botnet resellers, each up to no good. And the ones who terminated my last machine were the ones you might least expect.

It is important to face these issues. Project leaders need to learn how remote exploits and backdoors work and how developers can introduce them. Organizations need to resist the urge to use them and to tolerate their introduction. The introduction of backdoors never ends well, and they never remain the domain of those who insist upon their presence.

Related Search Term(s): bug tracking, MySQL, QA, SQL Server

Pages 1 2

Share this link: http://sdt.bz/36105

Most Read Latest News Blog Resources

Zeichick’s Take: The handheld and the tablet, circa 1976
Texas Instruments' and Hewlett-Packard's calculators were doing things decades ago we take for granted today

Google talks tools at AnDevCon III
New 3D debugging tool and recent ADK changes are detailed by Google developers at the third Android Developer Conference

Android is the focus of two new design tools
Anywhere Software and Xamarin provide ways for developers to create and test their applications on PCs

Achievements and learning: Gamification comes to businesses and schools
Startup takes page from gamers by offering achievement marks to get developers more engaged in their projects

Virtualization: Not just for machines anymore
Network virtualization allows multi-tiered applications to behave as though they were in a physical network

Achievements and learning: Gamification comes to businesses and schools
Startup takes page from gamers by offering achievement marks to get developers more engaged in their projects

Google talks tools at AnDevCon III
New 3D debugging tool and recent ADK changes are detailed by Google developers at the third Android Developer Conference

SmartBear rolls out new quality solution: API Complete
Software gives organizations ability to write test scripts and monitor APIs by bridging the DevOps divide

Creation
To write better software, cultivate your ability to be creative.

Slick...but who needs it?
compilr.com is a well-designed site and the folks behind it seem to have their heart in the right place. But...who needs it?

How to be a better software developer
Want to be a better developer? You won't get there by mastering an interesting language or learning a new set of APIs.

Wooing Galatea
Do yourself a favor and check out Galatea 2.2, a wonderful book by novelist Richard Powers.

Five SCM Best Practices Two-thirds of all software projects fail, according to the Standish Group’s CHAOS study. Improper usage of software configuration management...

Best Practices for Branching and Merging Patterns

Development teams often create a branching pattern, usually drawn out on a white board or in a Visio document, that is used as a model to...

Automated Error Reporting We invite you to read a short e-zine that tells you all about automated error reporting for .NET applications. This 8-page e-zine is packed...

The End of Application Redeploys Imagine that every time you wanted to write, send or receive an email, you needed to restart your computer. How much time would this take, a...

Technorati

Digg

Slashdot

Facebook

Friendfeed

Twitter

del.icio.us

Microsoft readies small business and mid-market server offerings Microsoft's Essentials series of Windows Server products will become available in November, bringing with it a price increase for Small Business Server, as well as a new mid-market product.

Oracle's WebLogic now available for grid-hosted apps A slew of announcements from Oracle also include updated versions of the JDeveloper IDE, the Oracle Application Development Framework, TopLink and a pair of integration packs. EclipseLink will be supported by Oracle as well.

SQL is still more popular than NoSQL But the true answer to the database access question seems to be “a little from column A, a little from column B”

Add comment

Name*
Email*
Country

Comment

Microsoft readies small business and mid-market server offerings
Microsoft's Essentials series of Windows Server products will become available in November, bringing with it a price increase for Small Business Server, as well as a new mid-market product Read More...

News on Monday
more>>
SharePoint Tech Report
more>>

Download Current Issue
MAY 2012 PDF ISSUE

Need Back Issues?
DOWNLOAD HERE

Want to subscribe?

Creation
To write better software, cultivate your ability to be creative.
05/19/2012 07:40 PM EST

Slick...but who needs it?
compilr.com is a well-designed site and the folks behind it seem to have their heart in the right place. But...who needs it?
05/16/2012 12:45 PM EST

How to be a better software developer
Want to be a better developer? You won't get there by mastering an interesting language or learning a new set of APIs.
05/14/2012 12:18 PM EST

Wooing Galatea
Do yourself a favor and check out Galatea 2.2, a wonderful book by novelist Richard Powers.
05/12/2012 07:05 PM EST

The world as story
An artificial-intelligence system at Carnegie Mellon seeks to understand the world by making statements about it.
05/10/2012 06:39 AM EST

The Rise of the Brogrammer, or the Rise of the Sexist Programmer?
Women in Silicon Valley get vocal about sexist ads and campaigns that contribute to a tense work environment.
05/09/2012 03:14 PM EST