From: Tony Williams 

Geo. wrote:

> Back to the open/closed source thing for a moment though..

Ok, but just for a moment 

> One of the things I learned while learning to hack was that if you can
> download and install whatever it is you are trying to hack, the job becomes
> a whole lot easier. If you can look inside it (read the source code) I
> believe it becomes even easier if you know what you are looking at.

To a certain extent yes, but see below.

> As an example, suppose I wanted to crack a remote desktop type app. If it
> were PCanywhere best I could do is buy a copy of it and try messing with it.
> If it were an open source remote desktop, I could download it free, download
> the source, and use the source as a starting point in writing an exploit or
> brute force password cracker. To my mind that is a huge advantage to a
> hacker.

Thing is, it's also a huge advantage to anyone wanting to hack-proof the
code. And with open source that's a lot of people. I think this balances
out and maybe even outweighs the advantage to the bad guys.

Another point to consider is that most exploits are of buffer overflows and
you don't need the source to find one of those.

Nope, I still think it's pretty much even, with the advantage going to
open-source because of the speed of bug fixes.

--
Tony

--- BBBS/NT v4.01 Flag-4