[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Is Open Source safe? [Linux Weekly News]

To: Martin Minow <[email protected]>
Subject: Re: Is Open Source safe? [Linux Weekly News]
From: "Frank O'Dwyer" <[email protected]>
Date: Mon, 23 Nov 1998 18:57:41 +0000
CC: [email protected]
Organization: Rainbow Diamond Limited
References: <Pine.SOL.3.96.981122232742.12779A-100000@sparkle> <v03102800b27f4dc25a93@[17.202.40.158]>
Sender: [email protected]


Martin Minow wrote:
> Frank O'Dwyer <[email protected]> opines:
> >
> >Yes it does, but not quite in the same way. For example, I believe that
> >in days of yore some attackers managed to insert a back door into some
> >DEC OS by breaking into the coding environment (I don't recall the
> >details, does anyone else?).
> 
> <http://www.acm.org/classics/sep95/> describes how the inventors
> of Unix inserted a backdoor into the Unix login program. It's well
> worth reading. However, there is no indication that this trojan
> horse ever shipped to customers.

No, that is a different incident. These were external attackers who
managed to patch the source, and as far as I know it did ship. Could be
an urban myth I guess, but it's clearly a plausible attack.

> >So in other words, not only _could_ this
> >happen with non-OSS, it _has_ happened, and no doubt it happens
> >reasonably often.
> 
> I doubt it.

OK, "reasonably often" is overstating it, perhaps :) 

Cheers,
Frank O'Dwyer.

References:
- Re: Is Open Source safe? [Linux Weekly News]
  - From: Vlad Stesin <[email protected]>
- Re: Is Open Source safe? [Linux Weekly News]
  - From: Martin Minow <[email protected]>

Prev by Date: how to insert plausibly deniable back-doors (Re: Is Open Source safe? [Linux Weekly News])
Next by Date: Re: Is Open Source safe? [Linux Weekly News]
Prev by thread: Re: Is Open Source safe? [Linux Weekly News]
Next by thread: Re: Is Open Source safe? [Linux Weekly News]
Index(es):
- Date
- Thread