1998-11-25 - Re: Is Open Source safe? [Linux Weekly News]

Header Data

From: Bill Stewart <bill.stewart@pobox.com>
To: Martin Minow <cypherpunks@cyberpass.net
Message Hash: 368943a090b3f0669a780a78d39ddd2fdf13d774cc08870b1ff8b88825f29411
Message ID: <>
Reply To: <36595F29.C39B997A@brd.ie>
UTC Datetime: 1998-11-25 17:41:58 UTC
Raw Date: Thu, 26 Nov 1998 01:41:58 +0800

Raw message

From: Bill Stewart <bill.stewart@pobox.com>
Date: Thu, 26 Nov 1998 01:41:58 +0800
To: Martin Minow <cypherpunks@cyberpass.net
Subject: Re: Is Open Source safe? [Linux Weekly News]
In-Reply-To: <36595F29.C39B997A@brd.ie>
Message-ID: <>
MIME-Version: 1.0
Content-Type: text/plain

>Frank O'Dwyer <fod@brd.ie> opines:
>>Yes it does, but not quite in the same way. For example, I believe that
>>in days of yore some attackers managed to insert a back door into some
>>DEC OS by breaking into the coding environment (I don't recall the
>>details, does anyone else?).

At 09:43 AM 11/23/98 -0800, Martin Minow wrote:
><http://www.acm.org/classics/sep95/> describes how the inventors
>of Unix inserted a backdoor into the Unix login program. It's well
>worth reading. However, there is no indication that this trojan
>horse ever shipped to customers.

Well, try logging in as "ken", and I think the password was "nih" :-)
(At least when I was starting my Unix career, it was still common
to have logins "ken" and "dmr" around as a courtesy, though eventually
computer security changed that practice.)

Also, mixing up DEC and Unix has long tradition; back in 1979,
there was an article in one of the Oakland or SF papers about
"Hackers at Berkeley" cracking security on "the Unix, a computer 
made by DEC", which was really about abusing answerback on VT100s.

Bill Stewart, bill.stewart@pobox.com
PGP Fingerprint D454 E202 CBC8 40BF  3C85 B884 0ABE 4639