1998-11-23 - Re: Is Open Source safe? [Linux Weekly News]
Header Data
From: “Frank O’Dwyer” <fod@brd.ie>
To: Jim Burnes - Denver <jim.burnes@ssds.com>
Message Hash: 46f2439e0bcf86bf61916e82523148088519aea4a6bface98195ffcac20033dc
Message ID: <3659B24C.2E121981@brd.ie>
Reply To: <Pine.SOL.3.91.981123103958.1388A-100000@denver>
UTC Datetime: 1998-11-23 19:59:32 UTC
Raw Date: Tue, 24 Nov 1998 03:59:32 +0800
Raw message
From: "Frank O'Dwyer" <fod@brd.ie>
Date: Tue, 24 Nov 1998 03:59:32 +0800
To: Jim Burnes - Denver <jim.burnes@ssds.com>
Subject: Re: Is Open Source safe? [Linux Weekly News]
In-Reply-To: <Pine.SOL.3.91.981123103958.1388A-100000@denver>
Message-ID: <3659B24C.2E121981@brd.ie>
MIME-Version: 1.0
Content-Type: text/plain
Jim Burnes - Denver wrote:
> Already proven. The emergent behavior of the Linux development model
> does not need centralized process to coordinate it. People who had
> access to the source and were aware of the teardrop attack hacked a
> patch to it almost immediately. The patch was widely available the
> next day. How long did it take for microsoft?
Agreed, but that's a different issue. Here we're talking about
deliberately inserted back doors. Those can get extremely nasty, and may
be unpatchable. Examples include "data kidnap" (encrypting the target's
information in situ and demanding a ransom for the decryption key), and
"data cancer" (slow corruption of the target's information, ensuring
that the backups are also corrupted). Quickly patching the software that
delivers those attacks isn't anough--you need a defence against it being
introduced and activated in the first place. I haven't heard of any real
examples of such attacks, but that's not especially comforting.
Cheers,
Frank O'Dwyer.
Thread
Return to November 1998
- Return to “Adam Back <aba@dcs.ex.ac.uk>”
- Return to “Bill Stewart <bill.stewart@pobox.com>”
- Return to ““Frank O’Dwyer” <fod@brd.ie>”
- Return to “Jim Burnes - Denver <jim.burnes@ssds.com>”
- Return to “Jim Choate <ravage@einstein.ssz.com>”
- Return to “Martin Minow <minow@pobox.com>”
Return to “Vlad Stesin <rmiles@Generation.NET>”
- 1998-11-23 (Mon, 23 Nov 1998 11:57:42 +0800) - Is Open Source safe? [Linux Weekly News] - Jim Choate <ravage@einstein.ssz.com>
- 1998-11-23 (Mon, 23 Nov 1998 13:08:13 +0800) - Re: Is Open Source safe? [Linux Weekly News] - Vlad Stesin <rmiles@Generation.NET>
- 1998-11-23 (Mon, 23 Nov 1998 21:49:11 +0800) - Re: Is Open Source safe? [Linux Weekly News] - “Frank O’Dwyer” <fod@brd.ie>
- 1998-11-23 (Tue, 24 Nov 1998 02:43:29 +0800) - Re: Is Open Source safe? [Linux Weekly News] - Jim Burnes - Denver <jim.burnes@ssds.com>
- 1998-11-23 (Tue, 24 Nov 1998 03:59:32 +0800) - Re: Is Open Source safe? [Linux Weekly News] - “Frank O’Dwyer” <fod@brd.ie>
- 1998-11-23 (Tue, 24 Nov 1998 03:24:49 +0800) - how to insert plausibly deniable back-doors (Re: Is Open Source safe? [Linux Weekly News]) - Adam Back <aba@dcs.ex.ac.uk>
- 1998-11-25 (Thu, 26 Nov 1998 01:41:58 +0800) - Re: Is Open Source safe? [Linux Weekly News] - Bill Stewart <bill.stewart@pobox.com>
- 1998-11-23 (Tue, 24 Nov 1998 02:43:29 +0800) - Re: Is Open Source safe? [Linux Weekly News] - Jim Burnes - Denver <jim.burnes@ssds.com>
- 1998-11-23 (Tue, 24 Nov 1998 02:39:43 +0800) - Re: Is Open Source safe? [Linux Weekly News] - Martin Minow <minow@pobox.com>
- 1998-11-23 (Tue, 24 Nov 1998 03:55:39 +0800) - Re: Is Open Source safe? [Linux Weekly News] - “Frank O’Dwyer” <fod@brd.ie>
- 1998-11-23 (Mon, 23 Nov 1998 21:49:11 +0800) - Re: Is Open Source safe? [Linux Weekly News] - “Frank O’Dwyer” <fod@brd.ie>
- 1998-11-24 (Tue, 24 Nov 1998 14:40:24 +0800) - Re: Is Open Source safe? [Linux Weekly News] - Martin Minow <minow@pobox.com>
- 1998-11-23 (Mon, 23 Nov 1998 13:08:13 +0800) - Re: Is Open Source safe? [Linux Weekly News] - Vlad Stesin <rmiles@Generation.NET>