1998-11-23 - Re: Is Open Source safe? [Linux Weekly News]

Header Data

From: “Frank O’Dwyer” <fod@brd.ie>
To: Jim Burnes - Denver <jim.burnes@ssds.com>
Message Hash: 46f2439e0bcf86bf61916e82523148088519aea4a6bface98195ffcac20033dc
Message ID: <3659B24C.2E121981@brd.ie>
Reply To: <Pine.SOL.3.91.981123103958.1388A-100000@denver>
UTC Datetime: 1998-11-23 19:59:32 UTC
Raw Date: Tue, 24 Nov 1998 03:59:32 +0800

Raw message

From: "Frank O'Dwyer" <fod@brd.ie>
Date: Tue, 24 Nov 1998 03:59:32 +0800
To: Jim Burnes - Denver <jim.burnes@ssds.com>
Subject: Re: Is Open Source safe? [Linux Weekly News]
In-Reply-To: <Pine.SOL.3.91.981123103958.1388A-100000@denver>
Message-ID: <3659B24C.2E121981@brd.ie>
MIME-Version: 1.0
Content-Type: text/plain



Jim Burnes - Denver wrote:
> Already proven.  The emergent behavior of the Linux development model
> does not need centralized process to coordinate it.  People who had
> access to the source and were aware of the teardrop attack hacked a
> patch to it almost immediately.  The patch was widely available the
> next day.  How long did it take for microsoft?

Agreed, but that's a different issue. Here we're talking about
deliberately inserted back doors. Those can get extremely nasty, and may
be unpatchable. Examples include "data kidnap" (encrypting the target's
information in situ and demanding a ransom for the decryption key), and
"data cancer" (slow corruption of the target's information, ensuring
that the backups are also corrupted). Quickly patching the software that
delivers those attacks isn't anough--you need a defence against it being
introduced and activated in the first place. I haven't heard of any real
examples of such attacks, but that's not especially comforting.

Cheers,
Frank O'Dwyer.





Thread