1998-11-23 - Re: Is Open Source safe? [Linux Weekly News]
Header Data
From: “Frank O’Dwyer” <fod@brd.ie>
To: Martin Minow <minow@pobox.com>
Message Hash: 9ec7d829872154d94e0e63463002791dc0cb1f934a6e59ffaa7ea26e5536b912
Message ID: <3659B025.756B888A@brd.ie>
Reply To: <Pine.SOL.3.96.981122232742.12779A-100000@sparkle>
UTC Datetime: 1998-11-23 19:55:39 UTC
Raw Date: Tue, 24 Nov 1998 03:55:39 +0800
Raw message
From: "Frank O'Dwyer" <fod@brd.ie>
Date: Tue, 24 Nov 1998 03:55:39 +0800
To: Martin Minow <minow@pobox.com>
Subject: Re: Is Open Source safe? [Linux Weekly News]
In-Reply-To: <Pine.SOL.3.96.981122232742.12779A-100000@sparkle>
Message-ID: <3659B025.756B888A@brd.ie>
MIME-Version: 1.0
Content-Type: text/plain
Martin Minow wrote:
> Frank O'Dwyer <fod@brd.ie> opines:
> >
> >Yes it does, but not quite in the same way. For example, I believe that
> >in days of yore some attackers managed to insert a back door into some
> >DEC OS by breaking into the coding environment (I don't recall the
> >details, does anyone else?).
>
> <http://www.acm.org/classics/sep95/> describes how the inventors
> of Unix inserted a backdoor into the Unix login program. It's well
> worth reading. However, there is no indication that this trojan
> horse ever shipped to customers.
No, that is a different incident. These were external attackers who
managed to patch the source, and as far as I know it did ship. Could be
an urban myth I guess, but it's clearly a plausible attack.
> >So in other words, not only _could_ this
> >happen with non-OSS, it _has_ happened, and no doubt it happens
> >reasonably often.
>
> I doubt it.
OK, "reasonably often" is overstating it, perhaps :)
Cheers,
Frank O'Dwyer.
Thread
Return to November 1998
- Return to “Adam Back <aba@dcs.ex.ac.uk>”
- Return to “Bill Stewart <bill.stewart@pobox.com>”
- Return to ““Frank O’Dwyer” <fod@brd.ie>”
- Return to “Jim Burnes - Denver <jim.burnes@ssds.com>”
- Return to “Jim Choate <ravage@einstein.ssz.com>”
- Return to “Martin Minow <minow@pobox.com>”
Return to “Vlad Stesin <rmiles@Generation.NET>”
- 1998-11-23 (Mon, 23 Nov 1998 11:57:42 +0800) - Is Open Source safe? [Linux Weekly News] - Jim Choate <ravage@einstein.ssz.com>
- 1998-11-23 (Mon, 23 Nov 1998 13:08:13 +0800) - Re: Is Open Source safe? [Linux Weekly News] - Vlad Stesin <rmiles@Generation.NET>
- 1998-11-23 (Mon, 23 Nov 1998 21:49:11 +0800) - Re: Is Open Source safe? [Linux Weekly News] - “Frank O’Dwyer” <fod@brd.ie>
- 1998-11-23 (Tue, 24 Nov 1998 02:43:29 +0800) - Re: Is Open Source safe? [Linux Weekly News] - Jim Burnes - Denver <jim.burnes@ssds.com>
- 1998-11-23 (Tue, 24 Nov 1998 03:59:32 +0800) - Re: Is Open Source safe? [Linux Weekly News] - “Frank O’Dwyer” <fod@brd.ie>
- 1998-11-23 (Tue, 24 Nov 1998 03:24:49 +0800) - how to insert plausibly deniable back-doors (Re: Is Open Source safe? [Linux Weekly News]) - Adam Back <aba@dcs.ex.ac.uk>
- 1998-11-25 (Thu, 26 Nov 1998 01:41:58 +0800) - Re: Is Open Source safe? [Linux Weekly News] - Bill Stewart <bill.stewart@pobox.com>
- 1998-11-23 (Tue, 24 Nov 1998 02:43:29 +0800) - Re: Is Open Source safe? [Linux Weekly News] - Jim Burnes - Denver <jim.burnes@ssds.com>
- 1998-11-23 (Tue, 24 Nov 1998 02:39:43 +0800) - Re: Is Open Source safe? [Linux Weekly News] - Martin Minow <minow@pobox.com>
- 1998-11-23 (Tue, 24 Nov 1998 03:55:39 +0800) - Re: Is Open Source safe? [Linux Weekly News] - “Frank O’Dwyer” <fod@brd.ie>
- 1998-11-23 (Mon, 23 Nov 1998 21:49:11 +0800) - Re: Is Open Source safe? [Linux Weekly News] - “Frank O’Dwyer” <fod@brd.ie>
- 1998-11-24 (Tue, 24 Nov 1998 14:40:24 +0800) - Re: Is Open Source safe? [Linux Weekly News] - Martin Minow <minow@pobox.com>
- 1998-11-23 (Mon, 23 Nov 1998 13:08:13 +0800) - Re: Is Open Source safe? [Linux Weekly News] - Vlad Stesin <rmiles@Generation.NET>