Not logged in
Log in now
Create an account
Subscribe to LWN
Pencil, Pencil, and Pencil
Dividing the Linux desktop
LWN.net Weekly Edition for June 13, 2013
A report from pgCon 2013
Little things that matter in language design
Backdoor in e107 CMS version 0.7.17
Posted Jan 26, 2010 14:22 UTC (Tue) by cdman (guest, #63220)
Posted Jan 26, 2010 14:31 UTC (Tue) by johill (subscriber, #25196)
Posted Jan 27, 2010 6:43 UTC (Wed) by njs (guest, #40338)
Posted Jan 28, 2010 10:34 UTC (Thu) by epa (subscriber, #39769)
Posted Jan 28, 2010 19:26 UTC (Thu) by njs (guest, #40338)
If you *really* want to compromise the users of some project, it's pretty straightforward -- just come up with a plausible pseudonym, and send some legitimate patches that "accidentally" introduce an old-fashioned security bug. All the crypto in the world won't help with that. There are plenty of people you'd expect to be expending real resources on this, too -- militaries, criminals, heck, security researchers (who build their reputation and consulting business through finding bugs). The only reason I can think of that we haven't caught anyone at it yet is that earnest engineers produce enough security holes that people who depend on security holes mostly don't find it worth the bother trying to add more.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds