Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
LWN.net Weekly Edition for May 9, 2013
(Nearly) full tickless operation in 3.10
Are you sure? The security update on their page seems to say that 0.7.17 is the solution, while this article says it is the problem.
Backdoor in e107 CMS version 0.7.17
Posted Jan 27, 2010 6:43 UTC (Wed) by njs (guest, #40338)
Posted Jan 28, 2010 10:34 UTC (Thu) by epa (subscriber, #39769)
Posted Jan 28, 2010 19:26 UTC (Thu) by njs (guest, #40338)
If you *really* want to compromise the users of some project, it's pretty straightforward -- just come up with a plausible pseudonym, and send some legitimate patches that "accidentally" introduce an old-fashioned security bug. All the crypto in the world won't help with that. There are plenty of people you'd expect to be expending real resources on this, too -- militaries, criminals, heck, security researchers (who build their reputation and consulting business through finding bugs). The only reason I can think of that we haven't caught anyone at it yet is that earnest engineers produce enough security holes that people who depend on security holes mostly don't find it worth the bother trying to add more.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds