Sponsored link
Vyatta –
Linux & Open Source
Alternative to Cisco –
Advanced Routing,
Firewall, VPN, QoS..
Free Download ->
| |||||||||||
An attempt to backdoor the kernelAn attempt to backdoor the kernelPosted Nov 6, 2003 19:59 UTC (Thu) by ksmathers (subscriber, #2353)Parent article: An attempt to backdoor the kernel I've been thinking about this since it was noticed yesterday evening, and it has me somewhat worried. It seems to me to be a very irresponsible thing to do to the kernel -- what could the hacker have possibly been thinking that would justify creating such a big hole in what would have been (if successful) a pretty major hole in almost every Linux distribution within about a year. If the problem had made it as far as the distributions, anyone who found the backdoor could come along later and criticize the Linux development processes, to the terrible detriment of the system and any trust that has developed in the system. What personal use of the backdoor could possibly justify such terrible potential repercussions? Honestly, it just makes me sick to think about it.
(Log in to post comments)
An attempt to backdoor the kernel Posted Nov 6, 2003 20:09 UTC (Thu) by allesfresser (subscriber, #216) [Link] Perhaps the cracker in question wasn't after mere personal backdoor access--is it outside the realm of possibility that the code was inserted (or attempted to be inserted) specifically to denigrate the reputation of Free software?I don't think it's a very big stretch to contemplate malicious intent in that regard, especially when people like SCO and company can blather on all day and not get slapped for it.
An attempt to backdoor the kernel Posted Nov 6, 2003 21:00 UTC (Thu) by proski (subscriber, #104) [Link] Political motivation of the attacker is possible, but I don't think this attack was sponsored by a corporation - it's too naive both in code ("=" vs. "==") and in implementation of the attack (attacking a gateway rather than the master repository). We should be prepared to more serious attacks.
An attempt to backdoor the kernel Posted Nov 7, 2003 18:07 UTC (Fri) by minichaz (subscriber, #630) [Link] Thats silly. It's almost the perfect backdoor. A quick scan of the code concerned and you don't notice anything wrong and if anyone does spot it later it looks like it might be a typo.Hard to spot, subtle, easy to trigger and easily deinable. What more could you want from a backdoor?
An attempt to backdoor the kernel Posted Nov 6, 2003 23:02 UTC (Thu) by tjc (subscriber, #137) [Link] ...is it outside the realm of possibility that the code was inserted (or attempted to be inserted) specifically to denigrate the reputation of Free software?Hmm, I wonder if this particular bit of code would have violated any SCO copyrights if it had remained in the kernel undetected. ;-)
An attempt to backdoor the kernel Posted Nov 7, 2003 0:12 UTC (Fri) by dvrabel (subscriber, #9500) [Link] Maybe the CIA was involved too?Inserting backdoors isn't your standard marketing tactic. Outright lies (SCO style) are however.
An attempt to backdoor the kernel Posted Nov 7, 2003 15:36 UTC (Fri) by allesfresser (subscriber, #216) [Link] Lately we've been dealing with entities that seem pretty willing to use 'non-standard marketing tactics'. Certainly it would be in a few parties' interest to make an exploit in the kernel look like it came from a 'teenage hacker' (the stereotype is de rigeur, of course), and spread more FUD about Linux.There are, of course, plenty of teenagers (and old geezers like myself, for that matter) out there that are mischievous and talented enough to do something like that on their own, but it sure looks conveniently advantageous for certain well-known (perhaps even infamous?) commercial entities...
|
|||||||||||