[Dshield] Password protected Bagle.F

John Hardin johnh at aproposretail.com
Mon Mar 1 20:40:37 GMT 2004


On Mon, 2004-03-01 at 12:12, Micheal Patterson wrote:

> What next? My worse case scenario is the day that someone, somewhere
> breeches the software storage, undetected, of a major software vendor or
> vendors, that specialize in compiler software for the masses. Inject a
> trojan into the core compiler code, that in turn adds the same backdoor to e
> verything that is touched by that compiler. People will tell everyone that
> it's not possible, it's just too protected, ad nauseum. I will never believe
> that anything that you can physically touch, or access through a networked
> computer system can be that well protected. On that note, there is always
> someone, somewhere, within the access chain has the ability to modify code,
> and the knowledge to bury it so deep that others will not detect it. The
> only real thing that has kept it from happening so far, imho, is the
> personal integrity of the person with those abilities and privileges.

You mean, something like Ken Thompson's root backdoor in the early Unix
C compilers?

--
John Hardin  KA7OHZ                           
Internal Systems Administrator/Guru               voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
-----------------------------------------------------------------------
  Failure to plan ahead on someone else's part does not constitute an
  emergency on my part.
                                  - David W. Barts in a.s.r
-----------------------------------------------------------------------
 Today: ICQ Corp goes away - have you installed Jabber yet?




More information about the list mailing list