|
Grex > Jelly > #122: Backdoor or No Backdoor? |  |
|
| Author |
Message |
bellstar
|
|
Backdoor or No Backdoor?
| 
Dec 23 18:38 UTC 2010 |
> OpenBSD code audit uncovers bugs, but no evidence of backdoor
>
> OpenBSD project leader Theo de Raadt disclosed an e-mail earlier this
> month in which former NETSEC CTO Gregory Perry claimed that his company
> was paid by the FBI to plant a "backdoor" in the OpenBSD IPSEC stack.
> The allegations led to a thorough code review and historical analysis of
> the relevant code.
>
> [...]
-- http://is.gd/jjOZB
-- (redirects to Ars Technica)
I particularly liked this comment:
> If I put my tin foil hat on I'd say the source code could look 100% clean
> if the project's compiler/linker has something nasty to add.
In the light of this:
> Historically, back doors have often lurked in systems longer than anyone
> expected or planned, and a few have become widely known. Ken Thompson's
> 1983 Turing Award lecture to the ACM admitted the existence of a back
> door in early Unix versions that may have qualified as the most
> fiendishly clever security hack of all time. In this scheme, the C
> compiler contained code that would recognize when the login command was
> being recompiled and insert some code recognizing a password chosen by
> Thompson, giving him entry to the system whether or not an account had
> been created for him.
>
> Normally such a back door could be removed by removing it from the
> source code for the compiler and recompiling the compiler. But to
> recompile the compiler, you have to use the compiler . so Thompson also
> arranged that the compiler would recognize when it was compiling a
> version of itself, and insert into the recompiled compiler the code to
> insert into the recompiled login the code to allow Thompson entry . and,
> of course, the code to recognize itself and do the whole thing again the
> next time around! And having done this once, he was then able to
> recompile the compiler from the original sources; the hack perpetuated
> itself invisibly, leaving the back door in place and active but with no
> trace in the sources.
>
> The Turing lecture that reported this truly moby hack was later
> published as "Reflections on Trusting Trust", Communications of the ACM
> 27, 8 (August 1984), pp. 761--763 (text available at
> http://www.acm.org/classics/). Ken Thompson has since confirmed that
> this hack was implemented and that the Trojan Horse code did appear in
> the login binary of a Unix Support group machine. Ken says the crocked
> compiler was never distributed. Your editor has heard two separate
> reports that suggest that the crocked login did make it out of Bell
> Labs, notably to BBN, and that it enabled at least one late-night login
> across the network by someone using the login name "kt".
-- Jargon File, 'back door'
-- http://ftp.sunet.se/jargon/html/B/back-door.html
|
| 13 responses total. |
keesan
|
|
response 1 of 13:
|
Dec 23 18:47 UTC 2010 |
Shouldn't this be in a computer conference not agora?
|
nharmon
|
|
response 2 of 13:
|
Dec 23 18:59 UTC 2010 |
It is.
|
bellstar
|
|
response 3 of 13:
|
Dec 23 19:09 UTC 2010 |
Re #1:
> Computers:
> amiga - Commodore Amiga and its descendants
> graphics - Hardware, software, and techniques - learn, teach, [...]
> hardware - Nuts & Bolts
> internet - Navigating the information highway
> systems - Operating systems and programming of all kinds
> micros - Microcomputers of all types
> web - web page authoring, HTML
That was made before the intertubez became a superhighway and then transcended
that. Regardless, thanks to nharmon (?):
> 121 28 Fav editors
> <item is linked>
> 122 2 Backdoor or No Backdoor?
> <item is linked>
Also, I bet the "[very] general public" of Grex wouldn't regard this in
distaste.
|
jvmv
|
|
response 4 of 13:
|
Dec 24 01:16 UTC 2010 |
Hahahh... Brown-Nose got burned really bad!
|
jgelinas
|
|
response 5 of 13:
|
Dec 25 01:05 UTC 2010 |
Given the perennial discussion of which OS to use, Agora is a good place
for this to show up. :)
Almost as good as coop.
|
tsty
|
|
response 6 of 13:
|
Dec 25 20:45 UTC 2010 |
re 0 ... umm, waht was the date/time stamp on that clip? it makds a differenc
|
bellstar
|
|
response 7 of 13:
|
Dec 26 19:19 UTC 2010 |
Originally, it was December 22, I seem to remember.
|
tsty
|
|
response 8 of 13:
|
Dec 26 19:43 UTC 2010 |
1823 ?
|
bellstar
|
|
response 9 of 13:
|
Dec 27 17:48 UTC 2010 |
0xDEADBEEF
I have no idea what you're talking about. I imagined you asked the original
date of the Ars Techinca article linked to on #0.
|
tsty
|
|
response 10 of 13:
|
Dec 27 18:39 UTC 2010 |
yes, i did .. and one owuuld presume that a year would bve included. ???
|
bellstar
|
|
response 11 of 13:
|
Dec 27 19:03 UTC 2010 |
One would think that you'd infer the year quite easily. Alas, one would be
wrong.
|
madmike
|
|
response 12 of 13:
|
Jan 16 01:46 UTC 2011 |
good article - after that... not so much :\
|
butiki
|
|
response 13 of 13:
|
Aug 31 20:33 UTC 2017 |
|