Thwarted Linux backdoor hints at smarter hacks

Software developers on Wednesday detected and thwarted a hacker's scheme to
submerge a slick backdoor in the next version of the Linux kernel, but
security experts say the abortive caper proves that extremely subtle source
code tampering is more than just the stuff of paranoid speculation.

http://www.securityfocus.com/news/7388

-----
Registered Linux user #334297

On 2003-11-07, Wee Bit Tall <just@the.zoo> wrote:

> Software developers on Wednesday detected and thwarted a hacker's scheme to
> submerge a slick backdoor in the next version of the Linux kernel, but
> security experts say the abortive caper proves that extremely subtle source
> code tampering is more than just the stuff of paranoid speculation.

OTOH, the fact that it was quickly discovered while in CVS suggests that
the linux kernel code is pretty well vetted before it is officially
released.

--

-John (JohnThompson@new.rr.com)

John Thompson wrote:
> On 2003-11-07, Wee Bit Tall <just@the.zoo> wrote:

>> Software developers on Wednesday detected and thwarted a hacker's scheme
>> to
>> submerge a slick backdoor in the next version of the Linux kernel, but
>> security experts say the abortive caper proves that extremely subtle
>> source code tampering is more than just the stuff of paranoid
>> speculation.
>
> OTOH, the fact that it was quickly discovered while in CVS suggests that
> the linux kernel code is pretty well vetted before it is officially
> released.

And as a further note, backdoors have actually been in released versions of
closed-source applications. Quake server is one case where such was
discovered. A backdoor in Interbase was only discovered because the code
was made open source... and had been in there for a good six years before
that. And don't forget the "maintenance accounts" that old IBM and DEC
systems came with by default... and continued to place in their systems
even when it was well-known that people were using them to break in.

The code review that open source software undergoes makes it much *less*
likely that someone can successfully put in and *keep in* a backdoor. It
takes no "paranoid speculation" to know that backdoors *have been* put in
closed-source systems, and stayed there for years.

--
ZZzz |\ _,,,---,,_ Travis S. Casey <efindel@earthlink.net>
/,`.-'`' -. ;-;;,_ No one agrees with me. Not even me.
|,4- ) )-,_..;\ ( `'-'
'---''(_/--' `-'\_)

Datagram from John Thompson incoming on netlink socket
<slrnbqoaj8.5nh.john@starfleet.os2.dhs.org>. Dumping datagram.
>
> OTOH, the fact that it was quickly discovered while in CVS suggests that
> the linux kernel code is pretty well vetted before it is officially
> released.

Actually, the backdoor code caused inconstiences between BK and CVS
repositorys which caused script run by cron to fail. The subsequent
investingation revealed the backdoor.

-Ilari
--
Quite frankly, I'd rather have no frogs at all in my blenders, thank
you very much. -- Linus Torvalds
Linux LK_Perkele_IV9 2.4.22-rc3 #2 Sun Aug 24 14:36:19 EEST 2003 i686 unknown
1:21pm up 55 days, 2:16, 11 users, load average: 0.00, 0.02, 0.00

"Wee Bit Tall" <just@the.zoo> wrote in message news:<qTDqb.14163$9M3.12419@newsread2.news.atl.ear thlink.net>...
> Software developers on Wednesday detected and thwarted a hacker's scheme to
> submerge a slick backdoor in the next version of the Linux kernel, but
> security experts say the abortive caper proves that extremely subtle source
> code tampering is more than just the stuff of paranoid speculation.
>
> http://www.securityfocus.com/news/7388
>
> -----
> Registered Linux user #334297


Do let's all try to remember that about 18 months ago, someone cracked
Microsoft and stole the source code to one of their projects. Let us
also remember that the specific project name was never released and
let us try not to forget that access to "proprietary" source code is a
peculiar advantage while access to "open source" code is just access.

Yeah, the open source code bases are vastly more "well vetted" than
the closed source ones.

-m-

osiris@deltaville.net (Michael Erskine) writes:

>let us try not to forget that access to "proprietary" source code is a
>peculiar advantage while access to "open source" code is just access.

Thankfully Microsoft only shares their code with completely trustworthy
people.
http://news.theolympian.com/PalmNews...ess/12089.html

I think I'll start asking MS software users questions like "Can you name
31 governments you'd trust with special access to information revealing
vulnerabilities of your computers?"

--kyler