| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Linux Kernel "Back Door" Attempted | |
|
||
| Time: 14:27 EST/19:27 GMT | News Source: OS News | Posted By: Jonathan Tigner | ||
|
KernelTrap has a very interesting article about a recent attempt to sneak a "back door" into the Linux 2.6 kernel. Evidently someone managed to break into the CVS server that mirrors the kernel source tree and add a small patch allowing one to locally obtain "root" super-user access. Fortunately, during an export from the master BitKeeper version of the kernel source tree into the CVS mirror, the change was detected and quickly removed. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 318 Last | Next |
The time now is
3:53:48 PM
ET.
Any comment problems? E-mail us |
| #1 By 415 (199.8.64.215) at 11/6/2003 3:36:08 PM |
|
Those pesky hackers, always attempting the "back door" ...
:-p |
| #2 By 16451 (63.227.226.13) at 11/6/2003 4:25:58 PM |
|
>>> I wonder how many other backdoors have already been placed into linux??
And I wonder how many MS has placed into Windows. |
| #3 By 2332 (216.41.45.78) at 11/6/2003 4:41:41 PM |
|
#4 - And I wonder how many MS has placed into Windows.
Chances are, none. Why? It's called accountability. If a backdoor is found in Windows, Microsoft is screwed. Who is screwed if a backdoor is found in Linux? |
| #4 By 1124 (165.170.128.65) at 11/6/2003 5:01:52 PM |
| Good point RMD :) |
| #5 By 1845 (12.209.152.69) at 11/6/2003 5:09:08 PM |
|
RH7.3, rathering than owning up to the problem, you deflected. Good one! This post was edited by BobSmith on Thursday, November 06, 2003 at 17:09. |
| #6 By 3339 (64.160.58.135) at 11/6/2003 5:12:30 PM |
|
What problem? It seems like it was rather easily detected and removed.
Kind of kills the absurd claims of parker and others that just about anyone can easily drop backdoors in and that there are probably hundreds of them, doesn't it? |
| #7 By 1845 (12.209.152.69) at 11/6/2003 5:26:11 PM |
|
It does no such thing, jerk. For every roach you see, how many hundreds are hiding? So they caught one, how many didn't they catch? What can you point to as verification that they have caught them all? Yep, that's right, nothing. This post was edited by BobSmith on Thursday, November 06, 2003 at 17:26. |
| #8 By 3339 (64.160.58.135) at 11/6/2003 5:52:30 PM |
| Uhh, let's see: the fact they do checksums on every contribution. And this is on the CVS version. It then goes through further checks before being added to the main BK repository. |
| #9 By 3339 (64.160.58.135) at 11/6/2003 6:34:56 PM |
| too bad GNU's servers have nothing to do with the whole distributed BitKeeper system, parker. |
| #10 By 1845 (12.209.152.69) at 11/6/2003 7:21:19 PM |
| You take the locks out of your Windows systems, cba? Sounds like very foolish administration on your part. |
| #11 By 7797 (64.244.109.161) at 11/6/2003 7:42:24 PM |
|
" You take the locks out of your Windows systems, cba? Sounds like very foolish administration on your part."
Last time I installed XP the first user had admin rights and no password by default and the firewall disabled. In other words the alarm system was off and the door was not just unlocked but wide open. |
| #12 By 3339 (64.160.58.135) at 11/6/2003 9:57:57 PM |
|
parker, as always, what you fail to understand is that gnuftp was just a distribution/storage location; whereas the central and "originary" source of the linux kernal is preserved in a distributed fashion behind CVS and then BitKeeper as an additional measure. Even if Linux or any other software was modified at gnuftp it is not the primary and originary source of code.
How many times do we have to explain this to you? |
| #13 By 2332 (65.221.182.2) at 11/7/2003 1:34:40 AM |
|
I'm not so sure that all of this shows that there is a greater potential for backdoors in Linux than in closed source software.
What I'm suggesting is that IF there is a back door, there is nobody who really has to own up to it. There is no single company that is responsible. For those companies that want to distribute Linux in some fashion, they either have to go through the code all themselves (a pretty daunting and expensive task), or have their customers agree that they are not responsible for what the code does. Either way, it's not an acceptable risk as far as I'm concerned. If Microsoft has a back door, there are some nice, deep pockets to suit the crap out of. Not only are there no deep pockets with Linux, there are no pockets at all. |
| #14 By 16451 (65.19.17.162) at 11/7/2003 8:38:40 AM |
|
>>> If Microsoft has a back door, there are some nice, deep pockets to suit the crap out of.
Yes, and Microsoft has lost in court many, many times in the past decade. But what is the point of that, when never in any of those cases has a court or government been able to impose a fine or sanction that was of such magnitude as to give Microsoft any pause. They just shake it off and go about their business without any more concern than you would have if a mosquito bit you. |
| #15 By 2332 (65.221.182.2) at 11/7/2003 9:52:19 AM |
|
#24 - I think you're missing the point.
It's not a question of punishing somebody, nor is it a question of changing them. If there is nobody that can be held responsible for a backdoor in Linux, then there is no way to recoup your losses. At least if you can suit somebody, you have a chance at recovery. |
| #16 By 16451 (63.227.226.13) at 11/7/2003 10:24:30 AM |
|
From a typical Microsoft license:
DISCLAIMER OF WARRANTIES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MICROSOFT AND ITS SUPPLIERS PROVIDE TO YOU THE OS COMPONENTS, AND ANY (IF ANY) SUPPORT SERVICES RELATED TO THE OS COMPONENTS ("SUPPORT SERVICES") AS IS AND WITH ALL FAULTS; AND MICROSOFT AND ITS SUPPLIERS HEREBY DISCLAIM WITH RESPECT TO THE OS COMPONENTS AND SUPPORT SERVICES ALL WARRANTIES, DUTIES AND CONDITIONS, WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY (IF ANY) WARRANTIES OR CONDITIONS OF OR RELATED TO: TITLE, NON-INFRINGEMENT, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, LACK OF VIRUSES, ACCURACY OR COMPLETENESS OF RESPONSES, RESULTS, WORKMANLIKE EFFORT, LACK OF NEGLIGENCE, QUIET ENJOYMENT, QUIET POSSESSION, AND CORRESPONDENCE TO DESCRIPTION. THE ENTIRE RISK ARISING OUT OF USE OR PERFORMANCE OF THE OS COMPONENTS AND ANY SUPPORT SERVICES REMAINS WITH YOU. EXCLUSION OF INCIDENTAL, CONSEQUENTIAL AND CERTAIN OTHER DAMAGES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL MICROSOFT OR ITS SUPPLIERS BE LIABLE FOR ANY SPECIAL, INCIDENTAL, INDIRECT, PUNITIVE, OR CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING, BUT NOT LIMITED TO, DAMAGES FOR: LOSS OF PROFITS, LOSS OF CONFIDENTIAL OR OTHER INFORMATION, BUSINESS INTERRUPTION, PERSONAL INJURY, LOSS OF PRIVACY, FAILURE TO MEET ANY DUTY (INCLUDING OF GOOD FAITH OR OF REASONABLE CARE), NEGLIGENCE, AND ANY OTHER PECUNIARY OR OTHER LOSS WHATSOEVER) ARISING OUT OF OR IN ANY WAY RELATED TO THE USE OF OR INABILITY TO USE THE OS COMPONENTS OR THE SUPPORT SERVICES, OR THE PROVISION OF OR FAILURE TO PROVIDE SUPPORT SERVICES, OR OTHERWISE UNDER OR IN CONNECTION WITH ANY PROVISION OF THIS SUPPLEMENTAL EULA, EVEN IF MICROSOFT OR ANY SUPPLIER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. LIMITATION OF LIABILITY AND REMEDIES. NOTWITHSTANDING ANY DAMAGES THAT YOU MIGHT INCUR FOR ANY REASON WHATSOEVER (INCLUDING, WITHOUT LIMITATION, ALL DAMAGES REFERENCED ABOVE AND ALL DIRECT OR GENERAL DAMAGES), THE ENTIRE LIABILITY OF MICROSOFT AND ANY OF ITS SUPPLIERS UNDER ANY PROVISION OF THIS SUPPLEMENTAL EULA AND YOUR EXCLUSIVE REMEDY FOR ALL OF THE FOREGOING SHALL BE LIMITED TO THE GREATER OF THE AMOUNT ACTUALLY PAID BY YOU FOR THE OS COMPONENTS OR U.S.$5.00. THE FOREGOING LIMITATIONS, EXCLUSIONS AND DISCLAIMERS SHALL APPLY TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, EVEN IF ANY REMEDY FAILS ITS ESSENTIAL PURPOSE. That doesn't leave much room for your lawsuit. |
| #17 By 3339 (64.160.58.135) at 11/7/2003 1:11:39 PM |
|
RMD besides what RH7 has posted, do you feel you coulds successfully sue MS? How long would it take? 3 years? 7 years? How much would it cost (whether you win or lose, could your company handle the cost over the length of the case)? 100,000? 500,000? 3,000,000? How much?
And also, you act as if MS acts as one person with the same goals, values, liabilities, etc... I'm sure it would be difficult for one employee to act indepedently, but who says everyone, every single individual at MS, is really concerned about MS's legal liabilities. A disgruntled employee with the right access and skills could undermine your imaginary but well-intentioned exposed-to-liability-even-though-they-disavow-liability Microsoft. |
| #18 By 135 (209.180.28.6) at 11/7/2003 3:44:48 PM |
|
X - GNU knew about the compromise for months prior to actually announcing it. They finally announced it the same day as something else major happening in the news, so it would be buried.
It's called spin. We don't really know how open this community is, given their predisposition for hiding really bad news. "I also appreciate the Linux community open business model." If only there was a business model I would be more impressed. |
| #19 By 2332 (65.221.182.2) at 11/7/2003 6:41:32 PM |
|
Sorry to burst all your bubbles, but if Microsoft intentionally included a backdoor in their source code, the EULA wouldn't mean squat.
They would absolutely be held responsible. Both by the markets and by the law. The fact is, the same cannot be said of Linux. |
| #20 By 16451 (63.227.226.13) at 11/7/2003 6:55:39 PM |
|
>>> They would absolutely be held responsible. Both by the markets and by the law.
Would you care to post your legal theory and precidents please? |
| #21 By 3339 (64.160.58.135) at 11/7/2003 7:19:39 PM |
|
" but if Microsoft intentionally included a backdoor in their source code "
And what if an employee did so without MS knowing... What if MS did so unintentionally, but employees knew so and exploited it... Sorry, RMD, but the bubble burst all over your face yesterday. This post was edited by sodajerk on Friday, November 07, 2003 at 20:00. |
| #22 By 20 (67.9.179.51) at 11/8/2003 7:12:00 PM |
|
sodajerk#38: You don't think MS has change control?
Besides, having an employee sneak it in isn't nearly as bad as having an outside hacker whore your system. Sure, they caught on the back side THIS TIME. But the fact that the hacker got in in the first place is the concerning part. I thought Windows was the unsecure OS? How come the majority of hacks and defacements that occur happen on Linux boxes? |
|
Write Comment
Return to News |
Displaying 1 through 25 of 318 Last | Next |
The time now is
3:53:48 PM
ET.
Any comment problems? E-mail us |
