mersenneforum.org  

Go Back   mersenneforum.org > Extra Stuff > Linux

Reply
 
Thread Tools
Old 2010-12-17, 00:44   #12
xilman
Bamboozled!
 
xilman's Avatar
 
"๐’‰บ๐’ŒŒ๐’‡ท๐’†ท๐’€ญ"
May 2003
Down not across

1165710 Posts
Default

Quote:
Originally Posted by Wacky View Post
I, too, think that this is a bunch of "conspiracy" BS.

Any true hidden backdoors are imbedded in things that are not "under public scrutiny". If Intel or some BIOS manufacturer has been "paid off" to intentionally place a "backdoor" in their hardware or boot_firmware, it might be difficult to detect.

In a similar vein, compromising a particular compiler (for example, gcc) to insert "backdoor" code, independent of the source code submitted, is hard to imagine and sustain.

Even if some trojan were introduced, it is questionable that it could lie totally hidden, without any "sleeper cell" tripping some alarm on un-compromised networks.
...
.
I also have serious doubts.

Note, however, that some backdoors are much more subtle than others and may be very difficult indeed to spot. Something which leaks a single bit of keymat once every few network transactions would be most unlikely to be spotted in a blackbox investigation. Properly done, it would be very difficult to discover even with full access to source code. The leaking code would quite probably look like a subtle bug of the sort which people make through carelessness all the time.

An ex-colleague of mine, now also ex-MSR Cambridge, yesterday posted the following statement to a security mailing list to which we both subscribe:
Any sufficiently advanced malice is indistinguishable from incompetence.
I can provide illustrations of the similar statement
Any sufficiently advanced incompetence is indistinguishable from malice.
and did so on the same mailing list.


Paul
xilman is offline   Reply With Quote
Old 2010-12-17, 02:03   #13
CRGreathouse
 
CRGreathouse's Avatar
 
Aug 2006

5,987 Posts
Default

I read a paper perhaps a year ago on this subject, and it seemed to support Paul's statement. (I don't imagine anyone knows the paper?)
CRGreathouse is offline   Reply With Quote
Old 2010-12-17, 02:33   #14
Mr. P-1
 
Mr. P-1's Avatar
 
Jun 2003

7×167 Posts
Default

Quote:
Originally Posted by xilman View Post
Any sufficiently advanced incompetence is indistinguishable from malice.
George Bush
Mr. P-1 is offline   Reply With Quote
Old 2010-12-17, 06:36   #15
retina
Undefined
 
retina's Avatar
 
"The unspeakable one"
Jun 2006
My evil lair

3·17·131 Posts
Default

Quote:
Originally Posted by Mr. P-1 View Post
By "hackers" do you mean "people interested in breaking into computers"? or "extremely talented programmers"?

I agree that the latter, particularly those who develop NetBSD, would probably have found them by now.
Hacking to break stuff versus programming to make stuff, while they do overlap a small amount, are still mostly different skill sets. Usually programmers concentrate strongly on getting the damn thing working. While hackers are concentrating on getting a working thing to work in different ways than it was intended. So the developers are probably not the best people to be finding the faults. It needs a fresh eye without the preconceptions about what the code is designed to do.
retina is online now   Reply With Quote
Old 2010-12-18, 05:52   #16
cheesehead
 
cheesehead's Avatar
 
"Richard B. Woods"
Aug 2002
Wisconsin USA

22×3×641 Posts
Default

Quote:
Originally Posted by retina View Post
So the developers are probably not the best people to be finding the faults. It needs a fresh eye without the preconceptions about what the code is designed to do.
When I was programming, my biggest mistakes and embarrassments were related to my unjustified assumptions. When I was testing someone else's code, it was all-too-easy to find such flaws.
cheesehead is offline   Reply With Quote
Reply

Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
mprime on OpenBSD 4.1 robo_mojo PrimeNet 5 2008-05-04 12:49
Running the client under OpenBSD 3.3 _ArJaN_ NFSNET Discussion 8 2004-05-05 13:42

All times are UTC. The time now is 06:31.


Wed Feb 1 06:31:41 UTC 2023 up 167 days, 4 hrs, 0 users, load averages: 1.25, 1.12, 1.02

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2023, Jelsoft Enterprises Ltd.

This forum has received and complied with 0 (zero) government requests for information.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.
A copy of the license is included in the FAQ.

โ‰  ยฑ โˆ“ รท ร— ยท โˆ’ โˆš โ€ฐ โŠ— โŠ• โŠ– โŠ˜ โŠ™ โ‰ค โ‰ฅ โ‰ฆ โ‰ง โ‰จ โ‰ฉ โ‰บ โ‰ป โ‰ผ โ‰ฝ โŠ โŠ โŠ‘ โŠ’ ยฒ ยณ ยฐ
โˆ  โˆŸ ยฐ โ‰… ~ โ€– โŸ‚ โซ›
โ‰ก โ‰œ โ‰ˆ โˆ โˆž โ‰ช โ‰ซ โŒŠโŒ‹ โŒˆโŒ‰ โˆ˜ โˆ โˆ โˆ‘ โˆง โˆจ โˆฉ โˆช โจ€ โŠ• โŠ— ๐–• ๐–– ๐–— โŠฒ โŠณ
โˆ… โˆ– โˆ โ†ฆ โ†ฃ โˆฉ โˆช โŠ† โŠ‚ โŠ„ โŠŠ โŠ‡ โŠƒ โŠ… โŠ‹ โŠ– โˆˆ โˆ‰ โˆ‹ โˆŒ โ„• โ„ค โ„š โ„ โ„‚ โ„ต โ„ถ โ„ท โ„ธ ๐“Ÿ
ยฌ โˆจ โˆง โŠ• โ†’ โ† โ‡’ โ‡ โ‡” โˆ€ โˆƒ โˆ„ โˆด โˆต โŠค โŠฅ โŠข โŠจ โซค โŠฃ โ€ฆ โ‹ฏ โ‹ฎ โ‹ฐ โ‹ฑ
โˆซ โˆฌ โˆญ โˆฎ โˆฏ โˆฐ โˆ‡ โˆ† ฮด โˆ‚ โ„ฑ โ„’ โ„“
๐›ข๐›ผ ๐›ฃ๐›ฝ ๐›ค๐›พ ๐›ฅ๐›ฟ ๐›ฆ๐œ€๐œ– ๐›ง๐œ ๐›จ๐œ‚ ๐›ฉ๐œƒ๐œ— ๐›ช๐œ„ ๐›ซ๐œ… ๐›ฌ๐œ† ๐›ญ๐œ‡ ๐›ฎ๐œˆ ๐›ฏ๐œ‰ ๐›ฐ๐œŠ ๐›ฑ๐œ‹ ๐›ฒ๐œŒ ๐›ด๐œŽ๐œ ๐›ต๐œ ๐›ถ๐œ ๐›ท๐œ™๐œ‘ ๐›ธ๐œ’ ๐›น๐œ“ ๐›บ๐œ”