Is Open Source safe? [Linux Weekly News]
Frank O'Dwyer
fod at brd.ie
Mon Nov 23 11:59:32 PST 1998
Jim Burnes - Denver wrote:
> Already proven. The emergent behavior of the Linux development model
> does not need centralized process to coordinate it. People who had
> access to the source and were aware of the teardrop attack hacked a
> patch to it almost immediately. The patch was widely available the
> next day. How long did it take for microsoft?
Agreed, but that's a different issue. Here we're talking about
deliberately inserted back doors. Those can get extremely nasty, and may
be unpatchable. Examples include "data kidnap" (encrypting the target's
information in situ and demanding a ransom for the decryption key), and
"data cancer" (slow corruption of the target's information, ensuring
that the backups are also corrupted). Quickly patching the software that
delivers those attacks isn't anough--you need a defence against it being
introduced and activated in the first place. I haven't heard of any real
examples of such attacks, but that's not especially comforting.
Cheers,
Frank O'Dwyer.
More information about the cypherpunks-legacy
mailing list