lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed, 3 Sep 2008 09:45:12 +0200
From: Gabriele Zanoni <gabriele.zanoni@...urenetwork.it>
To: bugtraq@...urityfocus.com
Cc: Steve.Coleman@...apl.edu
Subject: Re: In search of examples of malicious source code


I think this site could be usefull for your research:
http://www.offensivecomputing.net/

Regards / Cordiali saluti,

Gabriele Zanoni

Secure Network S.r.l.
Via Venezia, 23 - 20099 Sesto San Giovanni (MI) - Italia
Tel: +39 02.24126788 Mobile: +39 340.4820795
email: g.zanoni@...urenetwork.it
web: www.securenetwork.it


Il Tuesday 02 September 2008 12:06:47 Steve.Coleman@...apl.edu ha scritto:
> I am currently working on a research project and designing an application
> specifically aimed at locating malicious logic embedded in source code
> (C/C++ for now, other languages will be addressed later). As a test of the
> future implementation I would like to use as many real life examples of
> code as possible. Anything that was known to have been compromised, had a
> backdoor, easter egg, or other forms of malicious or undesired logic would
> make a good test, or at least be a 'more fair' test than anything I might
> write myself.
>
> Because those malicious versions of Open Source projects are usually taken
> off line just as soon as the incident is discovered, I am having a
> difficult time in tracking down the specific examples that I am currently
> aware of. I therefore would like to ask if anyone out there knows of any
> collection/repository of malicious source code? If not, does anyone have
> suggestions on specific version numbers of Open Source projects (or
> available proprietary code) that I should be looking for across all the
> various Internet archives?
>
> Thanks in advance!
>
> btw - Just to keep this thread even remotely on topic the answer is yes, I
> am well aware that you can not prove a negative. So, we don't need to go
> there. ;)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ