| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 15 Feb 2007 12:10:34 -0700 From: "Evans, Thomas" <ttevans@...kcorp.net> To: <bugtraq@...urityfocus.com> Subject: RE: Re[2]: Solaris telnet vulnberability - how many on your network? For some commentary on this issue, this is one man's thoughts. http://www.schneier.com/crypto-gram-0602.html#16 Tom Hawk Corporation ttevans@...kcorp.net 440-528-4045 Direct 440-498-2276 x 4045 Cell: 440-669-2526 Fax: 917-464-7241 -----Original Message----- From: Darren Reed [mailto:avalon@...igula.anu.edu.au] Sent: Thursday, February 15, 2007 1:49 AM To: Thierry@...ler.lu Cc: bugtraq@...urityfocus.com Subject: Re: Re[2]: Solaris telnet vulnberability - how many on your network? In some mail from Thierry Zoller, sie said: > > CDSC> real back doors are better > I like that tautologie, "real backdoors", what makes a backdoor more > real than another one ? Is it the coolness, the stealth ? Or is it > simply the fact that it gives back door access ? How about putting a backdoor into your C compiler such that it generates "special code" when it recognises it is compiling /bin/login that allows special access? That doesn't show up in any code audit of /bin/login... so you think about auditting the code that makes up the compiler.. where does the executable for that come from... and so on back.
Powered by blists - more mailing lists