lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <41D8C99D.1090304@thievco.com>
From: BlueBoar at thievco.com (Blue Boar)
Subject: Multiple Backdoors found in eEye Products (IRIS
	and Secure

Dave Aitel wrote:
> Of course, this sort of thing is basically impossible to disprove - 
> especially without source.

If I were looking for a well-hidden backdoor, I wouldn't bother with 
source.  There's no guarantee that a particular binary was produced by a 
particular group of source unless you can compile it yourself to the 
same set of bytes.  Even then, you've got no guarantee the backdoor 
isn't introduced as part of the build process or a compiler quirk, 
rather than being in the source.

As for proof in this particular case, I find the claim rather 
extraordinary, so I would place the burden of proof on the claimer. 
Let's see an exploit.

					BB

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ