Security Basics mailing list archives
Re: sendmail trojan
From: Alexandros Papadopoulos <apapadop () cmu edu>
Date: Wed, 16 Oct 2002 01:22:14 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday 09 October 2002 12:50, jnf wrote:
hi, ive got a question, it seems several oss programs of late have been trojaned at the provider level- which leads me to wonder if this is a message 'read your source', which made me wonder, are these trojans obvious? as in if you just scanned over the source would you see them? if anyone has a copy of some of the source that is trojaned, or knows where i could find some, it would be appreciated. thnx j
Frankly, even if the trojan was enclosed in <blink></blink> statements, in 80,000 lines of code it would be lost. It's not feasible for one single coder to proofread everything he/she compiles. You have to implicitly trust the coder/maintainer/distributor, I see no other way. - -A - -- http://www.andrew.cmu.edu/~apapadop/pub_key.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9rPeGgmAMwQt1gmURAtA0AJ9/N81Hyu100xokVq0c2vXZALt/egCfdGFd DAoKH5PmL2GPQk6aFJt4B0w= =7MAJ -----END PGP SIGNATURE-----
Current thread:
- sendmail trojan jnf (Oct 15)
- Re: sendmail trojan Alexandros Papadopoulos (Oct 17)
- RE: sendmail trojan Vince (Oct 17)
- Re: sendmail trojan Stephane Nasdrovisky (Oct 18)
- Re: sendmail trojan Alexandros Papadopoulos (Oct 18)
- <Possible follow-ups>
- RE: sendmail trojan Chris Santerre (Oct 21)
- Re: sendmail trojan Alexandros Papadopoulos (Oct 17)