Full Disclosure mailing list archives
Re: Multiple Backdoors found in eEye Products (IRIS and Secure
From: Blue Boar <BlueBoar () thievco com>
Date: Sun, 02 Jan 2005 20:27:09 -0800
Dave Aitel wrote:
Of course, this sort of thing is basically impossible to disprove - especially without source.
If I were looking for a well-hidden backdoor, I wouldn't bother with source. There's no guarantee that a particular binary was produced by a particular group of source unless you can compile it yourself to the same set of bytes. Even then, you've got no guarantee the backdoor isn't introduced as part of the build process or a compiler quirk, rather than being in the source.
As for proof in this particular case, I find the claim rather extraordinary, so I would place the burden of proof on the claimer. Let's see an exploit.
BB _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Multiple Backdoors found in eEye Products (IRIS and Secure Lance Gusto (Jan 06)
- Re: Multiple Backdoors found in eEye Products (IRIS and Secure Dave Aitel (Jan 02)
- Re: Multiple Backdoors found in eEye Products (IRIS and Secure Blue Boar (Jan 06)
- Re: Multiple Backdoors found in eEye Products (IRIS and Secure Paul Schmehl (Jan 06)
- Re: Multiple Backdoors found in eEye Products (IRIS and Secure Blue Boar (Jan 06)
- Re: Multiple Backdoors found in eEye Products (IRIS and Secure Dave Aitel (Jan 02)