oss-sec mailing list archives

Re: Trojan Source Attacks

From: Michael Orlitzky <michael () orlitzky com>
Date: Tue, 02 Nov 2021 14:51:16 -0400

On Tue, 2021-11-02 at 10:05 -0700, David A. Wheeler wrote:


Underhanded code is, I think, significantly different. Instead of being clearly hard to understand,
It’s designed to be (1) easy to understand WRONGLY, (2) look innocent, and
(3) do something malevolent.


I'm reminded also of this attack, where the "source code" is some
command you're supposed to execute via copy/paste:

  http://thejh.net/misc/website-terminal-copy-paste

Current thread:

Re: Trojan Source Attacks, (continued)
- Re: Trojan Source Attacks Jan Engelhardt (Nov 01)
  - Re: Trojan Source Attacks Perry E. Metzger (Nov 01)
    - Re: Trojan Source Attacks Jan Engelhardt (Nov 01)
    - Re: Trojan Source Attacks Siddhesh Poyarekar (Nov 01)
    - Re: Trojan Source Attacks Stuart D Gathman (Nov 02)
    - Re: Trojan Source Attacks Seth Arnold (Nov 02)
  - Re: Trojan Source Attacks Santiago Torres (Nov 01)
- Re: Trojan Source Attacks David A. Wheeler (Nov 02)
  - Re: Trojan Source Attacks Josh Bressers (Nov 02)
    - Re: Trojan Source Attacks David A. Wheeler (Nov 02)
    - Re: Trojan Source Attacks Michael Orlitzky (Nov 02)
- Re: Trojan Source Attacks Stuart D Gathman (Nov 02)
- Re: Trojan Source Attacks Georgi Guninski (Nov 04)
  - Re: Trojan Source Attacks Leonid Isaev (ifax) (Nov 04)