I thought it was in the wild for years before Thompson told the world about it?<br><br>ie. I thought early generation unix systems all had the backdoor that allowed Thompson in.<br><br>I'm curious if I have that right, or if he just described a potential backdoor / trojan.<br>
<br>Greg <br><br><div class="gmail_quote">On Wed, Oct 13, 2010 at 2:30 PM, Charles Shapiro <span dir="ltr"><<a href="mailto:hooterpincher@gmail.com">hooterpincher@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
Wow, that's so khewl!<br>
<br>
I was given to understand that Ken Thompson's idea has not been seen<br>
in the wild. But then again, that doesn't mean it hasn't happened.<br>
<br>
-- CHS<br>
<div><div></div><div class="h5"><br>
<br>
On Wed, Oct 13, 2010 at 2:18 PM, Lightner, Jeff <<a href="mailto:jlightner@water.com">jlightner@water.com</a>> wrote:<br>
> HP once did a sort of strange loop to one of my former employers accidentally. They put out a HP-UX patch that changed the way the kernel got recompiled after applying kernel patches. The patch that did the change installed fine but any subsequent kernel patch would bomb due to errors in the earlier patch that did the change. In HP-UX one typically applies patch bundles with dozens if not hundreds of patches so determining what broke everything was rather difficult. You'd see the kernel patch blowup and assume that was the problem but then when you'd remove it and install the rest of the bundle it would blow up on the next kernel patch.<br>
><br>
> What made all this worse, was the person who initially applied the patch bundle rendered the system she was working on unbootable. Rather than stopping to troubleshoot she then went ahead and applied the same bundle to the next server and was surprised when it broke too.<br>
><br>
> -----Original Message-----<br>
> From: <a href="mailto:ale-bounces@ale.org">ale-bounces@ale.org</a> [mailto:<a href="mailto:ale-bounces@ale.org">ale-bounces@ale.org</a>] On Behalf Of Charles Shapiro<br>
> Sent: Wednesday, October 13, 2010 1:58 PM<br>
> To: <a href="mailto:rfaulkner@34thprs.org">rfaulkner@34thprs.org</a>; Atlanta Linux Enthusiasts - Yes! We run Linux!<br>
> Subject: Re: [ale] China chooses FreeBSD as basis for secure OS<br>
><br>
> Sure. All you need is source to the compiler they're using, and you<br>
> only need that once. Ken Thompson described it first.<br>
> ( <a href="http://scienceblogs.com/goodmath/2007/04/strange_loops_dennis_ritchie_a.php" target="_blank">http://scienceblogs.com/goodmath/2007/04/strange_loops_dennis_ritchie_a.php</a> ).<br>
><br>
> -- CHS<br>
><br>
><br>
> On Wed, Oct 13, 2010 at 1:34 PM, Richard Faulkner <<a href="mailto:rfaulkner@34thprs.org">rfaulkner@34thprs.org</a>> wrote:<br>
>> Okay...this then brings up an interesting proposition. Is it possible to<br>
>> build a tenable backdoor in a distro that would go unnoticed at source code<br>
>> level? For security purposes would it be better to develop (as a state)<br>
>> your own updates rather than take distro updates from source? Could this<br>
>> mark a threat to security as we see it?<br>
>><br>
>> Please keep in mind that I'm new to Linux and NOT a programmer...more of a<br>
>> designer.<br>
>><br>
>><br>
>> -----Original Message-----<br>
>> From: <a href="mailto:wolf@wolfhalton.info">wolf@wolfhalton.info</a> <<a href="mailto:wolf@wolfhalton.info">wolf@wolfhalton.info</a>><br>
>> Reply-to: Atlanta Linux Enthusiasts - Yes! We run Linux! <<a href="mailto:ale@ale.org">ale@ale.org</a>><br>
>> To: <a href="mailto:mhw@wittsend.com">mhw@wittsend.com</a>, Atlanta Linux Enthusiasts - Yes! We run Linux!<br>
>> <<a href="mailto:ale@ale.org">ale@ale.org</a>><br>
>> Subject: Re: [ale] China chooses FreeBSD as basis for secure OS<br>
>> Date: Tue, 12 Oct 2010 21:35:02 -0400<br>
>><br>
>> It would at least be a little more of a challenge than Window$<br>
>><br>
>> -----Original Message-----<br>
>> From: Michael H. Warfield <<a href="mailto:mhw@wittsend.com">mhw@wittsend.com</a>><br>
>> Reply-to: <a href="mailto:mhw@wittsend.com">mhw@wittsend.com</a>, Atlanta Linux Enthusiasts - Yes! We run Linux!<br>
>> <<a href="mailto:ale@ale.org">ale@ale.org</a>><br>
>> To: Atlanta Linux Enthusiasts - Yes! We run Linux! <<a href="mailto:ale@ale.org">ale@ale.org</a>><br>
>> Cc: <a href="mailto:mhw@wittsend.com">mhw@wittsend.com</a><br>
>> Subject: Re: [ale] China chooses FreeBSD as basis for secure OS<br>
>> Date: Tue, 12 Oct 2010 17:26:40 -0400<br>
>><br>
>> On Tue, 2010-10-12 at 15:58 -0400, Chuck Payne wrote:<br>
>>> On Tue, Oct 12, 2010 at 3:13 PM, George Allen <<a href="mailto:glallen01@gmail.com">glallen01@gmail.com</a>> wrote:<br>
>>> > Apparently China is moving their entire Dept of Defense to a hardened<br>
>>> > version of FreeBSD.<br>
>>> > <a href="http://blogs.techrepublic.com.com/security/?p=1682" target="_blank">http://blogs.techrepublic.com.com/security/?p=1682</a><br>
>>> > _______________________________________________<br>
>>> > Ale mailing list<br>
>>> > <a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
>>> > <a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
>>> > See JOBS, ANNOUNCE and SCHOOLS lists at<br>
>>> > <a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
>>> ><br>
>><br>
>>> Good Choose.<br>
>><br>
>> I presume you meant choice and I concur. Give that some reports are<br>
>> putting the level of Stuxnet infections at over 1 million machines in<br>
>> Iran and more than 6 million machines in China, anything, other that<br>
>> Windows, would be a smooth move. Nobody really knows who is behind the<br>
>> Stuxnet but I would put it at 99% probability that it's "state<br>
>> sponsored" and the leading contenders are Israel, the US, and Russia.<br>
>> Unfortunately, any of those players are more than capable of building<br>
>> something nasty for FreeBSD or Linux, or even OpenBSD if they really set<br>
>> their minds to it.<br>
>><br>
>> Regards,<br>
>> Mike<br>
>> _______________________________________________<br>
>> Ale mailing list<br>
>> <a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
>> <a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
>> See JOBS, ANNOUNCE and SCHOOLS lists at<br>
>> <a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
>><br>
>> _______________________________________________<br>
>> Ale mailing list<br>
>> <a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
>> <a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
>> See JOBS, ANNOUNCE and SCHOOLS lists at<br>
>> <a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
>><br>
>><br>
>> _______________________________________________<br>
>> Ale mailing list<br>
>> <a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
>> <a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
>> See JOBS, ANNOUNCE and SCHOOLS lists at<br>
>> <a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
>><br>
>><br>
><br>
> _______________________________________________<br>
> Ale mailing list<br>
> <a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
> <a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
> See JOBS, ANNOUNCE and SCHOOLS lists at<br>
> <a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
><br>
> Proud partner. Susan G. Komen for the Cure.<br>
><br>
> Please consider our environment before printing this e-mail or attachments.<br>
> ----------------------------------<br>
> CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.<br>
> ----------------------------------<br>
><br>
> _______________________________________________<br>
> Ale mailing list<br>
> <a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
> <a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
> See JOBS, ANNOUNCE and SCHOOLS lists at<br>
> <a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
><br>
<br>
_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Greg Freemyer<br>Head of EDD Tape Extraction and Processing team<br>Litigation Triage Solutions Specialist<br><a href="http://www.linkedin.com/in/gregfreemyer">http://www.linkedin.com/in/gregfreemyer</a><br>
CNN/TruTV Aired Forensic Imaging Demo -<br> <a href="http://insession.blogs.cnn.com/2010/03/23/how-computer-evidence-gets-retrieved/">http://insession.blogs.cnn.com/2010/03/23/how-computer-evidence-gets-retrieved/</a><br>
<br>The Norcross Group<br>The Intersection of Evidence & Technology<br><a href="http://www.norcrossgroup.com">http://www.norcrossgroup.com</a><br>