On Thu, 10 Nov 2005, Jay Belanger wrote:
Tainted binaries are rare, but they do exist. Trying to avoid them
seems like common sense.
(Tainted sources also exist, but they get spotted easier.)
There's an old saying (Finlay Peter Dunne)
Trust everyone, but cut the cards.
Not relying on binaries is, if nothing else, cutting the cards.
A fresh example (see Linux Weekly News). Somebody have inserted a
(licensed! original!) music CD from SONY into his Windows computer.
Windows autoruns some binaries from CDs. In this case, the binary had
inserted some spyware, and had modified some normal parts of Windows in
such a way that this spyware was (almost) impossible to notice. In other
words, a regular rootkit.
Moral: don't trust CDs with binaries from (seemingly) respectable large
companies.
Andrey
_______________________________________________
Axiom-developer mailing list
[email protected]
http://lists.nongnu.org/mailman/listinfo/axiom-developer
