On Wednesday 21 March 2001 17:15, Rick Welykochy wrote:
> Hi Sluggers,
>
> Has anyone run across any evidence of distributed open-source
> binary packages (i.e. *not* compiled at home) that contain nasty
> code, trojans, worms, etc?
>
> Of course, your first line of defense is comparing MD5 sums, but
> even those can be changed to suit an altered binary.
>
> And a related question would be has anyone uncovered evidence of
> actual source code containing surreptitious bits of nastiness?
>
> --
> Rick Welykochy || Praxis Services Pty Limited
About three years back there was a widely used rpm that had a backdoor built
into it by a joker who had fixed a bug and introduced a backdoor at the same
time.
I cannot remember exactly what it was, but I remember it was major, like Bind
or FTP
Jon Carnes
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
