Re: sendmail trojan
From: Alexandros Papadopoulos (apapadop@cmu.edu)Date: 10/16/02
- Previous message: Naman Latif: "Microsoft ISA Server Vulnerabilities"
- In reply to: jnf : "sendmail trojan"
- Next in thread: Vince: "RE: sendmail trojan"
- Reply: Vince: "RE: sendmail trojan"
- Reply: Stephane Nasdrovisky: "Re: sendmail trojan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Alexandros Papadopoulos <apapadop@cmu.edu> To: profane@friction.net Date: Wed, 16 Oct 2002 01:22:14 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wednesday 09 October 2002 12:50, jnf wrote:
> hi, ive got a question, it seems several oss programs of late have been
> trojaned at the provider level- which leads me to wonder if this is a
> message 'read your source', which made me wonder, are these trojans
> obvious? as in if you just scanned over the source would you see them? if
> anyone has a copy of some of the source that is trojaned, or knows where i
> could find some, it would be appreciated. thnx
>
> j
Frankly, even if the trojan was enclosed in <blink></blink> statements, in
80,000 lines of code it would be lost. It's not feasible for one single coder
to proofread everything he/she compiles. You have to implicitly trust the
coder/maintainer/distributor, I see no other way.
- -A
- --
http://www.andrew.cmu.edu/~apapadop/pub_key.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
iD8DBQE9rPeGgmAMwQt1gmURAtA0AJ9/N81Hyu100xokVq0c2vXZALt/egCfdGFd
DAoKH5PmL2GPQk6aFJt4B0w=
=7MAJ
-----END PGP SIGNATURE-----
- Previous message: Naman Latif: "Microsoft ISA Server Vulnerabilities"
- In reply to: jnf : "sendmail trojan"
- Next in thread: Vince: "RE: sendmail trojan"
- Reply: Vince: "RE: sendmail trojan"
- Reply: Stephane Nasdrovisky: "Re: sendmail trojan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
