Slashdot Mirror

← Back to Stories (view on slashdot.org)

Do You Write Backdoors?

Posted by Cliff on from the is-'kt'-logged-in? dept.

quaxzarron asks: "I had a recent experience where one of our group of programmers wrote backdoors on some web applications we were developing, so that he could gain access to the main hosting server when the application went live. This got me thinking about how we are dependent on the integrity of the coders for the integrity of our applications. Yet in this case a more than casual glance would allow us to identify potentially malicious code. How does this work when the clients are companies who can't perform such checks - either because they don't know how, or because the code is too large or too complex? How often do companies developing code officially sanction backdoors...even if means calling them 'security features'? How often has the Slashdot crowd put a backdoor in the code they were developing either officially or otherwise? How sustainable is the 'trust' between the developer and the client?"

11 of 791 comments (clear)

  1. obligitory by Anonymous Coward · · Score: -1, Offtopic

    seinneew era sreenigne epacsten

  2. Re:trust... by klparrot · · Score: 1, Offtopic
    but when it came to stock option maturity time, I got laid-off

    How did that affect your ability to exercise your stock options? The options should have been mentioned in your employment contract as part of your salary.

    The employment contract, and the stock options themselves, are legally enforceable contracts. If they didn't let you excercise the options because you were laid off, it could be because you agreed to that possibility in the employment contract or in the contract of the stock option itself.

    If that wasn't in the contract, then you should be able to go after them to exercise your stock options.

  3. Re:trust... by photon317 · · Score: 0, Offtopic


    His situation mirrors one I was in a few years back with Worldcom. In my case, I was in a "long term" permanent position, with stock options being given to me every year, which each matured (became available to exercise) in 3 years and were valid for another 7 years. Given that stocks hsitory at the time, and the likelyhood that I would still be there after 10 years, it seemed like a really good deal.

    Right about when I reach the 3 year mark and my first set of options became available was right about when the stock peaked for good, though I didn't know it at the time. By the 4 year mark, the stock was pretty obviously on a downward trend, but the management line was "you guys are valuable coders, you're here for the long term, the options will recover before their 10 years are up".

    Sure enoughm, at around 4.5 years into the job, the options had reached zero value, and our whole building, irrespective of job function or worth to the company, was summarily laid off.

    Thanks, Corporate America, I owe you one.

    --
    11*43+456^2
  4. SUB7 by seeksoft · · Score: 0, Offtopic

    Sub7 for life!!! i will pwn you all -mobman

  5. um... I belive that's my stapler by Anonymous Coward · · Score: -1, Offtopic

    someone has to say something about a back door being part of the plot to office space,

    it's also a big part of wargames plot.

  6. In Soviet Russia... by birdman666 · · Score: -1, Offtopic

    Backdoors write you!

    --

    Nothing from nowhere I'm no one at all
    1. Re:In Soviet Russia... by rudy_wayne · · Score: -1, Offtopic

      In Soviet Russia, software goes in YOUR backdoor.

  7. Hmmm. Howard Roark. by namespan · · Score: 0, Offtopic

    I think there's an Ayn Rand novel with exactly this event as a plot device.

    It's not strictly comparable, though. A software application can be destroyed with no loss of materials or labor, and restored in a matter of minutes. A building can't.

    --
    Libertarianism is rich wolves and poor sheep playing gambler's ruin for dinner.
  8. Greeting Professor Falken by damien_kane · · Score: 0, Offtopic

    Would You Like to Play a Game?

  9. I know one by Anonymous Coward · · Score: -1, Offtopic

    I put a backdoor in windowsXP. If you want it please email me at IAmAHackerPleaseArrestMe@doj.gov and I will send it to you.

  10. Re:Deadlines by Anonymous Coward · · Score: -1, Offtopic
    To me, the best summary of Leroy Anderson the person is found in the "Idea Exchange" section of the September 1970 issue of The Instrumentalist. A high school viola player, named Linda, wrote to Anderson complaining about the parts that were assigned to the viola section. Her high school orchestra was performing three of his pieces, Fiddle Faddle, Sleigh Ride, and The Syncopated Clock. She found the viola parts to be "absolutely insulting" to her musicianship. She asked him,
    "you must know how frustrating it is to sit through an entire piece . . . while the other sections saw out beautiful melodies. Your parts treat us like a bunch of low-grade, moronic idiots! My five-year-old sister could play our part with ease! I really don't understand why you bothered writing us a part anyway. It's as if you had finished the score and someone came up and said, 'Hey, there's another instrument you forgot.' You shouldn't have troubled yourself because the part isn't worth the paper you printed it on! Please, please, please, give us a break. I'd admire you if I was out in the audience because all your pieces are fun to listen to. But, being a violist I can't help but hate you for the way you treat us."
    She closed and signed it with "I hope this letter is not insulting in any way . . . "

    Leroy Anderson's character comes shining through in his reply to Linda,

    "I was very much interested to receive your letter because I know exactly how you feel. You see, I used to play the double bass, and if you think those viola parts are dull, you should see the parts we bass players have to put up with. Mostly we just go 'zoom, zoom, zoom' all the way through the piece."
    Then he explained the process he went through to put a piece of music fixed in his mind to orchestration. How the part a particular instrument is assigned -- melody, accompaniment, countermelody, etc. -- depends on the music. He enclosed three pieces of his music which he said,
    "I can assure you that I try to make all the orchestra parts as interesting as possible, including the viola part. If you look at the enclosed viola parts . . . you will see that the violas have a lot of interesting melodic passages. And far from treating you like 'low-grade, moronic idiots,' . . . I have given the violas some pretty difficult passages to play. I hope you will have a chance to play these numbers someday. In the meantime, when you are playing the accompaniment, remember that this is just as important to the music as the melody. At least we bass players and viola players are better off than the poor triangle player who had to count 104 measures rest and then go 'ping!' Thank you for writing and best regards.

    Sincerely,

    Leroy Anderson

    P.S. The triangle player missed it."