Slashdot Mirror

← Back to Stories (view on slashdot.org)

Open Source Concerns: Trojan Horses In the Code

Posted by ryuzaki0 on from the put-on-the-asbestos dept.

crisco writes to us with an article from InternetWeek addressing the concern of "trojan horse programs concealed inside open source code that could create new security headaches for IT managers", as the article says. The article deals mainly with the BO2K issue, which makes the whole open source connection a bit of a stretch.

1 of 186 comments (clear)

  1. Where to begin... by J4 · · Score: 5

    Trojan horse programs concealed inside open source code could create new security headaches for IT managers. One such program released last week, BackOrifice 2000...

    BO2k isn't concealed inside another program..

    When virus writers moved to an open source model in 1996, there was an explosion in macro viruses,...

    Ah yes, I remember the good old days of proprietary virii...NOT.
    The explosion in macro virii wouldn't have anything to do with a program that
    could _host_ them now, would it?
    Like, I don't know, maybe MS Office?
    No mention of how much easier it is to construct
    a macro virus as opposed to a real virus done in, say, x86 assembler.

    Organizations "absolutely should be putting
    security measures in place if they use NT to a
    great degree" to thwart BO2K-specific attacks,
    said Drew Williams, director of Axent Technologies'
    SWAT Team.

    Hmm, not quite sure what to say about this one...
    Are they saying:
    A)You don't need security if you don't use NT
    B)You shouldn't use NT (I'll buy that)
    C)If you only have one NT box you don't have to worry
    D)Win9x, 3.1 aren't vulnerable

    Internet Security Systems researchers have
    already decoded BO2K protocols and encryption
    algorithms.

    Nice trick...somebody must have sent them the source
    code in an encrypted email, yeah, thats
    the ticket...

    Jason Garms, product manager for NT security at
    Microsoft, said the company will fix any known
    security vulnerabilities in its operating
    systems. "There's nothing wrong with [Microsoft]
    systems until Back Orifice is installed.

    Oh my.... Somebody should start
    a 12 step group for folks like this
    I detect some serious denial problems here.
    How much are these fixes going to cost?
    When can we expect delivery?
    Thats what I thought...

    Users on NT networks that
    exchange files and use Internet chat systems
    are at the highest risk....

    So..don't use your network to
    transfer files..just look at the pretty lights....

    The elite hacker group is banking on tools
    such as BO2K to eventually force Microsoft
    to correct security weaknesses in its operating
    systems.
    Security experts don't see the logic.
    "They didn't have to write code and
    release it to the public," said ICSA's Thompson.

    The bastards, how _dare_ they try
    to push around Micros~1!
    Who's the real victim here? Micros~1
    or the "Security Experts" who have to get
    off their well padded rear ends and do some work now?
    Oh wait, I guess security expert is a synonym for pundit now.

    Once the program is released,
    Axent's Williams expects an "immediate
    spike" in hacking activity
    on NT systems, but expects it to trickle down to
    some level of manageability.

    The program is already released, Sparky...
    I expect this is true if we use hacking in the
    proper sense as in "Micros~1 programmers fixing
    things up a bit"..
    Though I expect if you replace "hack" with "kludge"
    it'd be a little more accurate

    Now _this_ is the kind of story I expect to see on /...
    Just like backinaday ;P