Brett, I have a few comments on this. a) You obviously do not understand the logic behind this GPL/Opensource backdoor thing. I'm not sure if I'm wasting my time here, but I will attempt to put this into other words. If the source is open, then anyone can analyze it, and find any backdoors no matter how obfsucated by code. If a user does not have the appropriate skill to do this, they should be aware that they are opening themselves up to possible attacks by obfuscated code. The responsibility for the effects of using this code, are then completely that users. This is stated under the GPL as: " 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES." bo2k is published under the GPL, and by using software published under the GPL, the user agrees to the above statement. As for binary distributions: If a user does not take the appropriate measures to scan any binary introduced into their system, they are again, opening their systems to danger. As Optyx posted, there are known commercial distributions of binaries that have been unknowingly infected by various virii. This does not by necessarily denote maliciousness on behalf of the publisher, or parties involved in the publication and distribution of the binary. As for the infection of ISO images: You are making an assumption about the process of burning the bo2k distribution CD's that voids your logic. This assumtion is that the virus was inserted directly, and purposely into the binary, that was then packaged into an ISO image. The executable may have resided on a system, in which it may have become infected by CIH, before the building of the burned ISO image, without the knowledge of the parties involved with building the ISO and burning it. There is no emprical proof, or way to determine how/what/when/why CIH got onto any given machine, ISO image, or CD involved with bo2k. I personally consider your usage of such non-emprical evidence in a news report to be incredibly unprofessional and biased. I would appreciate your feedback and response to these comments greatly. Thank you -t12
Slashdot Mirror
Sorry about the formatting, I am not very used to the slashdot posting interface, this being my first post :) -t12
Brett, I have a few comments on this. a) You obviously do not understand the logic behind this GPL/Opensource backdoor thing. I'm not sure if I'm wasting my time here, but I will attempt to put this into other words. If the source is open, then anyone can analyze it, and find any backdoors no matter how obfsucated by code. If a user does not have the appropriate skill to do this, they should be aware that they are opening themselves up to possible attacks by obfuscated code. The responsibility for the effects of using this code, are then completely that users. This is stated under the GPL as: " 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES." bo2k is published under the GPL, and by using software published under the GPL, the user agrees to the above statement. As for binary distributions: If a user does not take the appropriate measures to scan any binary introduced into their system, they are again, opening their systems to danger. As Optyx posted, there are known commercial distributions of binaries that have been unknowingly infected by various virii. This does not by necessarily denote maliciousness on behalf of the publisher, or parties involved in the publication and distribution of the binary. As for the infection of ISO images: You are making an assumption about the process of burning the bo2k distribution CD's that voids your logic. This assumtion is that the virus was inserted directly, and purposely into the binary, that was then packaged into an ISO image. The executable may have resided on a system, in which it may have become infected by CIH, before the building of the burned ISO image, without the knowledge of the parties involved with building the ISO and burning it. There is no emprical proof, or way to determine how/what/when/why CIH got onto any given machine, ISO image, or CD involved with bo2k. I personally consider your usage of such non-emprical evidence in a news report to be incredibly unprofessional and biased. I would appreciate your feedback and response to these comments greatly. Thank you -t12