On Fri, Dec 27, 2002 at 02:20:51AM -0800, Crispin Cowan wrote: > Correct: open source programs have made the press with these incidents, > because they were detected within a few days. Closed source programs may > well have nasty Trojans in them, but they will not make the press [..] We see it all the time. A particularly resented one is reported here: http://www.papyrusweb.ch/Quekese/BorlandDbBackdoor.asp The backdoor was introduced in 1994(!) and not widely reported until 2001. How many instances of "<foo> firewall router has {default passwords, hidden accounts, spews config info through {snmp, oddball packet}}" have you seen on bugtraq? I'm guessing around ten in the last year. Granted, those are different styles of trojans (inserted by the manufacturer, rather than those pesky hax0rs), but trojans none-the-less. Consider how many easter eggs you have found in commercial software? We probably all have our favourites. (I liked the excel flight sim.) Some of those trojans make the press, some don't... (Sure, their payload tends to be benign and cute..) -- United States of America: The world leader in short-sighted policy!
This archive was generated by hypermail 2b30 : Mon Jan 06 2003 - 19:55:04 PST