For some commentary on this issue, this is one man's thoughts. http://www.schneier.com/crypto-gram-0602.html#16 Tom Hawk Corporation ttevans@xxxxxxxxxxxx 440-528-4045 Direct 440-498-2276 x 4045 Cell: 440-669-2526 Fax: 917-464-7241 -----Original Message----- From: Darren Reed [mailto:avalon@xxxxxxxxxxxxxxxxxxx] Sent: Thursday, February 15, 2007 1:49 AM To: Thierry@xxxxxxxxx Cc: bugtraq@xxxxxxxxxxxxxxxxx Subject: Re: Re[2]: Solaris telnet vulnberability - how many on your network? In some mail from Thierry Zoller, sie said: > > CDSC> real back doors are better > I like that tautologie, "real backdoors", what makes a backdoor more > real than another one ? Is it the coolness, the stealth ? Or is it > simply the fact that it gives back door access ? How about putting a backdoor into your C compiler such that it generates "special code" when it recognises it is compiling /bin/login that allows special access? That doesn't show up in any code audit of /bin/login... so you think about auditting the code that makes up the compiler.. where does the executable for that come from... and so on back.
