Groups | Search | Server Info | Login | Register

Groups > comp.security.misc > #1539

Re: Finding backdoors

From Marco Moock <mm+usenet-es@dorfdsl.de>
Newsgroups comp.security.misc
Subject Re: Finding backdoors
Date 2024-09-26 20:15 +0200
Organization A noiseless patient Spider
Message-ID <vd48b7$8qf9$1@dont-email.me> (permalink)
References <vd3uf2$7ng3$1@dont-email.me>

Show all headers | View raw

On 26.09.2024 um 15:26 Uhr bp@www.zefox.net wrote:

> I'm looking for links to techniques for finding backdoors in software 
> and hardware. 

The only way is to learn the programming language, then check the code
and compile it yourself. Of course, the other stuff on you machine
(compiler, linker etc.) needs to be reviewed too, so a huge task no
single person can do.

> It's a matter of personal curiosity inspired by the exploding pager
> incident lately in the news and a call for banning certain software
> developers. An obvious question is whether use of open-source
> software is a meaningful help. Fuzzing seems an obvious choice, but
> slow. 

OSS has the benefit that the code is public any many people can look
inside. Although, that doesn't mean that anybody will have a look. The
sshd/liblzma backdoor proofed that again.

The more people look at it, the better it is, but this is not always
enough.

-- 
kind regards
Marco

Send spam to 1727357187muell@cartoonies.org

Back to comp.security.misc | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Finding backdoors <bp@www.zefox.net> - 2024-09-26 15:26 +0000
  Re: Finding backdoors Marco Moock <mm+usenet-es@dorfdsl.de> - 2024-09-26 20:15 +0200
    Re: Finding backdoors William Unruh <unruh@invalid.ca> - 2024-09-26 19:57 +0000
      Re: Finding backdoors Marco Moock <mm+usenet-es@dorfdsl.de> - 2024-09-27 17:31 +0200
        Re: Finding backdoors William Unruh <unruh@invalid.ca> - 2024-09-27 16:26 +0000
          Re: Finding backdoors Marco Moock <mm+usenet-es@dorfdsl.de> - 2024-09-27 20:11 +0200
  Re: Finding backdoors Richard Kettlewell <invalid@invalid.invalid> - 2024-09-28 10:09 +0100
    Re: Finding backdoors <bp@www.zefox.net> - 2024-10-01 04:01 +0000
      Re: Finding backdoors Richard Kettlewell <invalid@invalid.invalid> - 2024-10-01 16:44 +0100
      Re: Finding backdoors rlhamil@smart.net (Richard L. Hamilton) - 2024-10-18 21:04 +0000
        Re: Finding backdoors <bp@www.zefox.net> - 2024-10-18 23:37 +0000
          Re: Finding backdoors rlhamil@smart.net (Richard L. Hamilton) - 2024-10-19 02:20 +0000

csiph-web