[PLUG] OpenSSH trojaned

Jason Dagit dagit at engr.orst.edu
Thu Aug 1 20:20:09 UTC 2002


On 1 Aug 2002, AthlonRob wrote:

> On Thu, 2002-08-01 at 09:56, Anthony Schlemmer wrote:
> > I got an email on the SuSE security mailing list this morning on this.
> > It wasn't an issue for me since SuSE had built their OpenSSH package
> > from non-trojaned sources. I wonder if the anti-open source camps will
> > use this as an argument as to why closed-source is more secure?
>
> I think if they did, all the times Micro$oft let worm-infested software
> out would be brought back to light.  Hopefully M$ knows better than
> that.  :-)

And what about the time (I think within the last 6months) that a group
cracked the MS network and possibly got some source code....possibly
edited some source code.  How would us users know if we had trojan'd code
as a result.  We can't see the source to look for security flaws...and
backdoors.  I think if we wanted to stoop to the level of FUD that we have
plenty of ammo...but just because we can, doesn't mean we should.  Let
open source speak for itself, show them our strong points instead of
pointing out their weak points.  On and on...</way-to-personal-philosophy>

My $0.03,
Jason





More information about the PLUG mailing list