On TV.com: TOP 10 Shows CANCELED Too Soon
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 51 of 73:
Next »
« Previous
Actually, belay that stupid comment
Reading up on it, it was an extremely clever hack, installed by someone with real industrial-level knowledge and a clear desire to try and compromise the code. I'm not convinced it would have lasted long, even if it had got into the build source code, since it attempts to emulate a buffer overflow: a common target of regular bugfixes and corrections which take place during kernel development (since the source code is available, these things can be checked).

However, the fact that they knew so much and yet seemed unaware of the security systems built in to catch this kind of attack is surprising. It does, however, illustrate perfectly that keystone of security, detection, which is so very well expressed within the FreeBSD Handbook (section 10.1):
"...what you want to do is to create as many layers of security as are convenient and then carefully monitor the system for intrusions. You do not want to overbuild your security or you will interfere with the detection side, and detection is one of the single most important aspects of any security mechanism."
(in other words, don't just "secure the perimeter" and imagine you are safe).
Posted by: dw@...   Posted on: 11/07/03 You are currently: a Guest | Members login | Terms of Use
Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

Loverock!!!!!  Jose Jimenez | 11/06/03
hmmmm  ryusen | 11/06/03
Where's the story?  jasonp@... | 11/06/03
what trojan was that?  JoeMama_z | 11/06/03
This one perhaps  Jose Jimenez | 11/06/03
Re: what trojan was that?  WhoIsDaMan | 11/06/03
ZDNET FIX YOUR ******* LOGGON  JoeMama_z | 11/06/03
they got taken on this upgrade  lmaxwell | 11/06/03
time to downgrade  Chris Moller | 11/07/03
No, I didn't miss the point, you did....  quietLee | 11/07/03
Well you missed part of it.  Cardinal_Bill | 11/07/03
Pointedly...  zkiwi | 11/07/03
probly home brew  engel000 | 12/09/03
We KNOW who every contibutor is?  No_Ax_to_Grind | 11/06/03
Known Contributors  michael-t | 11/06/03
re: We KNOW who every contibutor is?  Iain_Peters | 11/07/03
you want him to read it?  blahblahblah | 11/07/03
You fool  Enton Eller | 11/07/03
Hack vs. Submission  Still Lynn | 11/07/03
at it again 'eh Bit?  blahblahblah | 11/07/03
Is it possible this is how..  No_Ax_to_Grind | 11/07/03
There is?  tic swayback | 11/07/03
tic, come on...  No_Ax_to_Grind | 11/07/03
And yet...  MarcB_z | 11/07/03
piss me off  engel000 | 12/09/03
NO  MarcB_z | 11/07/03
Are you really this limited?  No_Ax_to_Grind | 11/07/03
Are you lacking in basic comprehension skills?  MarcB_z | 11/07/03
And we KNOW where it came from.  No_Ax_to_Grind | 11/07/03
To Bit, the two-bit $hill  MarcB_z | 11/07/03
it's real simple logic  ryusen | 11/07/03
Successful Linux hack  Anton Philidor | 11/07/03
SCO code is flawed  voska | 11/07/03
No, Bit, the flaw...  Damon K | 11/07/03
Pity poor Bitty  MarcB_z | 11/07/03
You damned fool  Enton Eller | 11/07/03
Flipped your Bit to channelling for Darl?  Robert Crocker | 11/07/03
Duh...  zkiwi | 11/07/03
Oh puh,leeze  Robert Crocker | 11/07/03
And don't forget to mention the FUD statement  sunergeos | 11/06/03
News Headlines  NoB$ | 11/06/03
Remarkable Security  michael-t | 11/06/03
Not really  John Zern | 11/06/03
at what point?  stephen732@... | 11/06/03
Hers the line I was curious about  John Zern | 11/06/03
NOTHING!  stephen732@... | 11/06/03
Compromise ...  Still Lynn | 11/07/03
*NEW* To Talkback Web Master re: *NEW*  Peter Komisar | 11/06/03
These talkbacks STINK  Enton Eller | 11/07/03
There's some optimisits in this world, aren't there  dw@... | 11/07/03
Actually, belay that stupid comment  dw@... | 11/07/03
Good catch  FilledOut | 11/07/03
'Microsoft code has had similar problems'  Robert Carnegie | 11/07/03
What has MS to do with this story?  No_Ax_to_Grind | 11/07/03
RTFA  Michael Kelly | 11/07/03
I seem to remeber something like this  voska | 11/07/03
Funniest post all week...  BitTwiddler | 11/07/03
Simple comparison  voska | 11/07/03
Microsoft has had a fox in the hen house  rgriffith64@... | 11/07/03
RE: 'Microsoft code has had similar problems'  jasonp@... | 11/07/03
Can you point us at an article regarding this?  Elsa | 11/07/03
I see now...  Elsa | 11/07/03
Re: your message  Enton Eller | 11/07/03
Thanks, guys  Robert Carnegie | 11/07/03
No explanation not surprising  jasonp@... | 11/07/03
Good job 'Bit', the real one!  Ardian Daka | 11/07/03
M$ plot failed  screaming silence | 11/07/03
ROFL! (N/T)  Damon K | 11/07/03
Passionate defense of Linux  dliles@... | 11/07/03
What Problem?  MarcB_z | 11/07/03
Why don't you take your post .....  Jose Jimenez | 11/07/03
defense of Linux  jasonp@... | 11/07/03
Ok, so what's the problem ?  BitTwiddler | 11/07/03

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
advertisement

Enterprise Applications

  • Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
  • New Online Dashboard
  • Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline