View Full Version : Linux source code repository compromised.

12-11-2003, 06:21:09

I guess there's a first time for everything. This is the first time I've heard of anybody trying to create a backdoor by breaking in and editing the code.

12-11-2003, 06:33:08
It's not the first time. Not even close. Several (at least a dozen known in the Security community) have been known in the last 2 years. Very common happening. Average time between planting of a vulnerability/backdoor in Linux source code and discovery/publication on the Security communities is just under 4 years, currently. If the plant gets past the first week, undiscovered, anyways. So... normally, it's either found out very quickly, or never (in Internet time).

Open source gets "hacked" all the time. The only question is if its more or less then "closed" source. Closed source providers (Oracle, Microsoft, etc) do get hacked. They just don't tell the public how often. Or how severe, most of the time. And private code tends to suffer from insider "backdooring". So it's not what I'd call perfectly secure either.