Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Comment Re:Ken Thompson, Anyone? (Score 1) 472 472

A quick and dirty fix to such compiler attacks could be to have proper network watchdogs setup, and paying attention to the logs they generate.

For example, init and login should not be accessing the network! Of course one can go one step deeper and inspect all file-handles opened by all the process. As a process can write stuff to a hidden log (and indeed memory!), and then some ok-looking process can fire up and do the actual net transfer. etc

Of course, this would have to be a hardened kernel level module.

So a little extra vigilance can take care of such attacks. But the crypto-weakening attacks don't seems to be so straight forward to manage. imho.

Comment Re:At this point (Score 1) 4 4

My point is not to compare FOSS with the rest of the closed source stuff. FOSS definitely has an advantage with the "many eyes" effect etc. But that still does not guarantee that the 'control freaks' wont be able to sneak in something sinister into a benign looking app in an major Linux distro. Question is whether the FOSS community would go through some sort of SOP yet again for 'driving out these demons'.

Submission + - Linux health given the reveletion of NSA crypto-subverting attacks? 4 4

deepdive writes: I have a basic question. What is the privacy/security health of the Linux kernel (and indeed other FOSS OS's) given all the recent stories about the NSA going in and deliberately subverting various parts of the privacy/security sub-systems. Basically, can one still sleep soundly thinking that the most recent latest/greatest ubuntu/opensuse/what-have-you distro she/he downloaded is still pretty safe. Or do people need to get a little worried and start burning some extra night oil over this?

"Is it really you, Fuzz, or is it Memorex, or is it radiation sickness?" -- Sonic Disruptors comics