jump to navigation

Trust Issues October 21, 2013

Posted by markwhylie in Security.

The author begins the paper essentially introducing the audience to what is known as a quine, written in the c programming language. A quine is a computer program which takes no input and produces a copy of its own source code as its only output [1].  The author introduces a problem with the c language compiler where he was able to modify the compiler and deliberately miscompile source whenever a particular pattern is matched [2]. This “Trojan horse” matched code in the UNIX “login” command and would essentially allows the author to log into a particular machine as any user.

The end moral of the story is that you cannot trust code that you did not  totally create yourself. It is important to also keep in mind that even if the code you receive passes a verification and validation step, it does not guarantee you that a deliberate trojan horse was not placed in the code at a lower level. With that said, we will always have individuals with curious and mischievous minds that is out to intentionally harm others, while some just do it as a pass time. I believe the author posed in important question from his article that is certainly worth some discussion. Should we focus more on trusting that the application does not have a trojan horse or should we reserve a level of trust with the developer? What are your thoughts on this topic?



No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: