[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Axiom-developer] RE: Bootstrapping

From: Andrey G. Grozin
Subject: Re: [Axiom-developer] RE: Bootstrapping
Date: Thu, 10 Nov 2005 23:38:05 +0600 (NOVT)

On Thu, 10 Nov 2005, Jay Belanger wrote:
Tainted binaries are rare, but they do exist.  Trying to avoid them
seems like common sense.
(Tainted sources also exist, but they get spotted easier.)
There's an old saying (Finlay Peter Dunne)
 Trust everyone, but cut the cards.
Not relying on binaries is, if nothing else, cutting the cards.
A fresh example (see Linux Weekly News). Somebody have inserted a (licensed! original!) music CD from SONY into his Windows computer. Windows autoruns some binaries from CDs. In this case, the binary had inserted some spyware, and had modified some normal parts of Windows in such a way that this spyware was (almost) impossible to notice. In other words, a regular rootkit.

Moral: don't trust CDs with binaries from (seemingly) respectable large companies.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]