[TUHS] History of exploits - request for authors

Larry McVoy lm at mcvoy.com
Tue Dec 19 11:25:25 AEST 2017


So the only one I was involved in was the CVS hack to the Linux kernel
source tree.  This was back in the early 2000's and the kernel used
my SCM system, BitKeeper, but there were people who didn't like the 
license.  We built an exporter that exported the history to CVS (it
was a pretty nice exporter, on a per file basis it would find the 
longest path through a DAG and export that since CVS was straight
line, not a DAG.)

Me being me, I trusted nothing, so as part of the export process I
compared the checked out BitKeeper tree to the checked out CVS tree.
And found that someone had broken into the machine that hosted the
CVS tree and stuck a back door into the source.

https://www.linux.com/news/linux-kernel-development-process-thwarts-subversion-attempt

I take umbrage at the reporting there, they said it was many eyes (the open
source mantra) that found it, that's bullshit, it was my eyes that found it.

On Mon, Dec 18, 2017 at 11:31:40AM +0100, Arrigo Triulzi wrote:
> Dear all,
> 
> I am starting a new ???history??? section of the ???weird machines and security??? publication PoC||GTFO (https://www.alchemistowl.org/pocorgtfo for my mirror, https://www.nostarch.com/gtfo for a printed compilation of the first 15 issues).
> 
> Ideally we would like some articles about the history of security exploits where the historical importance is emphasised: we always get authors willing to tell us about the latest and greatest web exploit but they often lack any historical perspective about what has been done before.
> 
> As PoC||GTFO has a strong emphasis on weird machines and generally forgotten hardware and software I thought that the contributors to TUHS would be ideally placed to write something about their preferred security exploits in the past. I have fond memories of taking over a machine using and NFS /home filesystem exported to the wide-world, of someone trying to hack into my MasPar via the DEC Ultrix which controlled it, etc. but I am really rather interested in other perspectives.
> 
> I hope a few of you will want to contribute something to the collection, there is still space for the January 2018 edition if anyone is so inclined.
> 
> Cheers,
> 
> Arrigo

-- 
---
Larry McVoy            	     lm at mcvoy.com             http://www.mcvoy.com/lm 


More information about the TUHS mailing list