19 Dec
2017
19 Dec
'17
7:25 a.m.
So the only one I was involved in was the CVS hack to the Linux kernel
source tree. This was back in the early 2000's and the kernel used
my SCM system, BitKeeper, but there were people who didn't like the
license. We built an exporter that exported the history to CVS (it
was a pretty nice exporter, on a per file basis it would find the
longest path through a DAG and export that since CVS was straight
line, not a DAG.)
Me being me, I trusted nothing, so as part of the export process I
compared the checked out BitKeeper tree to the checked out CVS tree.
And found that someone had broken into the machine that hosted the
CVS tree and stuck a back door into the source.
https://www.linux.com/news/linux-kernel-development-process-thwarts-subvers…
I take umbrage at the reporting there, they said it was many eyes (the open
source mantra) that found it, that's bullshit, it was my eyes that found it.
On Mon, Dec 18, 2017 at 11:31:40AM +0100, Arrigo Triulzi wrote:
Dear all,
I am starting a new ???history??? section of the ???weird machines and security???
publication PoC||GTFO (https://www.alchemistowl.org/pocorgtfo for my mirror,
https://www.nostarch.com/gtfo for a printed compilation of the first 15 issues).
Ideally we would like some articles about the history of security exploits where the
historical importance is emphasised: we always get authors willing to tell us about the
latest and greatest web exploit but they often lack any historical perspective about what
has been done before.
As PoC||GTFO has a strong emphasis on weird machines and generally forgotten hardware and
software I thought that the contributors to TUHS would be ideally placed to write
something about their preferred security exploits in the past. I have fond memories of
taking over a machine using and NFS /home filesystem exported to the wide-world, of
someone trying to hack into my MasPar via the DEC Ultrix which controlled it, etc. but I
am really rather interested in other perspectives.
I hope a few of you will want to contribute something to the collection, there is still
space for the January 2018 edition if anyone is so inclined.
Cheers,
Arrigo
--
---
Larry McVoy lm at mcvoy.com http://www.mcvoy.com/lm