Free Republic
Browse · Search 		News/Activism
Topics · Post Article

To: eno_
You could no more bring down a network with ASN.1 than you could a UNIX system with a bootleg copy of yacc.

Bad example. This has been done before, only with the C compiler not yacc.

61 posted on 06/27/2002 12:21:20 AM PDT by altair
[ Post Reply | Private Reply | To 43 | View Replies ]

To: altair
I'm old enough to have been writing UNIX device drivers for a living when Ken Thompson's C compiler 'sploit was first discussed. That is an example of is why even source-code-audited systems are not totally immune to back doors. You have to audit the code the compiler generates, and there may even be theoretical limits on how comprehensively that can be done.

But the effectiveness of this kind of 'sploit, like every other kind, is limited by the diversity of implementations out there. There is no mother of all protocol compilers that could have been infected with a trojan, and that one could use to bring down all networks. Nor is there any other one-size-fits-all exploit, nor even a manageable collection of them that any group short of an NSA or GCHQ type government agency could possibly make any practical use of.

68 posted on 06/27/2002 4:44:00 AM PDT by eno_
[ Post Reply | Private Reply | To 61 | View Replies ]

Free Republic
Browse · Search 		News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson