Adam Albright wrote:

> On Sat, 22 Sep 2007 00:03:50 -0400, "Seven" <Seven@linux.sux> wrote:

>

>

>>"Adam Albright" <AA@ABC.net> wrote in message

>>news:7r09f31ormlrj7j4nhrtb62hq67f7bmc52@4ax.com...

>>

>>>On Fri, 21 Sep 2007 20:38:55 -0400, "Seven" <Seven@linux.sux> wrote:

>>>

>>>

>>>>"Adam Albright" <AA@ABC.net> wrote in message

>>>>news:86j7f313884o79u7im1o6shjf3sdvjh5gd@4ax.com...

>>>>

>>>>>On Fri, 21 Sep 2007 11:20:59 +0100, "dennis@home"

>>>>><dennis@killspam.kicks-ass.net> wrote:

>>>>>

>>>>>

>>>>>

>>>>>>That is almost true.. it should say even experts need help sometimes.

>>>>>>IME

>>>>>>its not usually an expert that solves most problems in the best way..

>>>>>>they

>>>>>>tend to get stuck in a mind set that you have to do things in a

>>>>>>particular

>>>>>>way.. you should always try to listen to other people whatever level

>>>>>>they

>>>>>>are at as sometimes they have the better idea.

>>>>>>

>>>>>>

>>>>>>>>If so who secured your computer and what tools were used?

>>>>>>>

>>>>>>>I did and I have the Gnome Security Suite and a NAT hard firewall. I

>>>>>>>only

>>>>>>>install programs that are in the Ubuntu repositories.

>>>>>>

>>>>>>The best part of that is the firewall.. everyone should have one.. the

>>>>>>software ones are a waste of time to the average user who will just

>>>>>>click

>>>>>>"allow" anyway.

>>>>>

>>>>>Oh God, not again. Another wannabe type trying to imply he's some

>>>>>world renowned expert but oh, nearly everybody else in this newsgroup

>>>>>must be below average in computer knowledge. I see you only as a LIAR.

>>>>>You lie, then when caught you desperately try to parse your words and

>>>>>try to fake you didn't say what you said. I guess you're too dumb to

>>>>>know it, but you just described the actions of UAC.

>>>>>

>>>>

>>>>

>>>>Jealousy is a sin, Preacher Man

>>>>Hallelujah

>>>

>>>So what are you jealous of? My intelligence or maybe it just pisses

>>>clowns like you off how easily I swat away members of the fanboy

>>>crowd.

>>>

>>

>>

>>I'm jealous of Bill Gates fortune...not some doofus that post 6000 times in

>>a ng how smart he is.

>>For that many post, you are either unemployed or.....unemployable.

>>Good thing the monkey shares his quarters with you.

>

>

> Funny, looking at your header, same sequence at the start (read right

> to left) as Vista User and Frankie numbnuts. How revealing.

>

 

OMG, you just can't help proving how dumb you really are!

Learn to read a header you jackas*! If that's even possible.

Frank

Adam Albright wrote:

> On Sat, 22 Sep 2007 00:31:27 -0400, "Seven" <Seven@linux.sux> wrote:

>

>

>>"Adam Albright" <AA@ABC.net> wrote in message

>>news:gl59f39hr07ej7ujmutfeu1m2k1parjofh@4ax.com...

>>

>>>On Sat, 22 Sep 2007 00:03:50 -0400, "Seven" <Seven@linux.sux> wrote:

>>>

>>>

>>>>"Adam Albright" <AA@ABC.net> wrote in message

>>>>news:7r09f31ormlrj7j4nhrtb62hq67f7bmc52@4ax.com...

>>>>

>>>>>On Fri, 21 Sep 2007 20:38:55 -0400, "Seven" <Seven@linux.sux> wrote:

>>>>>

>>>>>

>>>>>>"Adam Albright" <AA@ABC.net> wrote in message

>>>>>>news:86j7f313884o79u7im1o6shjf3sdvjh5gd@4ax.com...

>>>>>>

>>>>>>>On Fri, 21 Sep 2007 11:20:59 +0100, "dennis@home"

>>>>>>><dennis@killspam.kicks-ass.net> wrote:

>>>>>>>

>>>>>>>

>>>>>>>

>>>>>>>>That is almost true.. it should say even experts need help sometimes.

>>>>>>>>IME

>>>>>>>>its not usually an expert that solves most problems in the best way..

>>>>>>>>they

>>>>>>>>tend to get stuck in a mind set that you have to do things in a

>>>>>>>>particular

>>>>>>>>way.. you should always try to listen to other people whatever level

>>>>>>>>they

>>>>>>>>are at as sometimes they have the better idea.

>>>>>>>>

>>>>>>>>

>>>>>>>>>>If so who secured your computer and what tools were used?

>>>>>>>>>

>>>>>>>>>I did and I have the Gnome Security Suite and a NAT hard firewall. I

>>>>>>>>>only

>>>>>>>>>install programs that are in the Ubuntu repositories.

>>>>>>>>

>>>>>>>>The best part of that is the firewall.. everyone should have one.. the

>>>>>>>>software ones are a waste of time to the average user who will just

>>>>>>>>click

>>>>>>>>"allow" anyway.

>>>>>>>

>>>>>>>Oh God, not again. Another wannabe type trying to imply he's some

>>>>>>>world renowned expert but oh, nearly everybody else in this newsgroup

>>>>>>>must be below average in computer knowledge. I see you only as a LIAR.

>>>>>>>You lie, then when caught you desperately try to parse your words and

>>>>>>>try to fake you didn't say what you said. I guess you're too dumb to

>>>>>>>know it, but you just described the actions of UAC.

>>>>>>>

>>>>>>

>>>>>>

>>>>>>Jealousy is a sin, Preacher Man

>>>>>>Hallelujah

>>>>>

>>>>>So what are you jealous of? My intelligence or maybe it just pisses

>>>>>clowns like you off how easily I swat away members of the fanboy

>>>>>crowd.

>>>>>

>>>>

>>>>

>>>>I'm jealous of Bill Gates fortune...not some doofus that post 6000 times

>>>>in

>>>>a ng how smart he is.

>>>>For that many post, you are either unemployed or.....unemployable.

>>>>Good thing the monkey shares his quarters with you.

>>>

>>>Funny, looking at your header, same sequence at the start (read right

>>>to left) as Vista User and Frankie numbnuts. How revealing.

>>>

>>

>>

>>Wow.

>>Ingenious Sherlock.

>>I guess you have also figured out I am using a computer.

>>I'm impressed.

>

>

> Why would anybody be impressed with some psycho like you that lies his

> ass off, and posts under multiple names? Such kid stuff.

>

 

hehehe...we all so enjoy watching you constantly making a fool out of

yourself, you dipsh*t idiot!

Let me say it again...one more time...LEARN TO READ A HEADER YOU

MORON...LOL!

Frank

Adam Albright wrote:

> On Sat, 22 Sep 2007 00:03:50 -0400, "Seven" <Seven@linux.sux> wrote:

>

>> "Adam Albright" <AA@ABC.net> wrote in message

>> news:7r09f31ormlrj7j4nhrtb62hq67f7bmc52@4ax.com...

>>> On Fri, 21 Sep 2007 20:38:55 -0400, "Seven" <Seven@linux.sux> wrote:

>>>

>>>> "Adam Albright" <AA@ABC.net> wrote in message

>>>> news:86j7f313884o79u7im1o6shjf3sdvjh5gd@4ax.com...

>>>>> On Fri, 21 Sep 2007 11:20:59 +0100, "dennis@home"

>>>>> <dennis@killspam.kicks-ass.net> wrote:

>>>>>

>>>>>

>>>>>> That is almost true.. it should say even experts need help sometimes.

>>>>>> IME

>>>>>> its not usually an expert that solves most problems in the best way..

>>>>>> they

>>>>>> tend to get stuck in a mind set that you have to do things in a

>>>>>> particular

>>>>>> way.. you should always try to listen to other people whatever level

>>>>>> they

>>>>>> are at as sometimes they have the better idea.

>>>>>>

>>>>>>>> If so who secured your computer and what tools were used?

>>>>>>> I did and I have the Gnome Security Suite and a NAT hard firewall. I

>>>>>>> only

>>>>>>> install programs that are in the Ubuntu repositories.

>>>>>> The best part of that is the firewall.. everyone should have one.. the

>>>>>> software ones are a waste of time to the average user who will just

>>>>>> click

>>>>>> "allow" anyway.

>>>>> Oh God, not again. Another wannabe type trying to imply he's some

>>>>> world renowned expert but oh, nearly everybody else in this newsgroup

>>>>> must be below average in computer knowledge. I see you only as a LIAR.

>>>>> You lie, then when caught you desperately try to parse your words and

>>>>> try to fake you didn't say what you said. I guess you're too dumb to

>>>>> know it, but you just described the actions of UAC.

>>>>>

>>>>

>>>> Jealousy is a sin, Preacher Man

>>>> Hallelujah

>>> So what are you jealous of? My intelligence or maybe it just pisses

>>> clowns like you off how easily I swat away members of the fanboy

>>> crowd.

>>>

>>

>> I'm jealous of Bill Gates fortune...not some doofus that post 6000 times in

>> a ng how smart he is.

>> For that many post, you are either unemployed or.....unemployable.

>> Good thing the monkey shares his quarters with you.

>

> Funny, looking at your header, same sequence at the start (read right

> to left) as Vista User and Frankie numbnuts. How revealing.

>

 

Maybe the three of them share a trailer and sit at the kitchen table,

wishing they had a business.

 

--

Alias

To email me, remove shoes

Frank wrote:

>

> Oh, and you are a member in good standing of my kennel...lol!

 

Is your real name Michael Vick?

 

--

Alias

To email me, remove shoes

On Fri, 21 Sep 2007 22:28:03 -0700, Frank <fb@nosspan.clim> wrote:

>Adam Albright wrote:

>

>> So what are you jealous of? My intelligence or maybe it just pisses

>> clowns like you off how easily I swat away members of the fanboy

>> crowd.

>>

>You have yet to even reach the "mental midget" level in anything in

>life, let alone computers. You're a big mouth blowhard drunken idiot who

>also just happens to be a moron. You've got your bald pointy head shoved

>so far up you fat as* that the sun always appears to be brown in color

>to you.

>You're also a braggart and a know liar on top of being just a plain old

>as*hole.

>You are nothing but a piece of sh*t loser!

>Frank

>

>Oh, and you are a member in good standing of my kennel...lol!

 

Again you provide the proof yourself to be the diseased babbling

psychopath I say you are. Thanks!

"Charlie Tame" <charlie@tames.net> wrote in message

news:u7vLTIN$HHA.1416@TK2MSFTNGP03.phx.gbl...

> Seven wrote:

>> "Adam Albright" <AA@ABC.net> wrote in message

>> news:gl59f39hr07ej7ujmutfeu1m2k1parjofh@4ax.com...

>>> On Sat, 22 Sep 2007 00:03:50 -0400, "Seven" <Seven@linux.sux> wrote:

>>>

>>>> "Adam Albright" <AA@ABC.net> wrote in message

>>>> news:7r09f31ormlrj7j4nhrtb62hq67f7bmc52@4ax.com...

>>>>> On Fri, 21 Sep 2007 20:38:55 -0400, "Seven" <Seven@linux.sux> wrote:

>>>>>

>>>>>> "Adam Albright" <AA@ABC.net> wrote in message

>>>>>> news:86j7f313884o79u7im1o6shjf3sdvjh5gd@4ax.com...

>>>>>>> On Fri, 21 Sep 2007 11:20:59 +0100, "dennis@home"

>>>>>>> <dennis@killspam.kicks-ass.net> wrote:

>>>>>>>

>>>>>>>

>>>>>>>> That is almost true.. it should say even experts need help

>>>>>>>> sometimes.

>>>>>>>> IME

>>>>>>>> its not usually an expert that solves most problems in the best

>>>>>>>> way..

>>>>>>>> they

>>>>>>>> tend to get stuck in a mind set that you have to do things in a

>>>>>>>> particular

>>>>>>>> way.. you should always try to listen to other people whatever

>>>>>>>> level

>>>>>>>> they

>>>>>>>> are at as sometimes they have the better idea.

>>>>>>>>

>>>>>>>>>> If so who secured your computer and what tools were used?

>>>>>>>>>

>>>>>>>>> I did and I have the Gnome Security Suite and a NAT hard firewall.

>>>>>>>>> I

>>>>>>>>> only

>>>>>>>>> install programs that are in the Ubuntu repositories.

>>>>>>>>

>>>>>>>> The best part of that is the firewall.. everyone should have one..

>>>>>>>> the

>>>>>>>> software ones are a waste of time to the average user who will just

>>>>>>>> click

>>>>>>>> "allow" anyway.

>>>>>>>

>>>>>>> Oh God, not again. Another wannabe type trying to imply he's some

>>>>>>> world renowned expert but oh, nearly everybody else in this

>>>>>>> newsgroup

>>>>>>> must be below average in computer knowledge. I see you only as a

>>>>>>> LIAR.

>>>>>>> You lie, then when caught you desperately try to parse your words

>>>>>>> and

>>>>>>> try to fake you didn't say what you said. I guess you're too dumb to

>>>>>>> know it, but you just described the actions of UAC.

>>>>>>>

>>>>>>

>>>>>>

>>>>>> Jealousy is a sin, Preacher Man

>>>>>> Hallelujah

>>>>>

>>>>> So what are you jealous of? My intelligence or maybe it just pisses

>>>>> clowns like you off how easily I swat away members of the fanboy

>>>>> crowd.

>>>>>

>>>>

>>>>

>>>> I'm jealous of Bill Gates fortune...not some doofus that post 6000

>>>> times in

>>>> a ng how smart he is.

>>>> For that many post, you are either unemployed or.....unemployable.

>>>> Good thing the monkey shares his quarters with you.

>>>

>>> Funny, looking at your header, same sequence at the start (read right

>>> to left) as Vista User and Frankie numbnuts. How revealing.

>>>

>>

>>

>> Wow.

>> Ingenious Sherlock.

>> I guess you have also figured out I am using a computer.

>> I'm impressed.

>

>

> The Etch a Sketch broke did it?

 

 

If they made Office for Etch a Sketch, it would make a good laptop.

"Adam Albright" <AA@ABC.net> wrote in message

news:gl59f39hr07ej7ujmutfeu1m2k1parjofh@4ax.com...

> Funny, looking at your header, same sequence at the start (read right

> to left) as Vista User and Frankie numbnuts. How revealing.

>

 

If you use Google you can find web sites that help parse headers.

It may make you look less stupid if you tried.

However as you can't even read the posts and get the insults you fling about

correct, I doubt if this will help.

"Adam Albright" <AA@ABC.net> wrote in message

news:gl59f39hr07ej7ujmutfeu1m2k1parjofh@4ax.com...

> On Sat, 22 Sep 2007 00:03:50 -0400, "Seven" <Seven@linux.sux> wrote:

>

>>"Adam Albright" <AA@ABC.net> wrote in message

>>news:7r09f31ormlrj7j4nhrtb62hq67f7bmc52@4ax.com...

>>> On Fri, 21 Sep 2007 20:38:55 -0400, "Seven" <Seven@linux.sux> wrote:

>>>

>>>>"Adam Albright" <AA@ABC.net> wrote in message

>>>>news:86j7f313884o79u7im1o6shjf3sdvjh5gd@4ax.com...

>>>>> On Fri, 21 Sep 2007 11:20:59 +0100, "dennis@home"

>>>>> <dennis@killspam.kicks-ass.net> wrote:

>>>>>

>>>>>

>>>>>>That is almost true.. it should say even experts need help sometimes.

>>>>>>IME

>>>>>>its not usually an expert that solves most problems in the best way..

>>>>>>they

>>>>>>tend to get stuck in a mind set that you have to do things in a

>>>>>>particular

>>>>>>way.. you should always try to listen to other people whatever level

>>>>>>they

>>>>>>are at as sometimes they have the better idea.

>>>>>>

>>>>>>>> If so who secured your computer and what tools were used?

>>>>>>>

>>>>>>> I did and I have the Gnome Security Suite and a NAT hard firewall. I

>>>>>>> only

>>>>>>> install programs that are in the Ubuntu repositories.

>>>>>>

>>>>>>The best part of that is the firewall.. everyone should have one.. the

>>>>>>software ones are a waste of time to the average user who will just

>>>>>>click

>>>>>>"allow" anyway.

>>>>>

>>>>> Oh God, not again. Another wannabe type trying to imply he's some

>>>>> world renowned expert but oh, nearly everybody else in this newsgroup

>>>>> must be below average in computer knowledge. I see you only as a LIAR.

>>>>> You lie, then when caught you desperately try to parse your words and

>>>>> try to fake you didn't say what you said. I guess you're too dumb to

>>>>> know it, but you just described the actions of UAC.

>>>>>

>>>>

>>>>

>>>>Jealousy is a sin, Preacher Man

>>>>Hallelujah

>>>

>>> So what are you jealous of? My intelligence or maybe it just pisses

>>> clowns like you off how easily I swat away members of the fanboy

>>> crowd.

>>>

>>

>>

>>I'm jealous of Bill Gates fortune...not some doofus that post 6000 times

>>in

>>a ng how smart he is.

>>For that many post, you are either unemployed or.....unemployable.

>>Good thing the monkey shares his quarters with you.

>

> Funny, looking at your header, same sequence at the start (read right

> to left) as Vista User and Frankie numbnuts. How revealing.

>

 

How STUPID are you. You dumb ass learn how to read a header.

Better yet take you medication and a fifth of vodka and go back into your

coma.

You must be the stupidest idiot in this newsgroup!

Mark Bourne Mark@discussions.microsoft.com posted to

microsoft.public.windows.vista.general:

> dennis@home wrote:

>>

>> "Erwin Moller"

>> <Since_humans_read_this_I_am_spammed_too_much@spamyourself.com>

>> wrote in message news:46e994e5$0$236$e4fe514c@news.xs4all.nl...

>>

>>> With Ubuntu you can ALWAYS look at the sourcecode, written in

>>> clear C most of the time.

>>

>> You can look at the source code but unless you compile it and build

>> your own Ubuntu you don't know that that source is the code you

>> have.

>>

>

> But even then, how do you know you can trust that the compiler

> doesn't inject extra code? Unless you've inspected (and fully

> understood) the compiler's source and compiled it yourself, but what

> do you use to do that...?

>

> I'm not against open source - the only paid-for software I use is

> Windows, plus a few utilities which come with hardware (and even

> then, the software is often free to download from the manufacturer's

> web site, just useless if you don't have their hardware). But it's

> an interesting question from an article I saw a few years ago...

>

> http://www.securityfocus.com/news/19

> <quote>

> All the benefits of source code peer review are irrelevant if you

> can not be certain that a given binary application is the result of

> the reviewed source code.

>

> Ken Thompson made this very clear during his 1983 Turing Award

> lecture to the ACM, in which he revealed a shocking, and subtle,

> software subversion technique that's still illustrative seventeen

> years later.

>

> Thompson modified the UNIX C compiler to recognize when the login

> program was being compiled, and to insert a back door in the

> resulting binary code such that it would allow him to login as any

> user using a "magic" password.

>

> Anyone reviewing the compiler source code could have found the back

> door, except that Thompson then modified the compiler so that

> whenever it compiled itself, it would insert both the code that

> inserts the login back door, as well as code that modifies the

> compiler. With this new binary he removed the modifications he had

> made and recompiled again.

>

> He now had a trojaned compiler and clean source code. Anyone using

> his compiler to compile either the login program , or the compiler,

> would propagate his back doors.

>

> The reason his attack worked is because the compiler has a

> bootstrapping problem. You need a compiler to compile the compiler.

> You must obtain a binary copy of the compiler before you can use it

> to translate the compiler source code into a binary. There was no

> guarantee that the binary compiler you were using was really related

> to the source code of the same.

> </quote>

 

Can't speak for anyone else but, i am fully aware of compiler/library

subversion techniques. Dis-assemblers are a useful tool when this is

suspected. It can be made especially easy if you compile to assembly

with the same optimization settings.

<quiettechblue@yahoo.com> wrote in message

news:%23T2FHEW$HHA.1212@TK2MSFTNGP05.phx.gbl...

> Mark Bourne Mark@discussions.microsoft.com posted to

> microsoft.public.windows.vista.general:

>

>> dennis@home wrote:

>>>

>>> "Erwin Moller"

>>> <Since_humans_read_this_I_am_spammed_too_much@spamyourself.com>

>>> wrote in message news:46e994e5$0$236$e4fe514c@news.xs4all.nl...

>>>

>>>> With Ubuntu you can ALWAYS look at the sourcecode, written in

>>>> clear C most of the time.

>>>

>>> You can look at the source code but unless you compile it and build

>>> your own Ubuntu you don't know that that source is the code you

>>> have.

>>>

>>

>> But even then, how do you know you can trust that the compiler

>> doesn't inject extra code? Unless you've inspected (and fully

>> understood) the compiler's source and compiled it yourself, but what

>> do you use to do that...?

>>

>> I'm not against open source - the only paid-for software I use is

>> Windows, plus a few utilities which come with hardware (and even

>> then, the software is often free to download from the manufacturer's

>> web site, just useless if you don't have their hardware). But it's

>> an interesting question from an article I saw a few years ago...

>>

>> http://www.securityfocus.com/news/19

>> <quote>

>> All the benefits of source code peer review are irrelevant if you

>> can not be certain that a given binary application is the result of

>> the reviewed source code.

>>

>> Ken Thompson made this very clear during his 1983 Turing Award

>> lecture to the ACM, in which he revealed a shocking, and subtle,

>> software subversion technique that's still illustrative seventeen

>> years later.

>>

>> Thompson modified the UNIX C compiler to recognize when the login

>> program was being compiled, and to insert a back door in the

>> resulting binary code such that it would allow him to login as any

>> user using a "magic" password.

>>

>> Anyone reviewing the compiler source code could have found the back

>> door, except that Thompson then modified the compiler so that

>> whenever it compiled itself, it would insert both the code that

>> inserts the login back door, as well as code that modifies the

>> compiler. With this new binary he removed the modifications he had

>> made and recompiled again.

>>

>> He now had a trojaned compiler and clean source code. Anyone using

>> his compiler to compile either the login program , or the compiler,

>> would propagate his back doors.

>>

>> The reason his attack worked is because the compiler has a

>> bootstrapping problem. You need a compiler to compile the compiler.

>> You must obtain a binary copy of the compiler before you can use it

>> to translate the compiler source code into a binary. There was no

>> guarantee that the binary compiler you were using was really related

>> to the source code of the same.

>> </quote>

>

> Can't speak for anyone else but, i am fully aware of compiler/library

> subversion techniques. Dis-assemblers are a useful tool when this is

> suspected. It can be made especially easy if you compile to assembly

> with the same optimization settings.

 

How many people do you think have the skill to understand disassembled code

produce by a C compiler?

I doubt if anybody has ever disassembled the gcc compiler to see if it is

hacked.

dennis@home dennis@killspam.kicks-ass.net posted to

microsoft.public.windows.vista.general:

>

> <quiettechblue@yahoo.com> wrote in message

> news:%23T2FHEW$HHA.1212@TK2MSFTNGP05.phx.gbl...

>> Mark Bourne Mark@discussions.microsoft.com posted to

>> microsoft.public.windows.vista.general:

>>

>>> dennis@home wrote:

>>>>

>>>> "Erwin Moller"

>>>> <Since_humans_read_this_I_am_spammed_too_much@spamyourself.com>

>>>> wrote in message news:46e994e5$0$236$e4fe514c@news.xs4all.nl...

>>>>

>>>>> With Ubuntu you can ALWAYS look at the sourcecode, written in

>>>>> clear C most of the time.

>>>>

>>>> You can look at the source code but unless you compile it and

>>>> build your own Ubuntu you don't know that that source is the code

>>>> you have.

>>>>

>>>

>>> But even then, how do you know you can trust that the compiler

>>> doesn't inject extra code? Unless you've inspected (and fully

>>> understood) the compiler's source and compiled it yourself, but

>>> what do you use to do that...?

>>>

>>> I'm not against open source - the only paid-for software I use is

>>> Windows, plus a few utilities which come with hardware (and even

>>> then, the software is often free to download from the

>>> manufacturer's web site, just useless if you don't have their

>>> hardware). But it's an interesting question from an article I saw

>>> a few years ago...

>>>

>>> http://www.securityfocus.com/news/19

>>> <quote>

>>> All the benefits of source code peer review are irrelevant if you

>>> can not be certain that a given binary application is the result

>>> of the reviewed source code.

>>>

>>> Ken Thompson made this very clear during his 1983 Turing Award

>>> lecture to the ACM, in which he revealed a shocking, and subtle,

>>> software subversion technique that's still illustrative seventeen

>>> years later.

>>>

>>> Thompson modified the UNIX C compiler to recognize when the login

>>> program was being compiled, and to insert a back door in the

>>> resulting binary code such that it would allow him to login as any

>>> user using a "magic" password.

>>>

>>> Anyone reviewing the compiler source code could have found the

>>> back door, except that Thompson then modified the compiler so that

>>> whenever it compiled itself, it would insert both the code that

>>> inserts the login back door, as well as code that modifies the

>>> compiler. With this new binary he removed the modifications he had

>>> made and recompiled again.

>>>

>>> He now had a trojaned compiler and clean source code. Anyone using

>>> his compiler to compile either the login program , or the

>>> compiler, would propagate his back doors.

>>>

>>> The reason his attack worked is because the compiler has a

>>> bootstrapping problem. You need a compiler to compile the

>>> compiler. You must obtain a binary copy of the compiler before you

>>> can use it to translate the compiler source code into a binary.

>>> There was no guarantee that the binary compiler you were using was

>>> really related to the source code of the same.

>>> </quote>

>>

>> Can't speak for anyone else but, i am fully aware of

>> compiler/library

>> subversion techniques. Dis-assemblers are a useful tool when this

>> is

>> suspected. It can be made especially easy if you compile to

>> assembly with the same optimization settings.

>

> How many people do you think have the skill to understand

> disassembled code produce by a C compiler?

> I doubt if anybody has ever disassembled the gcc compiler to see if

> it is hacked.

 

I never said it was a common skill. The implication is that it is

learnable, especially by programmers and others interested detecting

such methods.

<quiettechblue@yahoo.com> wrote in message

news:%23iyzCkn$HHA.3900@TK2MSFTNGP02.phx.gbl...

> dennis@home dennis@killspam.kicks-ass.net posted to

> microsoft.public.windows.vista.general:

>

>>

>> <quiettechblue@yahoo.com> wrote in message

>> news:%23T2FHEW$HHA.1212@TK2MSFTNGP05.phx.gbl...

>>> Mark Bourne Mark@discussions.microsoft.com posted to

>>> microsoft.public.windows.vista.general:

>>>

>>>> dennis@home wrote:

>>>>>

>>>>> "Erwin Moller"

>>>>> <Since_humans_read_this_I_am_spammed_too_much@spamyourself.com>

>>>>> wrote in message news:46e994e5$0$236$e4fe514c@news.xs4all.nl...

>>>>>

>>>>>> With Ubuntu you can ALWAYS look at the sourcecode, written in

>>>>>> clear C most of the time.

>>>>>

>>>>> You can look at the source code but unless you compile it and

>>>>> build your own Ubuntu you don't know that that source is the code

>>>>> you have.

>>>>>

>>>>

>>>> But even then, how do you know you can trust that the compiler

>>>> doesn't inject extra code? Unless you've inspected (and fully

>>>> understood) the compiler's source and compiled it yourself, but

>>>> what do you use to do that...?

>>>>

>>>> I'm not against open source - the only paid-for software I use is

>>>> Windows, plus a few utilities which come with hardware (and even

>>>> then, the software is often free to download from the

>>>> manufacturer's web site, just useless if you don't have their

>>>> hardware). But it's an interesting question from an article I saw

>>>> a few years ago...

>>>>

>>>> http://www.securityfocus.com/news/19

>>>> <quote>

>>>> All the benefits of source code peer review are irrelevant if you

>>>> can not be certain that a given binary application is the result

>>>> of the reviewed source code.

>>>>

>>>> Ken Thompson made this very clear during his 1983 Turing Award

>>>> lecture to the ACM, in which he revealed a shocking, and subtle,

>>>> software subversion technique that's still illustrative seventeen

>>>> years later.

>>>>

>>>> Thompson modified the UNIX C compiler to recognize when the login

>>>> program was being compiled, and to insert a back door in the

>>>> resulting binary code such that it would allow him to login as any

>>>> user using a "magic" password.

>>>>

>>>> Anyone reviewing the compiler source code could have found the

>>>> back door, except that Thompson then modified the compiler so that

>>>> whenever it compiled itself, it would insert both the code that

>>>> inserts the login back door, as well as code that modifies the

>>>> compiler. With this new binary he removed the modifications he had

>>>> made and recompiled again.

>>>>

>>>> He now had a trojaned compiler and clean source code. Anyone using

>>>> his compiler to compile either the login program , or the

>>>> compiler, would propagate his back doors.

>>>>

>>>> The reason his attack worked is because the compiler has a

>>>> bootstrapping problem. You need a compiler to compile the

>>>> compiler. You must obtain a binary copy of the compiler before you

>>>> can use it to translate the compiler source code into a binary.

>>>> There was no guarantee that the binary compiler you were using was

>>>> really related to the source code of the same.

>>>> </quote>

>>>

>>> Can't speak for anyone else but, i am fully aware of

>>> compiler/library

>>> subversion techniques. Dis-assemblers are a useful tool when this

>>> is

>>> suspected. It can be made especially easy if you compile to

>>> assembly with the same optimization settings.

>>

>> How many people do you think have the skill to understand

>> disassembled code produce by a C compiler?

>> I doubt if anybody has ever disassembled the gcc compiler to see if

>> it is hacked.

>

> I never said it was a common skill. The implication is that it is

> learnable, especially by programmers and others interested detecting

> such methods.

>

 

I agree that there are some people that could do it.. however it is one hell

of a big jump from that to various Linux users claims that it actually

happens and that they are safe because of it. The people that can do it are

probably like me with an attention span that is so shor