Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [Full-Disclosure] Multiple Backdoors found in eEye Products (IRIS and Secure
From: Blue Boar (BlueBoarthievco.com)
Date: Sun Jan 02 2005 - 22:27:09 CST
Dave Aitel wrote:
> Of course, this sort of thing is basically impossible to disprove -
> especially without source.
If I were looking for a well-hidden backdoor, I wouldn't bother with
source. There's no guarantee that a particular binary was produced by a
particular group of source unless you can compile it yourself to the
same set of bytes. Even then, you've got no guarantee the backdoor
isn't introduced as part of the build process or a compiler quirk,
rather than being in the source.
As for proof in this particular case, I find the claim rather
extraordinary, so I would place the burden of proof on the claimer.
Let's see an exploit.
Full-Disclosure - We believe in it.