| Subject | Politically Correct Backdoor |
|---|---|
| Author | Jim Starkey |
| Post date | 2001-01-10T17:59:31Z |
Cert has published the vulnerability at
http://www.kb.cert.org/vuls/id/247371
I discussed the advisability of distributing a vulnerability
tester with the folks at Cert. In general, they feel that the
line between a tester and an exploit is mighty thin, and in
this case, no line at all. Any tester we might make available
could be used to probe other sites looking for vulnerability.
I tend to agree with Cert. If someone has Interbase V4, V5,
or V6, or pre-Christmas Firebird, they have the vulnerability.
If someone want confirmation, we should send them to Cert.
The other news is that Borland has not revealed to Cert (and
they have no obligation to do so) what they changed to close
the back door. My personal position is that unless they publish
the changes or let Cert or another reputable third party inspect
the changes, the anticipated binaries must be considered suspect.
Jim Starkey
http://www.kb.cert.org/vuls/id/247371
I discussed the advisability of distributing a vulnerability
tester with the folks at Cert. In general, they feel that the
line between a tester and an exploit is mighty thin, and in
this case, no line at all. Any tester we might make available
could be used to probe other sites looking for vulnerability.
I tend to agree with Cert. If someone has Interbase V4, V5,
or V6, or pre-Christmas Firebird, they have the vulnerability.
If someone want confirmation, we should send them to Cert.
The other news is that Borland has not revealed to Cert (and
they have no obligation to do so) what they changed to close
the back door. My personal position is that unless they publish
the changes or let Cert or another reputable third party inspect
the changes, the anticipated binaries must be considered suspect.
Jim Starkey