stevey_frac wrote:Congratulations on demonstrating that there are security flaws in software. This is about two orders of magnitude less significant then your original claim of:"Basically, an attacker changes a compiler binary to produce malicious versions of some programs, INCLUDING ITSELF. Once this is done, the attack perpetuates, essentially undetectably."
No, It is only about one order of magnitude less significant that the above quote. I was using the quote as an extreme example.
The attacker does not need to embed secret vote-changing instructions in the code: they just have to leave a "hook" or back-door. Every 'bug' is undocumented (sometimes documented in an errata) behavior that can possibly lead to a security exploit. If hardware and software is routinely developed in an 'ad-hoc' manner (it is), we have to give the organizations involved the benefit of the doubt that high-profile vulnerabilities are just oversights and not deliberate. If hardware and software was routinely proven correct; such vulnerabilities would be 'bright line' evidence of malice.
The Core 2 Duo had so many security-related vulnerabilities in its errata that Theo de Raadt of OpenBSD fame recommended against purchasing systems based on the chip until the problems were resolved, presumably by BIOS-applied Microcode updates.
- Core 2 Duo: Intel's insecurity blanketMany of the bugs lead to potentially dangerous buffer overflow in which write-protected or non-execute bits for a page table entry are ignored. Others involve floating point instruction non-coherencies or memory corruptions. Intel is aware of the security implications, but has yet to disclose them, he said in an interview.
The WMF vulnerability was widely considered a design flaw rather than coding error per se. However, the way the exploit worked was so suspicious that Steve Gibson decided that it was an intentional back-door. Mark Russinovich explains in his blog why it may be just a conventional slip-up.
Mark Russinovich wrote:The vulnerability is subtle enough that the WINE project, whose intent is to implement the Windows API for non-Windows environments, copied it verbatim in their implementation of PlayMetaFile. A secret backdoor would probably have been noticed by the WINE group, and given a choice of believing there was malicious intent or poor design behind this implementation, I’ll pick poor design. After all, there are plenty of such examples all throughout the Windows API, especially in the part of the API that has its roots in Windows 3.1. The bottom line is that I'm convinced that this behavior, while intentional, is not a secret backdoor.
I don't think we will ever know if those problems mentioned above were intended to be NSA or PRC back-doors. Such vulnerabilities can be triggered by posting the correct sequence of bytes on a website such as a wiki. Most image processing libraries have had similar problems; and most Wikis allow image posting.
I suppose the real problem with my assertion that computer security cannot be resolved in the near future is that it sort of short-circuits the discussion. I think the discussion is still worth-while, even if it doesn't move beyond the "thought experiment" stage.
Edit: I am not sure if Slashdot stories belong in Serious business, but it is relevant and timely. D.C. Suspends Tests of Online Voting System
Under pressure they ran a test vote. The site was compromised within two days.