Overview
Explore the intricacies of backdoors in software systems through this 33-minute conference talk from GrrCON 2014. Delve into the world of vulnerabilities by design, examining historical backdoors and their creators. Learn about the characteristics of effective backdoors, including examples from the Linux kernel and other notable cases. Analyze the techniques used to implement and conceal backdoors, from simple character removals to more sophisticated methods. Gain insights into the motivations behind intentional vulnerabilities and their potential consequences. Discover how seemingly innocuous coding practices can lead to significant security risks. Enhance your understanding of software security and the importance of thorough code review to identify and prevent backdoors.
Syllabus
Introduction
Who am I
All bugs are shallow
Structure
binaries
NSA backdoors
War Games
What makes a backdoor good
Historical backdoors
The creator was like
How the whole thing worked
The missing quality
The Linux kernel backdoor
The Linux bitkeeper backdoor
Commit discrepancies
The backdoor
Removing one character
A better backdoor
Bad programming
Backdoor
C99
R57
Backdoors
Source code
Versions
Extract Issue
WDB Backup
The Real Issue
The Code
The Bad
Perfect backdoor
Database password
Why would you do that
Linux kernel backdoor
Other good backdoors
Questions