Open Source software – an open door to you?

Open source hacking

Open source hackingOpen source software has been around for quite some time. Unix and Linux users have been in the forefront of this  revolution against industry giants for decades. In the past 10 years or so other  open source products such as  firewalls, VPN concentrators, wireless and others have come into the field as  alternatives as well. Touted as secure and usually easy to implement, these pieces of software have started to slip into Corporations large and small to help reduce IT cost. But what has really been the cost of these savings?

The biggest issue is knowing where you’re getting your software from. Did they create, modify and compile it themselves? Did they get it from a third party and just offering it up on their site for you to download? A very “quiet” trend in the industry by hackers, corporate theives, terrorists and others is to take open source software, modify it with backdoors, keyloggers and other little gems meant to give them full access to your digital doors. They are counting on you worrying more about saving money and not knowing how to confirm checksum attributes, how do review the actual code to understand what’s going on under the covers and just wanting to get something installed as quickly and cheaply as possible. Don’t fall into their trap. Here are a few examples of whath as been going on.

ProFTPD FTP software  (this one is a little older and has been fixed but good example)

Apache Webservers

Eric Snowden’s leaks

Skip to toolbar