Evidence of ``possibility of Trojan horse that can not be found even if you examine the source'' left by the creator of OS ``UNIX'' is rediscovered over 40 years
by
Ken Thompson , known for UNIX development of the OS used for servers, talked about 'Reflections on Trusting Trust' in his speech when he received the Turing Award in 1983. . This argues that ``it is not always possible to guarantee that there is no backdoor in the program,'' considering the case where Trojan horses cannot be found no matter how much the source is examined. Mr. Thompson describes this attack that 'a backdoor is embedded in the code of a program without a backdoor (meta backdoor)' in the paper as a thought experiment, and whether this attack actually exists discussion is taking place. Tom Lee, a technology blogger living in Beijing, has posted on his blog that he has rediscovered ``evidence that Mr. Thompson was actually doing a meta backdoor at the time''.
Ken Thompson Really Did Launch His 'Trusting Trust' Trojan Attack in Real Life
https://niconiconi.neocities.org/posts/ken-thompson-really-did-launch-his-trusting-trust-trojan-attack-in-real-life/
In a paper published in 1984, Mr. Thompson said, ``The statement that the program does not contain a Trojan horse is not completely reliable. It's more important to trust the person who wrote the software.' This is even when a full code audit can be done, given the possibility of backdoors embedded in the object code of programs that have backdoors in the development tools themselves and no backdoors in the system. It would argue that you can't always guarantee that your program is free of backdoors. Such a meta backdoor is only indicated as a possibility in the paper.
On the other hand, a 1995 Usenet post by Jay Ashworth, who claims to have had a personal exchange with Thompson, provides strong evidence that meta-backdoor attacks exist in the real world. That's right. However, this Usenet post has not survived, and only partially quoted material has been circulated.
Meanwhile, Lee said on his blog that he found the entire message posted on Usenet by searching multiple Usenet archives. The post Lee discovered was not from Thompson or Ashworth, but rather a repost by someone else at the time, but Lee recorded the full message, including headers and author ID, and published it on his blog. I'm here.
The content of the image below is the full text of Mr. Ashworth's post that Mr. Lee recorded on his blog, saying, 'The actual bug I put in the compiler matches the code below. He (Mr. Thompson) said it In response to a Usenet user's question, 'What did 'it' do?' At the two unix meetings, Ken was talking about it,' and so on.
Mr. Lee concludes, ``Ken Thompson's 'Trusting Trust' Trojan horse attack was not just a thought experiment, it was actually done by Mr. Thompson.'
Related Posts:
in Security, Posted by log1e_dh