Does the innumerable places that backdoors could be hiding scare anyone else?
- Compilers[1]
- Networking appliance firmware
- Operating systems
- Security-critical software (I'm looking at YOU, OpenSSL and OpenSSH)<p>Something else that is rather disturbing is the fact that each and every one of those could lead to the others<p>Malicious software updates through network appliances and bugged compilers are the less-thought-about two of that list, and they're all the more frightening.<p>A few have been caught in Sendmail[2], IRC servers[3] (no big surprises there), FTPds[4], the Linux kernel[5], etc.<p>How many (if any) does HN think slipped through the cracks?<p>[1] https://en.wikipedia.org/wiki/Backdoor_%28computing%29#Reflections_on_Trusting_Trust
[2] http://www.securityfocus.com/news/1113
[3] https://lwn.net/Articles/392201/
[4] http://www.iss.net/security_center/reference/vuln/FTP_ProFTPD_Backdoor.htm
[5] http://www.securityfocus.com/news/7388