Linux Today: Linux News On Internet Time.

Fortify Finds Trojan Devs in Open Source

Oct 12, 2007, 18:00 (11 Talkback[s])
(Other stories by Tony Baer)

"Fortify has identified a new class of bug that is designed to take advantage of the atmosphere of trust that occurs while developers are playing with open source code. It's called 'build-process injection,' a Trojan horse that allows hackers to insert malicious code into the target program while it is being constructed.

"In this case, hackers can surreptitiously replace source code sitting in the repository with an infected version. The result is that the Trojan horse could start doing its dirty work before the application ever gets to test phase, or depending on the design of the malware, at any point thereafter..."

Complete Story

Related Stories: