Mark Gilbert's Blog

Science and technology, served light and fluffy.

Poisoning the Well

I read a troubling article today on Slashdot.  Crackers modified a couple of versions of SquirrelMail to introduce a bug that, if exploited, would allow them to run arbitrary code on any machine that was running the "contaminated" version.  Obviously, since we’re all reading about the attack, the SquirrelMail team found and has since fixed the bug.

It’s scary to think of an exploitation-delivery mechanism being the source code repository itself.  If nothing else, it shows how vigilant software developers have to be when writing an application.  It’s not enough to write good code, and fix the bugs to make it great code – you have to make sure no one tampers with it before it gets into the end user’s hands.

Powered by Qumana


December 20, 2007 - Posted by | General

Sorry, the comment form is closed at this time.

%d bloggers like this: