Do You Write Backdoors?

quaxzarron asks: "I had a recent experience where one of our group of programmers wrote backdoors on some web applications we were developing, so that he could gain access to the main hosting server when the application went live. This got me thinking about how we are dependent on the integrity of the coders for the integrity of our applications. Yet in this case a more than casual glance would allow us to identify potentially malicious code. How does this work when the clients are companies who can't perform such checks - either because they don't know how, or because the code is too large or too complex? How often do companies developing code officially sanction backdoors...even if means calling them 'security features'? How often has the Slashdot crowd put a backdoor in the code they were developing either officially or otherwise? How sustainable is the 'trust' between the developer and the client?"

Of course

[Anonymous Coward]

After I saw Wargames, I saw the immediate benefit of backdoors. They're very useful for preventing World War 3... oh, and playing games.

Sure! I wrote one into Slashcode!

[Limburgher]

How do you think I posted this story? :)

microsoft

[tmonkey]

i believe that our god friend bill had once added a back dor password "netscape users are weenies"

Backdoors

[digipak]

I've never coded backdoors into any software I've written. I usually don't use them in the future, and if I really need them, I gain access by other means. I can't see a logical reason to add them in, especially if you're job depends on the integrity of your code.

Microsoft believes in them..

[macshune]

Anyone else remember the NSAkey registry entry in Win95?

of course

[kurosawdust]

my code is so tight, the front door and backdoor are on the same hinge! hooah!

Backdoors

[Anonymous Coward]

Only in the BBS Software, did I write backdoors, those kids never registered...had to slap their hands a bit.

Why yes...

[Queelix]

I'm a backdoor man.

Sincerely,

Jim Morrison

Slashdot Has A Backdoor!!

[Anonymous Coward]

And it lives here [goatse.cx]!

This story was just begging for this link!

Given that Slashdot implies "Linux"

[Anonymous Coward]

I'd say that most slashdotters have "installed" someone's "backdoor" more than a few times.

I'd like to help, but...

[Lord_Slepnir]

I'd like to post an intelligent responce, but I need more info. Can I have some people send me a list of back doors they've created so that I can investigate further? thanks

Jurassic Park

[masonbrown]

Didn't we learn - if your developer is complaining that he doesn't get paid enough, you'll have dinosaurs eating your customers soon enough?

Re:Deadlines

[ralico]

But there is enough time to read /. right?

Seriously, tho, I agree with the poster. Backdoors are basically bad news. In addition to a security threat, they are a legal liability for the organization which develops the software, if developed for commercial purposes.

Re:To do what?

[interiot]

To do what?

Haven't you seen Office Space? Most security breaches are by a company's own employees... most money lost illegally is due to the company's own employees. Reasons obviously include at least greed and revenge. And maybe bragging, but only to your girlfriend and the guy on the other side of the wall.

Re:Sure! I wrote one into Slashcode!

[GMontag]

Back door? BLAH! I just use a fire axe.

Warmest regards,

Guy Montag

Ha!

[praetorian_x]

With so many clients deploying on Windows, who needs to waste time putting in a back door?

Its built right into the OS.

Cheers,
prat

Don't call it a backdoor...

[djcatnip]

Call it an "Administration area"

The Praetorians

[version5]

I heard that there's this program called Mozart's Ghost that has a little pi symbol put there by the notorious hacking group, the Praetorians. Anyway, if you click on it while holding down control-shift-back-back-forward-punch, it opens up a backdoor and your screen goes all crazy. I think it let's you hack the gibson or something.

Missing option:

[bperkins]

Cowboyneal is my backdoor.

Oh, I'm sorry, I thought this was a poll.

Re:Deadlines

[Anonymous Coward]

give url and master pw, pls.

thx

Re:I'd like to help, but...

[kingkade]

run your finger down your back. it's the first hole ya come to.

Do I write Backdoors?

[Cruciform]

Dear Backdoor,

I'm sorry I haven't written in so long, but you know how busy things get. Maybe it's time for us to move on. I've found this great credit card database that uses default passwords. What can I say, it has so much more to offer.

Yours truly...

Re:Deadlines

[swordboy]

Deadlines can be the friend of someone who wants to slip a backdoor into code.

Reminds me of something... I wonder how many holes were implemented in the Y2K fiasco?

Michael: It's pretty brilliant. What it does is where there's a bank transaction, and the interests are computed in the thousands a day in fractions of a cent, which it usually rounds off. What this does is it takes those remainders and puts it into your account.

Peter: This sounds familiar.

Michael: Yeah. They did this in Superman III.

Peter: Yeah. What a good movie.

Michael: A bunch of hackers did this in the 70s and one of them got busted.

Peter: Well, so they check for this now?

Michael: Initech's so backed up with all the software we're updating for the year 2000, they'd never notice.

Peter: You're right. And even if they wanted to, they could never check all that code.

Michael: It's numbers up their asses.

Peter: So, Michael, what's to keep you from doing this?

Michael: It's not worth the risk. I got a good job.

Peter: What if you didn't have a good job?

Re:Deadlines

[Anonymous Coward]

just be careful when the guy you are out drinking with starts leaning forward and discussing "backdoors".

he may not mean what you think he means ...

Re:RTFC.

[Anonymous Coward]

Let me guess, your a manager who over works his employees while spending his time on slashdot? Nice.

Re:Of course

[duckpoopy]

I wonder how many backdoor passwords are "joshua"?

Re:Deadlines

[motardo]

You must work for AOL

Re:the short answer

[Anonymous Coward]

Then he could hold them ransom for ... one million dollars!!

[places pinky finger to lips]

Re:Payment Insurance

[Xerithane]

I know a person who owns his own company and writes code on a for-hire basis. He puts in timed expiration code such that if they don't pay him within 30 days of delivery, his code de-activates.


My favorite practice is the license keyset approach. After a period of time the code will self-encrypt itself using 2048-bit Blowfish or something, then exit out. You have to have the keyset to decrypt it back out. If they don't pay up, they never get the keyset.

Re:Make sure you get paid.

[unicron]

I bet he did it with a Hydra..and you just know it has 1024 bit encryption piped through dual ds-3's to a residential address.

Re:RTFC.

[scott1853]

Hi Matt, this is your boss. Please get back to doing the work I PAY YOU FOR instead of posting on Slashdot. ;)

Re:Rememeber that movie?

[stratjakt]

Yeah and there was like a WAR or something because of the GAMES. Then to stop the WAR he had to play GAMES with the computer.

I think it was called, "The Bus that Couldnt Slow Down".

Re:Deadlines

[kasperd]

if ($password != "MyBackdoorPassword") VerifyPassword();

That is the insecure way to do it. If you want to make a backdoor, do it right:

if (sha1sum($password) != "8de78cff090a8e985418918c898a711a565764a9") VerifyPassword();

(and pick a better password).

Re:Perfectly true

[avi33]

..yes, and what if that backdoor saved the company precious programming hours. Then you'd be stealing from the company by *not* using it. ;0

Re:I backdoor all the time..

[sql*kitten]

Did you ever think of what would happen if a cracker found out about such a backdoor? Just because you do your best to keep it a secret doesn't mean that crackers can't find out about it.

Well I don't know about you, but I use the same combination as on my luggage.

Re:Make sure you get paid.

[Lan-Z]

"But was there a backdoor to the backdoor?"

I think that was a gay porn title.

code

[bluness]

my favorite backdoors are not those that are obvious, but those that could be passed for a simple programming error... buffer overflow..etc

Re:Everyone backdoors?

[uptownguy]

In fact, sociopaths are a minority

Sort of a tautologous statement, wouldn't you say? I mean, once they are in the majority, then their behavior is called custom right?

Re:Make sure you get paid.

[pnatural]

but how did he pop the firewall?

Re:Deadlines

[Blimey85]

they just type in "IAMGOD"

Damn it!!!! That was my password! I found it first!!!! Now I have to try to think up another one....

Re:Backdoors

[Creedo]

I usually don't use them in the future
And how, exactly, do you know this?

Re:*Thumbs* Up Their Asses

[Chundra]

Thumbs, numbers, whatever...they're all digits.

Re:Never have, never will

[Anonymous Coward]

But don't be an asshole.

You mean, "don't write an asshole."

Re:Microsoft believes in them..

[e2d2]

I don't usually respond to troll acs but I'll bite this time just for "kicks":

"Literally" is not to be used for emphasis; especially when you're applying it to something you mean figuratively.

Kind of like: I'd like to figuratively put my foot up your ass?

If meant it as a jab, a funny, a laugh, a quick haha. I guess you get your kicks in other places. Like in your ass for instance. Oh wait, not actually in your ass. Just figuratively.

We have an easter egg design document

[objwiz]

I'm not kidding. I work for a major software publisher (who will remain anonymous so that I can keep my job) who as part of our annual design process include a design specification for an easter egg in the product. Even QA spends time testing the easter egg.

Sad day for Habitat for Humanity

[misfit13b]

INTERNET, March 5 - It was reported by sources on the internet technology news website Slashdot [slashdot.org] that former President Jimmy Carter admits to not installing back doors into many of his humanitarian housing projects.

Carter gave the reasoning in that "not too many of my projects spare enough time" for the installation of back doors, forcing many poverty stricken world citizens to walk all of the way around their home to get to the back yard.

President Carter was also overheard to give dismissive and disparaging remarks about Easter Eggs. The Easter Bunny was unavailable for comment.

Re:Deadlines

[fucksl4shd0t]

Any method of gaining access that circumnavigates the established security procedures is a back door.

Hey dude, I thought circumnavigate meant something like circle without penetrating, or something like that. Like, in the seven cities of gold days you would circumnavigate the new world on a couple of trips, go back to spain and get more men and boats and stuff, and then go back to start your exploration of the interior.

Re:Backdoor?

[phildog]

didn't Kirk use a sneaky trick like this to get Khan in Star Trek II?

"Our shields are going down!"

Kirk: "Fire."

Re:Deadlines

[PylonHead]

Yea, I realized this with horror just after I hit the post button.

I knew I could count on some flamage.

Re:Deadlines

[cpeterso]

if ($password != "MyBackdoorPassword") VerifyPassword();


or:

if ($password != "!seineew era sreenigne epacsteN") VerifyPassword();

Re:consequences

[GreyLightning]

Sounds like they could get their jobs back by negotiating with extreme prejudice.

Why bother?

[programmingart]

writing a backdoor? Just make sure it runs on MS products. The front door is always open.

Re:Of course

[agallagh42]

"Sorry, Mr. Burns, but I don't go for these backdoor shenanigans. Sure, I'm flattered, maybe even a little curious, but the answer is no..."-Homer

The Ultimate Backdoor!

[TrailerTrash]

We all witnessed Admiral Kirk leveraging the ultimate backdoor in Wrath of Kahn!

If it's a good enough programming practice for the United Federation of Planets, it's good enough for me.

Re:Deadlines

[Ponty]

Even Gary Coleman?

Re:Deadlines

[Anonymous Coward]

...excep the cat door, which NO ONE can fit through.

What about cat burglars?

Re:Deadlines

[soulsteal]

The word he meant to use was "circumvent."

At least he didn't use "circumcise."

Re:Deadlines

[terraformer]

Hey dude, I thought circumnavigate meant something like circle without penetrating...

Yeah, kinda' like the /. crowd...

Re:Deadlines

[Anonymous Coward]

just be careful when the guy you are out drinking with starts leaning forward and discussing "backdoors".

he may not mean what you think he means ...

You mean this happened to you too?!

Re:Deadlines

[YetAnotherName]

100 points of karma to the first person to determine what password yields the above SHA1 hash!

Re:Very OT

[Iffy Bonzoolie]

You're right, how could I be so ignorant of important PC issues of the day?! You've helped me to decide: I'm leaving computers and the software industry to take up a peaceful life of contemplation. Living off the land, pumping my own water, harvesting crops. I'm obviously a failure as a technologist, so I must find an ecosystem I can truly integrate with.

-If

PS: I USE the NET, and pay attention to it all the time, so I don't know what you are implying.