Gidis Trusted Linux


The Problem: Trojan horses and Confidentiality

Let us imagine the following scenario. You are accountable for the administration of an e-commerce site where credit card's numbers of your clients are stored1. A facility that would improve some aspects of the team productivity is discovered in Internet by one of your development team members. With complete honesty and willing to serve his company, he decides to install it for the whole team to use it. Now, suppose this facility was developed by a gang involved in stealing credit card's numbers. They made it available for everyone with the purpose of inducing developers of e-commerce sites to install it innocently. This facility not only provides the feature it announces, but also scans databases in search of credit card's numbers, using permissions of the developers executing it. After doing so, it sends those numbers by e-mail (something that any developer may do) to an anonymous account of some free hosting service like Hotmail or Yahoo, avoiding in a simple but crushing way, the OS's access control, the database and the firewall.

This kind of software attack is known as Trojan horse. In the past example, the Trojan horse carried out an attack against confidentiality of your information. Scientific Society working in Computer Security, after years of researching, has determined that none of the commercial operating system and other base software provides effective protection against confidentiality attacks conducted by Trojan horses. Their functioning is virtually undetectable and it is impossible to tell it apart from the one of a similar and harmless program.



© 2003 por Grupo Gidis. Todos los derechos reservados.
Sitio diseñado por Lorena Cantarini [mailto]