Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It probably isn't, but I don't think we can know whether it was on purpose or not.

If I had to put a backdoor in something, it'd definitely be a buffer overflow. It gives full remote code execution, it may be hard enough to find to be NOBUS, and it has perfect plausible deniability.



The huge majority of applications with any c++ code have some sort of memory safety vulnerability. Codecs are a classic place where this shows up all the time. Why would this vuln out of the literally gazillions of similar vulns be considered a backdoor?


Never attribute to malice that which can be adequately explained by stupidity. So - yes, possible in theory, but quite unlikely.


"Never" seems a bit much, if you accept the premise that all backdoors would be made to look like accidential security flaws.

But since there are probably a lot more accidential security flaws than backdoors, I agree that erring on the side of stupidity is justified.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: