Open Source Software vulnerability

A creatively abusive virus could contrive to wait until a word processor “saved,” or “closed” a document, and take that opportunity to substitute misspellings and grammatical errors.

Rather than employ a “mad-libs” type substitution of one verb for another, or nouns for nouns, such as a spam dodger might do, it could marginalize either a targeted user, or an entire polity, by changing grammar with mistakes common to Asian usage, or Russian, or Middle Eastern.

The purpose of awaiting the “close” instruction, would be to by-pass the final editorial inspection of the user, before ending his or her efforts, effectively portraying him or her as ignorant (as is common with first generation immigrants,), professionally lazy, or editorially slip-shod.

All “Open Source” software is vulnerable to this kind of tampering.

A precaution would be to provide the hash value of a very ubiquitous message digest algorithm, and recertify the hash value posting daily, at the server. Interested users could reasonably hope to check the hash value at download.

This precaution would work better for programs that are no longer updated with improvements. Furthermore, it might be possible to tamper installations at some later date.

Advertisements

About James Johnson

I am an amateur mathematician & political theorist who enjoys (occasionally cerebral) humor.
This entry was posted in Uncategorized and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s