Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

A backdoor is a deliberate remote-access vulnerability that the creator intended to use for illegitimate access.

The same code, but intentional, is a bug and vulnerability, but not a backdoor. Same security implications, but a big difference wrt. culpability, appropriate punishment, and expectations of future behavior.



>A backdoor is a deliberate remote-access vulnerability that the creator intended to use for illegitimate access.

I beg to differ. A backdoor gives access which the legitimate owner cannot control. I don't mind any intention.


It's true that "backdoor" is sometimes used as you defined. I feel that some usage, like this article, implies a deliberate backdoor. But you're right that it's an implication and not an explicit statement.

One reason that I feel this implication here is that an 'unintentional' backdoor vulnerability can be exploited by any attacker, but the article focuses on this backdoor's exploitability by Huawei, and by implication their untrustworthiness.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: