Security Web Digest: Backdoor Attempt In Linux Kernel Thwarted ... and More

New peer-to-peer worm spreads over network protocols CIA works on facial recognition Sony storage uses fingerprint lock Research firm claims users deleted music files

Open Source

Software developers on Wednesday detected and thwarted a hackers scheme to submerge a slick backdoor in the next version of the Linux kernel. The backdoor was a two-line addition to a development copy of the Linux kernels source code, carefully crafted to look like a harmless error-checking feature added to the wait4() system call -- a function thats available to any program running on the computer, and which, roughly, tells the operating system to pause execution of that program until another program has finished its work.

Its easy for developers to hide either humorous or malicious code in programs whose inner workings are hidden, but as this Linux kernel incident shows, the open source development process carries a degree of built-in immunity to this kind of problem, according to NewsForge.


W32/Spybot-W is a peer-to-peer worm that spreads via network drives, email, Messenger and the IRC network, according to Sophos, which issued an alert Thursday. The worm attempts to copy itself to the Windows system folder on attached network drives with weak passwords and to start itself on the remote computer as the Windows Update Service.


The CIA is trying to improve facial recognition technology and also develop ways to identify from a distance a target in motion by the iris of the persons eye, a CIA scientist said this week. Differences in simple factors like lighting and expression can impede identification of someone using current facial recognition technology, said Andrew Kirby, senior physical scientist at CIAs Intelligence Technology and Innovation Center.

Sony has expanded its Micro Vault USB storage media product lineup with the introduction of its new Micro Vault with Fingerprint Access, a portable storage device that uses fingerprints to replace passwords or IDs for web site access. The 128MB device comes with a docking station with USB 2.0 connectivity.

Intellectual Property

More than a million households deleted all the digital music files they had saved on their PCs in August, said research company NPD Group this week. In August 1.4 million households deleted all music files. NPD credited the ongoing anti-piracy campaign by the Recording Industry Association of America (RIAA) and said publicity about the move led more consumers to delete musical files.