Fully Countering Trusting Trust through Diverse Double-Compiling (DDC)

Revisiting Ken Thompson’s sourceless backdoor

this is not a hall of shame. the intent is to awaken you to many of the peculiarities and weirdness of computers. hopefully, after reading these articles, you will have learned a lot and will embrace chaos.

Introduction F-Droid works to spread reproducible builds across the free software Android ecosystem. The goal is to enable software build processes that anyo...

Introduction F-Droid works to spread reproducible builds across the free software Android ecosystem. The goal is to enable software build processes that anyo...

Links to analysis, discussion and more related to the xz/liblzma compromise (CVE-2024-3094).

An anonymous reader writes "You might recall the Debian port that is coming to OpenRISC (which is by the way making good progress with 5000 packages building) — Olof, a developer on the OpenRISC project, recently posted a lengthy status update about what's going on with OpenRISC. A few highlig...

Introduction F-Droid works to spread reproducible builds across the free software Android ecosystem. The goal is to enable software build processes that anyo...

“” is published by Dr Adrian Lucas Malec.

Way back in 1974, Paul Karger and Roger Schell discovered a devastating attack against computer systems. Ken Thompson described it in his classic 1984 speech, “Reflections on Trusting Trust.” Basically, an attacker changes a compiler binary to produce malicious versions of some programs, INCLUDING ITSELF. Once this is done, the attack perpetuates, essentially undetectably. Thompson demonstrated the attack in a devastating way: he subverted a compiler of an experimental victim, allowing Thompson to log in as root without using a password. The victim never noticed the attack, even when they disassembled the binaries—the compiler rigged the disassembler, too...