Trap Doors in Softwares (Trapdoor VIRUS)

Posted: December 12, 2011 in IT Security, trap door
Programmers safety is the Root for hackers….
 
Do you aware of the Trap doors in software programming ???????
 
 
— Here is my collection about trap door program / virus…
 

Trap door is the new jargon for Backdoor Programs or Backdoor virus in Software field.

A trap door is a secret entry point into a program that allows someone that is aware of the trap door to gain access without going through the usual security access procedures. Trap doors have been used legitimately for many years by programmers to debug and test programs. Trap doors become threats when they are used by unscrupulous programmers to gain unauthorized access. It is difficult to implement operating system controls for trap doors. Security measures must focus on the program development and software update activities.
Because it is most commenly appearing new browser versions to supress the starvation due to workload on browser.

(Starvation is the process which is happened due to killing or terminating program when system is hang, so then the perticular process will be into zombee mode or suffer by starvation)

A trap doors in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The trap doors may take the form of an installed program (e.g., Back Orifice) or may subvert the system through a rootkit.

The threat of trap doorss surfaced when multiuser and networked operating systems became widely adopted, a class of active infiltration attacks that use “trapdoor” entry points into the system to bypass security facilities and permit direct access to data.

The use of the word trapdoor here clearly coincides with more recent definitions of a trap doors. However, since the advent of public key cryptography the term trapdoor has acquired a different meaning.

A trap doors in a login system might take the form of a hard coded user and password combination which gives access to the system.

Example:

– Sort of trap doors was used as a plot device / new browser versions to supress the starvation due to workload on browser.
— A video game–like simulation mode and direct interaction with the artificial intelligence
— Although the number of trap doorss in systems using proprietary software (software whose source code is not publicly available) is not widely credited, they are nevertheless frequently exposed. Programmers have even succeeded in secretly installing large amounts of benign code as Easter eggs in programs, although such cases may involve official forbearance, if not actual permission.
— Apps/Games requests in facebook use to ask you to ALLOW the apps to access your information to further process, most of the people simply ALLOW the Apps/Requests to access there information.

Many computer worms, such as Sobig and Mydoom (and the covert Skynet), install a trap doors on the affected computer (generally a PC on broadband running insecure versions of Microsoft Windows and Microsoft Outlook). Such trap doorss appear to be installed so that spammers can send junk e-mail from the infected machines. Others, such as the Sony/BMG rootkit distributed silently on millions of music CDs through late 2005, are intended as DRM measures — and, in that case, as data gathering agents, since both surreptitious programs they installed routinely contacted central servers.

A traditional trap doors is a symmetric trap doors: anyone that finds the trap doors can in turn use it. The notion of an asymmetric trap doors was introduced by Adam Young and Moti Yung in the Proceedings of Advances in Cryptology: Crypto ’96. An asymmetric trap doors can only be used by the attacker who plants it, even if the full implementation of the trap doors becomes public (e.g., via publishing, being discovered and disclosed by reverse engineering, etc.). Also, it is computationally intractable to detect the presence of an asymmetric trap doors under black-box queries. This class of attacks have been termed kleptography; they can be carried out in software, hardware (for example, smartcards), or a combination of the two. The theory of asymmetric trap doorss is part of a larger field now called cryptovirology.

I felt that it will be great experiance to test with the application which has trap doors, it is not easy to find the trap doors in softwares, that to in browsers. But as a test engineers we should look for the loop holes of the softwares rigth????????

Comments
  1. Amarendhar Reddy says:

    Thank you for providing such a great information…..

  2. rahil says:

    it was so easy to understand this, especially with that diagram.. thank you

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s