Trojan Horse Attack On Linux Kernel Foiled by San Francisco-based BitMover, Inc.


Company Web Site

Powerful Developer Tool, BitKeeper, Detects First Known Security Breach

SAN FRANCISCO, Nov. 10 /PRNewswire/ -- An innovative configuration management tool called BitKeeper, used by Linux developers including Linus Torvalds, recently averted a potentially embarrassing security breach in the Linux operating system. This is the first known attempt to deliberately add a security flaw to Linux.

"The discovery of this breach underscores the importance of having a configuration management tool that verifies the integrity of the source code," said Ted T'so, a senior Linux developer, security expert, and long-time BitKeeper user.

The error, if not caught, could have allowed a local user to gain administrative privileges onto a Linux operating system. Administrative privileges enable someone to access confidential information from a company's internal machines, delete files and tap into private email accounts. Linux is quickly becoming an industry standard for running mission-critical applications in large data centers and is widely selected for its track record in security and reliability.

BitKeeper is a configuration management system produced by BitMover, Inc., a San Francisco-based company founded by Linux developer and configuration management expert, Larry McVoy. BitKeeper is used to develop the Linux kernel, the MySQL database, the Xaraya content management system, and hundreds of commercial products worldwide.

All code stored under the BitKeeper repository is routinely checked for integrity, a unique feature that ensures that disk, memory, or network corruptions haven't changed the original content. Last week, the BitKeeper integrity checks caught the breach believed to be created by a malicious hacker trying to change source code of the Linux kernel to include a security flaw known as a Trojan horse.

Competitive configuration management tools don't have the same integrity checks and could have easily allowed the security breach to have entered the Linux operating system, according to McVoy. "I am confident the security breach would have been caught before the code was released for general availability. But without BitKeeper, the error may have gone unnoticed for weeks or months, not hours," McVoy said.

About BitMover, Inc.

Founded in 1998, BitMover, Inc. is a privately held San Francisco-based company that produces BitKeeper. BitKeeper shortens the software development lifecycle by providing the industry's only peer-to-peer collaborative development tool. Many of the world's largest independent software and hardware vendors have used BitKeeper to more effectively manage their development projects. Companies from startups to the Fortune 100 use BitKeeper to increase their productivity. BitKeeper enables best practices in software development through powerful workflow capabilities, gives managers absolute control over their projects, and enables greater productivity in engineers through best-in-class merge technology. More than 48,000 BitKeeper seats are deployed worldwide. As a public service, BitMover, Inc. hosts more than 5 million files of open source, including both branches of the Linux kernel, on http://www.bkbits.net.

For information, or to try BitKeeper for free for 30 days, go to http://www.bitkeeper.com.

BitMover and BitKeeper are trademarks of BitMover, Inc.

Contact:
     Amy Graf
     BitMover, Inc.
     amy@bitmover.com
     415-401-8808, Ext. 104