Two programmers write a new secure application for the human resources department to store
personal identifiable information. The programmers make the application available to themselves
using an uncommon port along with an ID and password only they know. This is an example of
which of the following?
A.
Root Kit
B.
Spyware
C.
Logic Bomb
D.
Backdoor
Explanation:
A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal
authentication, securing unauthorized remote access to a computer, obtaining access to plaintext,
and so on, while attempting to remain undetected. The backdoor may take the form of an installed
program (e.g., Back Orifice) or may subvert the system through a rootkit.
A backdoor in a login system might take the form of a hard coded user and password combination
which gives access to the system.
Although the number of backdoors in systems using proprietary software (software whose source
code is not publicly available) is not widely credited, they are nevertheless frequently exposed.
Programmers have even succeeded in secretly installing large amounts of benign code as Easter
eggs in programs, although such cases may involve official forbearance, if not actual permission.
Many computer worms, such as Sobig and Mydoom, install a backdoor on the affected computer
(generally a PC on broadband running Microsoft Windows and Microsoft Outlook). Such
backdoors appear to be installed so that spammers can send junk e-mail from the infected
machines. Others, such as the Sony/BMG rootkit distributed silently on millions of music CDs
through late 2005, are intended as DRM measures—and, in that case, as data gathering agents,
since both surreptitious programs they installed routinely contacted central servers.