Backdoor
A backdoor in a computer system (or a cryptosystem, or even in an algorithm) is a method of bypassing normal authentication or obtaining remote access to a computer, while intended to remain hidden to casual inspection. The backdoor may take the form of an installed program (e.g., Back Orifice) or could be a modification to a legitimate program.
A backdoor in a login system could take the form of a hard-coded user and password combination which gives access to the system. A famous example of this was used as a plot device in the 1983 film WarGames, wherein the designer of a computer system (the 'WPOR')had inserted an undocumented password (named after his son) which gave the user access to the system and to undocumented aspects of its behavior (a video game like simulation mode).
An attempt to plant a backdoor in the Linux kernel, exposed in November 2003, showed how subtle such a code change could be. In this case a two-line change took the form of an apparent typographical error, which in practice gave the caller to the sys_wait4 function root access to the machine (see the external link below).
The prevalence of backdoors in proprietary software systems (those supplied without source code that can be inspected) is a topic of speculation, but they have been occasionally exposed in practice. Programmers have succeeded in secretly installing even large amounts of code as Easter eggs in programs without detection, though in these cases there may be official forebearance if not permission.
It is also possible to create a backdoor without modifying the source code of a program, or even modifying it after compilation. This can be done by rewriting the compiler so that it recognizes code during compilation that triggers inclusion of a backdoor in the compiled output. When the compromised compiler finds such code, it compiles it as normal, but also inserts a backdoor (perhaps a password recognition routine). So, when the user provides that input, he gains access to some (likely undocumented) aspect of program operation. This attack was first outlined by Ken Thompson in his famous paper Reflections on Trusting Trust.
Many computer worms, such as Sobig and Mydoom, install a backdoor on the affected computer (generally a PC on broadband running insecure versions of Microsoft Windows and Microsoft Outlook). Such backdoors appear to be installed so that spammers can send junk email from the machines in question.
