RealTime IT News

AOL Leak Spreads Gamera

A pre-Alpha version of America Online Inc.'s "Gamera" code was leaked to the public, opening the software to inspection by thousands of computer users.

Gamera, named after the turtle-shaped monster featured in nine Japanese movies, is the software code to be used in AOL's upcoming line of net appliances using the Linux operating system.

Net appliances are considered the replacement to the personal computer, and AOL plans to capitalize on that with its release of its set-top box, called AOLTV, later this year.

This has security experts worried about the future of AOL's Net appliance program, since the leak gives would-be hackers and crackers plenty of opportunity to dissect and exploit the code.

The danger, experts note, is that it gives anyone with malicious intent plenty of time to find back doors into the system, months before the first product is released. This could result in a rash of security breaches before the company can fashion a patch, too late to prevent the loss of private information.

While the code is difficult for beginners to use because of it pre-beta format, the Linux operating system platform makes it easy for experts to reverse-engineer. The open-source OS has tools available for quick download, making the process even easier.

AOL is going with the open-source operating system, using its Mozilla Web browser, which runs on the Gecko engine. Mozilla is a Netscape Communications Corp. browser, which is in turn owned by AOL.

The announcement earlier this year by AOL to use Linux on its future Net appliance product line was met with much excitement.

Experts and analysts alike weren't sure what to make of a Net appliance running on an open-source platform by a company noted for its reluctance to open its own source code.

Also, the announcement marked the ISP's move away from its dependence on Microsoft Corp. and its Windows operating system. AOL's use of the Internet Explorer Web browser is also unlikely. The ISP is reportedly seeking to end its exclusive partnership with the software giant when the contract runs out at the end of the year.

According to a release by Observers.net any system running RedHat Linux and using Perl programming language can break into the code, which is only lightly protected because AOL staffers never expected it to leave the facility. Other versions of Linux haven't been tested for compatibility. Although the Web site won't post the code on its servers, to avoid a possible lawsuit, it is happy to point out sites that are posting the code and the latest information discovered by hackers.

Kelly Hallisey, a former AOL guide and the owner of Observers.net said despite AOL claims, the firm should fear the security implications of the release of this code.

"They're in a lot of trouble because this is Linux and those kids that are out there that have been hacking their service for years when they left, they left from Linux," Hallisey. "Yes they are out there trying to hack the software no. It's been an active discussion on IRC that I've seen. Primarily, they want to know how to get into areas that they shouldn't get into. AOL security is not several layers deep. AOL is heavily dependent on a firewall. If they can decompile its RTMs, and they can figure out what is what there, then AOL does have some problems."

But AOL spokesperson Rich D'Amato vehemently denied that Gamera security risks were an issue.

"This situation has absolutely no effect on member