AOL Leak Spreads Gamera

A pre-Alpha version of America Online
Inc.’s
“Gamera” code was leaked to the public, opening the software to
inspection by thousands of computer users.

Gamera, named after the turtle-shaped monster featured in nine Japanese
movies, is the software code to be used in AOL’s upcoming
line of net appliances using the Linux
operating system
.

Net appliances are considered the replacement to the personal computer, and
AOL plans to capitalize on that with its release of its set-top box, called
AOLTV, later this
year.

This has security experts worried about the future of AOL’s Net appliance
program, since the leak gives would-be hackers and crackers plenty of
opportunity to dissect and exploit the code.

The danger, experts note, is that it gives anyone with malicious intent plenty
of time to find back doors into the system, months before the first product
is released. This could result in a rash of security breaches before the
company can fashion a patch, too late to prevent the loss of private
information.

While the code is difficult for beginners to use because of it pre-beta
format, the Linux operating system platform makes it easy for experts to
reverse-engineer. The open-source OS has tools available for quick
download, making the process even easier.

AOL is going with the open-source operating system, using its Mozilla Web browser, which runs on the
Gecko engine. Mozilla is a Netscape
Communications Corp.
browser, which is in turn owned by AOL.

The announcement earlier this year by AOL to use Linux on its future Net
appliance product line was met with much excitement.

Experts and analysts alike weren’t sure what to make of a Net appliance
running on an open-source platform by a company noted for its reluctance to
open its own source code.

Also, the announcement marked the ISP’s move away from its
dependence on Microsoft Corp. and its Windows operating
system
. AOL’s use of the Internet Explorer Web browser is also
unlikely. The ISP is reportedly seeking to end its exclusive partnership
with the software giant when the contract runs out at the end of the year.

According to a release by Observers.net any system running
RedHat Linux and using Perl programming language can break into the code,
which is only lightly protected because AOL staffers never expected it to
leave the facility.

Other versions of Linux haven’t been tested for compatibility. Although
the Web site won’t post the code on its servers, to avoid a possible
lawsuit, it is happy to point out sites that are posting the code and the
latest information discovered by hackers.

Kelly Hallisey, a former AOL guide and the owner of Observers.net said despite AOL claims, the firm should fear the security implications of
the release of this code.


“They’re in a lot of trouble because this is Linux and those kids that are out there that have been hacking their service for years when they left, they left from Linux,” Hallisey. “Yes they are out there trying to hack the software no. It’s been an active discussion on IRC that I’ve seen. Primarily, they want to know how to get into areas that they shouldn’t get into. AOL security is not several layers deep. AOL is heavily dependent on a firewall. If they can decompile its RTMs, and they can figure out what is what there, then AOL does have some problems.”


But AOL spokesperson Rich D’Amato vehemently denied that Gamera security risks were an issue.


“This situation has absolutely no effect on member

security or on the security of the AOL service,” D’Amato said. “This is a non-event. We test software and release it to the general public all the time. This is very, very early software, but obviously when we reach a stage like beta, we’ll release this to hundreds of thousands of people.”


“The other thing I would say is that we do not rely on these pieces of software to provide security. We take responsibility for that at the host,” D’Amato continued. We have multiple layers, multiple devices working within those multiple layers in order to provide that security.”

News Around the Web