Dear Debian-Security,
Is anyone of you interested in a notebook running Debian that has
possibly (unsuccessfully) been infected by CottonMouth or by a similar
technology?
When I changed the mainboard of my Amilo Xi2550 last summer because of
an alledged issue with the power supply (in deed just the accumulator needed
to be changed) some strange computational errors that were reproducible
before (see: http://bugs.mysql.com/bug.php?id=73231) had suddenly been gone.
Additionally the boot loader needed to be reinstalled because the
notebook did not boot after replacing the mainboard. These two symptoms
are actually
already hard to explain because on a hardware failure either the whole
machine will crash or the erros will not be reproducible (in case of a
RAM parity error).
If anyone is interested I should also be able to provide photos from the
mainboard before and after the exchange last summer.
Now to the worst the machine always being kept offline is throwing
unexplainable errors at the two USB ports directly on the main board.
The errors have
suddenly arised after I have returned from holiday and were never ever
seen before. For a discussion and analysis of this issue you may turn to
https://bugzilla.kernel.org/show_bug.cgi?id=95141. I would consider it
somewhat improbable that the two usb ports have both at the same time
started to
fail without any influence from outside.
The reason why I suspect that this board could have been attacked
physically is that it was already attacked by several software rootkits
as detected by
debcheckroot or file-wise comparison of an old and new installation of
the same version of Debian from the exactly same unaltered source BD-DL in
times when the machine had still been online.
Yours Sincerely,
Elmar Stellnberger
