On Sun, 23 Nov 2003, Noam Rathaus wrote: hi Noam! it is great you've brought up the subject, and if u find more info on what exactly was there, please post it on here.
and there is always a danger that some malicious submitter submits a package to rpm/deb/tgz database with a trojan. as well as microsoft update with another trojan ... so what is the idea of adding the sentense after "how far was it from ...." i guess it was not far. but let us not become populists :) it is known to any security professional: information security is a matter of risks vs. resources vs. chances considerations. so there is always a chance that even your compiler adds to any of your programs with <socket.h> additional little binary tcp server that spawns only at certain twilight hours :) and it is close. how often do you dissassemble your compiled code ? just fyi: security.debian.org was never compromised until now. and the only time it was down - was because the building it was in caught fire. Thanks. Max. > Hi, > > I was wondering if Debian.org was hacked, how far was I as a simple user doing > routinely "apt-get update" followed by "apt-get upgrade" (on the stable Debian) from > getting my system Trojaned? Or as an advanced user doing the same on the unstable > packages? > > Thanks > Noam Rathaus > CTO > Beyond Security Ltd. > http://www.securiteam.com > > > To unsubscribe, send mail to [EMAIL PROTECTED] with > the word "unsubscribe" in the message body, e.g., run the command > echo unsubscribe | mail [EMAIL PROTECTED] > > > ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
