Reading the archive it seems to me that el8 was taken as a joke: List: openbsd-misc Subject: Re: main openbsd server compromised ? From: e <eliab () spack ! org> Date: 2002-08-15 17:11:01 [Download message RAW]
no, el8 is not a serious zine, it's a joke, i'm sure reading a little more of the zine would have made that obvious List: openbsd-misc Subject: Re: main openbsd server compromised ? From: e <eliab () spack ! org> Date: 2002-08-16 18:40:17 [Download message RAW] * dayioglu ([EMAIL PROTECTED]) wrote: >On Thu, 2002-08-15 at 20:11, e wrote: >> no, el8 is not a serious zine, it's a joke, i'm sure reading a little >> more of the zine would have made that obvious > >Not to cause a flame-war but the disclosed mail traffic of K2 seem >very "normal". I did read the whole thing and to create so many >"joke mails" is, err, at least unusual. > >Are you sure you read it all? quite sure, el8 has been known to do this same type of thing before. And that`s that. But onhttp://www.wired.com/culture/lifestyle/news/2002/08/54400 I read that "OpenBSD co-founder Theo de Raadt, cited as a top el8 target, angrily refused to discuss the compromise (link http://www.openssh.com/txt/trojan.adv) in late July of a file server maintained by the open-source, Unix-based operating-system project. On Aug. 1, a dangerous Trojan horse program was discovered amid the code for OpenBSD, which is used by thousands of organizations and renowned for its security.". And: "Christopher "Ambient Empire" Abad, a security expert with Qualys, confirmed that excerpts of e-mails and other files stolen from his directory on a server were published in el8's latest zine". So it appears to me that what el8 posted wasn`t a joke. Did I missed something again? With regards, Jernej On Tue, Apr 15, 2008 at 1:59 AM, Ted Unangst <[EMAIL PROTECTED]> wrote: > On 4/14/08, Jernej Makovsek <[EMAIL PROTECTED]> wrote: > > Now with this post I don`t want to start any wars. I know that nothing > > is bullet proof and so on but as a wannabe OBSD user I`m "just" > > interested in if this compromise was analysed and especially how the > > code has changed from then, what did you do to make sure that this > > does not repeat. And if it was a third party app, why wasn`t it > > configured within a jail? Ok, I learned that sysjail was announced on > > May 22 2006, but surely you have chroot capability. And sysjail is > > connected with systrace... Well again, don`t want to start any flame, > > just interested how your community responded and responds to issues > > like that. > > Sure, I'll just sum up 6 years of pretty continuous development for > you. Unfortunately, it would take too long to read and I don't want > to waste any of your time, so I'll just summarize it as "lots of > changes".
