Re: [DNG] *** DEVUAN.ORG HAS BEEN PWNED *** , message -- UPDATE
mett - 01.04.19, 05:38: > On 2019年4月1日 11:03:36 JST, Hendrik Boom wrote: > >On Mon, Apr 01, 2019 at 01:35:30AM +0200, KatolaZ wrote: > >> On Mon, Apr 01, 2019 at 12:21:58AM +0200, KatolaZ wrote: > >> > >> [cut] > >> > >> > Just to let you know that Devuan's caretakers got anonymous > >> > emails > >> > from a group who identified themselves as "Green Hat Hackers". > >> > They > >> > insisted on the last line of the pwned website. If you have any > > > >clue, > > > >> > let us know. > >> > >> ok we probably got that! > >> > >> $ date -d @7779847 > >> $ date -d @1554080659 > > > >Or > > > >date -u -d @7779847 > >date -u -d @1554080659 […] > +1 for the -u IMO this is still a *very bad* taste for an April fools joke. Thanks, -- Martin ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] *** DEVUAN.ORG HAS BEEN PWNED *** , message -- UPDATE
On 2019年4月1日 11:03:36 JST, Hendrik Boom wrote: >On Mon, Apr 01, 2019 at 01:35:30AM +0200, KatolaZ wrote: >> On Mon, Apr 01, 2019 at 12:21:58AM +0200, KatolaZ wrote: >> >> [cut] >> >> > >> > Just to let you know that Devuan's caretakers got anonymous emails >> > from a group who identified themselves as "Green Hat Hackers". They >> > insisted on the last line of the pwned website. If you have any >clue, >> > let us know. >> > >> >> ok we probably got that! >> >> $ date -d @7779847 >> $ date -d @1554080659 > >Or > >date -u -d @7779847 >date -u -d @1554080659 > >-- hendrik >___ >Dng mailing list >Dng@lists.dyne.org >https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng +1 for the -u___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] *** DEVUAN.ORG HAS BEEN PWNED *** , message
On Sun, Mar 31, 2019 at 12:55:34PM -0700, Mike Bird wrote: > On Sun March 31 2019 12:36:44 Tomasz Torcz wrote: > > You are over-reacting on April Fools joke. > > Whether or not a joke, all admins MUST assume the worst and > rebuild from trusted sources. Even if the jokers had not > intended a security compromise - which we don't know - we > cannot assume that black hats didn't piggy-back on the > jokers' efforts. Or that the black hats didn't add the joke so admins might ignore it as a joke. -- hendrik ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] *** DEVUAN.ORG HAS BEEN PWNED *** , message -- UPDATE
On Mon, Apr 01, 2019 at 01:35:30AM +0200, KatolaZ wrote: > On Mon, Apr 01, 2019 at 12:21:58AM +0200, KatolaZ wrote: > > [cut] > > > > > Just to let you know that Devuan's caretakers got anonymous emails > > from a group who identified themselves as "Green Hat Hackers". They > > insisted on the last line of the pwned website. If you have any clue, > > let us know. > > > > ok we probably got that! > > $ date -d @7779847 > $ date -d @1554080659 Or date -u -d @7779847 date -u -d @1554080659 -- hendrik ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] *** DEVUAN.ORG HAS BEEN PWNED *** , message -- UPDATE
On Mon, 1 Apr 2019 02:24:29 +0200, Arnt wrote in message <20190401022429.732563d4@sda3>: > On Mon, 1 Apr 2019 00:21:58 +0200, KatolaZ wrote in message > <20190331222158.ec7ingiwci4x3...@katolaz.homeunix.net>: > > > On Sun, Mar 31, 2019 at 09:12:39PM +0200, KatolaZ wrote: > > > > [cut] > > > > > > > > Just an update on the current situation: it looks like the > > > machines on which pkgmaster (the main package repository server) > > > and amprolla are run are safe. They are on a separate piece of > > > infrastructure and there have not been compromised. > > > > > > So packages from pkgmaster.devuan.org, packages.devuan,org, and > > > deb.devuan.org should be safe anyway (and the repos are signed, so > > > any inconsistency would be immediatedly flagged by apt). > > > > > > We are working to restore the other machines. > > > > > > > Just to let you know that Devuan's caretakers got anonymous emails > > from a group who identified themselves as "Green Hat Hackers". They > > insisted on the last line of the pwned website. If you have any > > clue, let us know. > > > > Updates will follow. > > ..http://devuanzuwu3xoqwp.onion/ is (still?) up now, you guys > still have control over it & access to it? > > ..if you never lost control over it, we might get away with > checksumming our mirrors, rather than rebuilding overything. > Do we know when this "joke" started? Or planned? > ..just done a quick md5sum -c down my devuan/devuan only lan mirror, I don't have devuan/merged mirrored yet: arnt@nb6:~$ cd /var/www/devuan/mirror/ arnt@nb6:/var/www/devuan/mirror$ md5sum -c ../var/MD5 >md5sum-c arnt@nb6:/var/www/devuan/mirror$ grep -v OK md5sum-c ..no output means all lines ended ":OK", if that helps, checks: arnt@nb6:/var/www/devuan/mirror$ less md5sum-c arnt@nb6:/var/www/devuan/mirror$ ll ../var/MD5 md5sum-c -rw-r--r-- 1 arnt arnt 1469035 Mar 31 04:00 ../var/MD5 -rw-r--r-- 1 arnt arnt 1119475 Apr 1 02:38 md5sum-c arnt@nb6:/var/www/devuan/mirror$ md5sum ../var/MD5 md5sum-c 80e6b5f84d77837a953b8c0fc0a7d439 ../var/MD5 47c7978715d75472080a6edfa59f7f38 md5sum-c arnt@nb6:/var/www/devuan/mirror$ ..note that my last mirror update was done yesterday, Mar 31 04:00, if this "joke" happened before that, my lan mirror too is tainted. -- ..med vennlig hilsen = with Kind Regards from Arnt Karlsen ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] *** DEVUAN.ORG HAS BEEN PWNED *** , message -- UPDATE
On Mon, 1 Apr 2019 00:21:58 +0200, KatolaZ wrote in message <20190331222158.ec7ingiwci4x3...@katolaz.homeunix.net>: > On Sun, Mar 31, 2019 at 09:12:39PM +0200, KatolaZ wrote: > > [cut] > > > > > Just an update on the current situation: it looks like the machines > > on which pkgmaster (the main package repository server) and > > amprolla are run are safe. They are on a separate piece of > > infrastructure and there have not been compromised. > > > > So packages from pkgmaster.devuan.org, packages.devuan,org, and > > deb.devuan.org should be safe anyway (and the repos are signed, so > > any inconsistency would be immediatedly flagged by apt). > > > > We are working to restore the other machines. > > > > Just to let you know that Devuan's caretakers got anonymous emails > from a group who identified themselves as "Green Hat Hackers". They > insisted on the last line of the pwned website. If you have any clue, > let us know. > > Updates will follow. ..http://devuanzuwu3xoqwp.onion/ is (still?) up now, you guys still have control over it & access to it? ..if you never lost control over it, we might get away with checksumming our mirrors, rather than rebuilding overything. Do we know when this "joke" started? Or planned? -- ..med vennlig hilsen = with Kind Regards from Arnt Karlsen ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] *** DEVUAN.ORG HAS BEEN PWNED *** , message -- UPDATE
On Mon, Apr 01, 2019 at 12:21:58AM +0200, KatolaZ wrote: [cut] > > Just to let you know that Devuan's caretakers got anonymous emails > from a group who identified themselves as "Green Hat Hackers". They > insisted on the last line of the pwned website. If you have any clue, > let us know. > ok we probably got that! $ date -d @7779847 $ date -d @1554080659 -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] *** DEVUAN.ORG HAS BEEN PWNED *** , message -- UPDATE
On Sun, Mar 31, 2019 at 09:12:39PM +0200, KatolaZ wrote: [cut] > > Just an update on the current situation: it looks like the machines on > which pkgmaster (the main package repository server) and amprolla are > run are safe. They are on a separate piece of infrastructure and there > have not been compromised. > > So packages from pkgmaster.devuan.org, packages.devuan,org, and > deb.devuan.org should be safe anyway (and the repos are signed, so any > inconsistency would be immediatedly flagged by apt). > > We are working to restore the other machines. > Just to let you know that Devuan's caretakers got anonymous emails from a group who identified themselves as "Green Hat Hackers". They insisted on the last line of the pwned website. If you have any clue, let us know. Updates will follow. Thanks for all your support. -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] *** DEVUAN.ORG HAS BEEN PWNED *** , message
On Sun March 31 2019 12:36:44 Tomasz Torcz wrote: > You are over-reacting on April Fools joke. Whether or not a joke, all admins MUST assume the worst and rebuild from trusted sources. Even if the jokers had not intended a security compromise - which we don't know - we cannot assume that black hats didn't piggy-back on the jokers' efforts. Rebuilding from trusted sources entails a LOT of work. Hopefully the jokers will have a few years in prison to contemplate their immaturity. --Mike ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] *** DEVUAN.ORG HAS BEEN PWNED *** , message
On Sun, Mar 31, 2019 at 11:55:57AM -0700, Mike Bird wrote: > On Sun March 31 2019 10:55:22 KatolaZ wrote: > > We know. Seems to be quite serious. No access to our infra. We are > > working on it, and we will post updates. :\ > > Assuming you still control your DNS you could immediately remove > and later replace *.devuan.org to reduce the number of people > accessing/downloading potentially compromised material. > > Here at yosemite.net we have stopped ALL package updates/installs > until we know more. You are over-reacting on April Fools joke. -- Tomasz .. oo o. oo o. .o .o o. o. oo o. .. Torcz.. .o .o .o .o oo oo .o .. .. oo oo o.o.o. .o .. o. o. o. o. o. o. oo .. .. o. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] *** DEVUAN.ORG HAS BEEN PWNED *** , message -- UPDATE
On Sun, Mar 31, 2019 at 11:55:57AM -0700, Mike Bird wrote: > On Sun March 31 2019 10:55:22 KatolaZ wrote: > > We know. Seems to be quite serious. No access to our infra. We are > > working on it, and we will post updates. :\ > > Assuming you still control your DNS you could immediately remove > and later replace *.devuan.org to reduce the number of people > accessing/downloading potentially compromised material. > > Here at yosemite.net we have stopped ALL package updates/installs > until we know more. > Just an update on the current situation: it looks like the machines on which pkgmaster (the main package repository server) and amprolla are run are safe. They are on a separate piece of infrastructure and there have not been compromised. So packages from pkgmaster.devuan.org, packages.devuan,org, and deb.devuan.org should be safe anyway (and the repos are signed, so any inconsistency would be immediatedly flagged by apt). We are working to restore the other machines. Updates will follow. -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] *** DEVUAN.ORG HAS BEEN PWNED *** , message
On Sun March 31 2019 10:55:22 KatolaZ wrote: > We know. Seems to be quite serious. No access to our infra. We are > working on it, and we will post updates. :\ Assuming you still control your DNS you could immediately remove and later replace *.devuan.org to reduce the number of people accessing/downloading potentially compromised material. Here at yosemite.net we have stopped ALL package updates/installs until we know more. --Mike ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] *** DEVUAN.ORG HAS BEEN PWNED *** , message
>>=== >>green hats? golinux wrote:: >Yeah, we know. Just happened. It sucks. Ok, well...guess we'll just sit back and wait for this to get sorted out. No way to help, huh? Bummer :( signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] *** DEVUAN.ORG HAS BEEN PWNED *** , message
On Sun, Mar 31, 2019 at 05:40:27PM +, stanz via Dng wrote: > I got this redirect(?) today, trying to get to git. > I'm on the forum, using links there, all devuan.org. > > https://www.devuan.org/pwned.html > WE TURNED ALL DEVUAN'S SHITTY WEBSITES INTO PROPER GOPHERHOLES > > green hats? We know. Seems to be quite serious. No access to our infra. We are working on it, and we will post updates. :\ HND KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] *** DEVUAN.ORG HAS BEEN PWNED *** , message
On 2019-03-31 12:40, stanz via Dng wrote: I got this redirect(?) today, trying to get to git. I'm on the forum, using links there, all devuan.org. https://www.devuan.org/pwned.html WE TURNED ALL DEVUAN'S SHITTY WEBSITES INTO PROPER GOPHERHOLES green hats? Yeah, we know. Just happened. It sucks. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng