ftp.gnu.org got cracked... how does this affect FreeBSD?
http://ftp.gnu.org/MISSING-FILES.README They are still checking the archives and the available checksums. It seems that the sources have not been modified. FreeBSD contains some GNU software. How is it handled when foreign sources are imported? I just want to know to sleep better this night... The ftp-server was cracked in March(!)... just imagine that. Lots of things can happen in such a long period of time. Martin PS.: Please post to the mailing list, I'm subscribed. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ftp.gnu.org got cracked... how does this affect FreeBSD?
Lucas Holt wrote: Are you sure it was a guy? Male hackers usually aren't that patient. you can blame my drama teacher for that one, she used to use it in a gender free sense and it's stuck with me I doubt the source was altered anyway. Someone would have caught it by now.. they did when apache.org was attacked through their database server a few years back. I doubt it too and it wouldn't be too difficult to spot, IF THEY HAD BACKUPS!!! and I think that is the most embarassing aspect of all. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ftp.gnu.org got cracked... how does this affect FreeBSD?
Are you sure it was a guy? Male hackers usually aren't that patient. I doubt the source was altered anyway. Someone would have caught it by now.. they did when apache.org was attacked through their database server a few years back. On Wednesday, August 13, 2003, at 06:04 PM, Matt Heath wrote: So far there's no evidence that any distfiles were compromised. For files in the ports collection, they would have been caught by the md5 checksum. I wouldn't be so sure, the guy was harvesting passwords. Although I don't know the details of the commit procedure he would surely be able to fiddle with any commits which are, by definition, going to have different checksums. but I'm guessing. In the face of no facts it is the only choice I have. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Lucas Holt [EMAIL PROTECTED] FoolishGames.com (Jewel Fan Site) JustJournal.com (Free blogging) Only two things are infinite, the universe and human stupidity, and I'm not sure about the former. - Albert Einstein (1879-1955) ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ftp.gnu.org got cracked... how does this affect FreeBSD?
Matt Heath wrote: I doubt it too and it wouldn't be too difficult to spot, IF THEY HAD BACKUPS!!! They had backups. However the servers have been owned since mid-march. The backups could be comprimized. So they took down anything uploaded since March 17, until they can verify those files. They didn't lose anything, they took it down until verification. Adam ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ftp.gnu.org got cracked... how does this affect FreeBSD?
From: Martin [EMAIL PROTECTED] To: FreeBSD Questions Mailing List [EMAIL PROTECTED] Sent: Wednesday, August 13, 2003 3:50 PM Subject: ftp.gnu.org got cracked... how does this affect FreeBSD? http://ftp.gnu.org/MISSING-FILES.README They are still checking the archives and the available checksums. It seems that the sources have not been modified. FreeBSD contains some GNU software. How is it handled when foreign sources are imported? I just want to know to sleep better this night... The ftp-server was cracked in March(!)... just imagine that. Lots of things can happen in such a long period of time. Martin One thing that's happening is some port dependencies won't make --- at least this was true late last week or early this one; tried building /usr/ports/lang/php4 with aspell support and the Makefile couldn't find the aspell library tarball anywhere on its list...a quick perusal of ftp.gnu.org showed that the files were removed until verification had taken place... KDK ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ftp.gnu.org got cracked... how does this affect FreeBSD?
On Wed, Aug 13, 2003 at 10:50:41PM +0200, Martin wrote: http://ftp.gnu.org/MISSING-FILES.README They are still checking the archives and the available checksums. It seems that the sources have not been modified. FreeBSD contains some GNU software. How is it handled when foreign sources are imported? I just want to know to sleep better this night... The ftp-server was cracked in March(!)... just imagine that. Lots of things can happen in such a long period of time. Martin PS.: Please post to the mailing list, I'm subscribed. So far there's no evidence that any distfiles were compromised. For files in the ports collection, they would have been caught by the md5 checksum. Kris pgp0.pgp Description: PGP signature
Re: ftp.gnu.org got cracked... how does this affect FreeBSD?
So far there's no evidence that any distfiles were compromised. For files in the ports collection, they would have been caught by the md5 checksum. I wouldn't be so sure, the guy was harvesting passwords. Although I don't know the details of the commit procedure he would surely be able to fiddle with any commits which are, by definition, going to have different checksums. but I'm guessing. In the face of no facts it is the only choice I have. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]