For those who missed it, the Debian machines were hacked because of a
combination of a sniffed password and a local root exploit. The hole is
believed to be only locally exploitable, not remotely. More details on
this exploit are at
http://isec.pl/vulnerabilities/isec-0012-do_brk.txt
the CNet article summarizing it:
http://news.com.com/2100-7344_3-5112427.html?tag=nefd_top
Shaul Karl wrote:
For those who missed it, the Debian machines were hacked because of a
combination of a sniffed password and a local root exploit. The hole is
believed to be only locally exploitable,
The Debian Projecthttp://www.debian.org/
Debian Investigation Report [EMAIL PROTECTED]
December 2nd, 2003
On Mon, Nov 24, 2003 at 11:38:04AM +0200, Muli Ben-Yehuda wrote:
On Mon, Nov 24, 2003 at 10:49:43AM +0200, Maxim Kovgan wrote:
On Sun, 23 Nov 2003, Noam Rathaus wrote:
hi Noam!
it is great you've brought up the subject,
and if u find more info on what exactly was there,
please post
Karl [EMAIL PROTECTED]
To: Maxim Kovgan [EMAIL PROTECTED]
Cc: Linux-IL Mailing List [EMAIL PROTECTED]
Sent: Saturday, November 29, 2003 3:00 AM
Subject: Re: Debian.org Hacked... How far was it from apt-get installing
Trojans?
On Mon, Nov 24, 2003 at 11:38:04AM +0200, Muli Ben-Yehuda wrote
On Sun, 23 Nov 2003, Noam Rathaus wrote:
hi Noam!
it is great you've brought up the subject,
and if u find more info on what exactly was there,
please post it on here.
and there is always a danger that some malicious submitter submits a
package to rpm/deb/tgz database with a trojan. as well as
Maxim Kovgan wrote:
how often do you dissassemble your compiled code ?
According to the following, even dissassemling your compiled
code won't be trusty because how can you trust your dissassembler
that it wasn't trojan'ed to hide the melicious code?
http://www.acm.org/classics/sep95/
Excellent
On Mon, Nov 24, 2003 at 10:49:43AM +0200, Maxim Kovgan wrote:
On Sun, 23 Nov 2003, Noam Rathaus wrote:
hi Noam!
it is great you've brought up the subject,
and if u find more info on what exactly was there,
please post it on here.
This link has surfaced lately: http://www.wiggy.net/debian/
Muli Ben-Yehuda wrote:
On Mon, Nov 24, 2003 at 10:49:43AM +0200, Maxim Kovgan wrote:
On Sun, 23 Nov 2003, Noam Rathaus wrote:
hi Noam!
it is great you've brought up the subject,
and if u find more info on what exactly was there,
please post it on here.
This link has surfaced lately:
[EMAIL PROTECTED] wrote:
Maxim Kovgan wrote:
how often do you dissassemble your compiled code ?
According to the following, even dissassemling your compiled
code won't be trusty because how can you trust your dissassembler
that it wasn't trojan'ed to hide the melicious code?
Hi,
I was wondering if Debian.org was hacked, how far was I as a simple user doing
routinely apt-get update followed by apt-get upgrade (on the stable Debian) from
getting my system Trojaned? Or as an advanced user doing the same on the unstable
packages?
Thanks
Noam Rathaus
CTO
Beyond
On Sun, Nov 23, 2003 at 01:25:01PM +0200, Noam Rathaus wrote:
Hi,
I was wondering if Debian.org was hacked, how far was I as a simple
user doing routinely apt-get update followed by apt-get upgrade
(oan the stable Debian) from getting my system Trojaned? Or as an
advanced user doing the
Muli Ben-Yehuda wrote:
The debian advisory was very explicit that the archive was never
compromised. I haven't heard any more details, but I'd love to hear
how the break in occured and what where there trust relationships
between the broken-into machines and the archive machines.
And how are they
Noam Rathaus wrote:
Hi,
I was wondering if Debian.org was hacked, how far was I as a simple user doing routinely apt-get update followed by apt-get upgrade (on the stable Debian) from getting my system Trojaned? Or as an advanced user doing the same on the unstable packages?
Thanks
Noam Rathaus
Shachar Shemesh wrote:
So far for the theory. In practice, I'm not sure whether the mechanism
for checking these signatures is easilly installable. As such, it is
likely that many, if not most, Debian installations do not, in fact,
verify signatures against the debian-keyring.
I was wondering
On Sun, Nov 23, 2003 at 02:36:46PM +0200, Shachar Shemesh wrote:
Last - a correction for Muli. While the main distro site was not broken
into, the security and non-us sites were. Apparently, non of the
packages were tampered with, but the actual servers holding the packages
were, in fact,
16 matches
Mail list logo
