Re: Snort and SourceFire Compromised

[Larry Vaden <vaden () texoma net>]

Brian wrote:

> Yes, this was a LONG time ago.  Note that ALL of the date timestamps are 
> dashed out.  Gee, I wonder why.  As well as normal incident response,
> the entire snort team did a major audit of snort at that time for anything 
> injected.
>
> BTW, for those of you wanting the original sneeze, its still available 
> online at http://snort.sourceforge.net/sneeze-1.0.tar 
>  
Hi Brian,

Are you willing to share anything about the incident which would help 
those of us who naturally think we're a step or two behind your org in 
preventing compromises?

e.g., did any of the following play a role?

.rhosts
weak passwords
yada yada

rgds/ldv


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html