funsec mailing list archives
Re: Unreal IRCd backdoor
From: Gadi Evron <ge () linuxbox org>
Date: Tue, 15 Jun 2010 01:20:43 +0300
On 6/14/10 3:25 PM, Larry Seltzer wrote:
Similar to an incident with WordPress a few years ago.
Got a reference to the WP incident?
One of the lessons people seem to want to learn from this is to check MD5s, but I don't see what that accomplishes. Usually the MD5 is stored alongside the file that has been compromised; if they can compromise the main file, surely they can make a new MD5. The unrealircd guys are starting to use GPG which is a better solution (if they're careful with their keys)(and as long as the source tree they're signing hasn't been compromised), but GPG is a PITA. After the Wordpress incident I proposed an easier method: http://www.eweek.com/c/a/Security/A-Cheap-and-Easy-Proposal-for-File-Distr ibution-Safety/ LJS -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Juha-Matti Laurio Sent: Monday, June 14, 2010 7:51 AM To: Gadi Evron; funsec () linuxbox org Subject: Re: [funsec] Unreal IRCd backdoor Advisory and MD5's listed at http://www.unrealircd.com/txt/unrealsecadvisory.20100612.txt Juha-Matti Gadi Evron [ge () linuxbox org] kirjoitti:Very interesting post by Fyodor: http://seclists.org/nmap-dev/2010/q2/826 Gadi._______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
-- Gadi Evron, ge () linuxbox org. Blog: http://gevron.livejournal.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Unreal IRCd backdoor Gadi Evron (Jun 12)
- <Possible follow-ups>
- Re: Unreal IRCd backdoor Juha-Matti Laurio (Jun 14)
- Re: Unreal IRCd backdoor Larry Seltzer (Jun 14)
- Re: Unreal IRCd backdoor Gadi Evron (Jun 14)
- Re: Unreal IRCd backdoor security curmudgeon (Jun 14)
- Re: Unreal IRCd backdoor Larry Seltzer (Jun 14)