Re: Debian.org Hacked

2003-12-02 Thread Gal Gur-Arie
The Debian Projecthttp://www.debian.org/ Debian Investigation Report [EMAIL PROTECTED] December 2nd, 2003

Re: Debian.org Hacked

2003-12-02 Thread Boaz Rymland
the CNet article summarizing it: http://news.com.com/2100-7344_3-5112427.html?tag=nefd_top Shaul Karl wrote: For those who missed it, the Debian machines were hacked because of a combination of a sniffed password and a local root exploit. The hole is believed to be only locally exploitable, not

Re: Debian.org Hacked

2003-12-02 Thread Shaul Karl
For those who missed it, the Debian machines were hacked because of a combination of a sniffed password and a local root exploit. The hole is believed to be only locally exploitable, not remotely. More details on this exploit are at http://isec.pl/vulnerabilities/isec-0012-do_brk.txt

Re: Debian.org Hacked... How far was it from apt-get installing Trojans?

2003-11-28 Thread Lior Kaplan
Shaul Karl" <[EMAIL PROTECTED]> To: "Maxim Kovgan" <[EMAIL PROTECTED]> Cc: "Linux-IL Mailing List" <[EMAIL PROTECTED]> Sent: Saturday, November 29, 2003 3:00 AM Subject: Re: Debian.org Hacked... How far was it from apt-get installing Trojans? > On Mon

Re: Debian.org Hacked... How far was it from apt-get installing Trojans?

2003-11-28 Thread Shaul Karl
On Mon, Nov 24, 2003 at 11:38:04AM +0200, Muli Ben-Yehuda wrote: > On Mon, Nov 24, 2003 at 10:49:43AM +0200, Maxim Kovgan wrote: > > On Sun, 23 Nov 2003, Noam Rathaus wrote: > > > > hi Noam! > > it is great you've brought up the subject, > > and if u find more info on what exactly was there, > > p

Re: Debian.org Hacked... How far was it from apt-get installing Trojans?

2003-11-24 Thread Shachar Shemesh
[EMAIL PROTECTED] wrote: Maxim Kovgan wrote: how often do you dissassemble your compiled code ? According to the following, even dissassemling your compiled code won't be trusty because how can you trust your dissassembler that it wasn't trojan'ed to hide the melicious code? http://www.acm.org/

Re: Debian.org Hacked... How far was it from apt-get installing Trojans?

2003-11-24 Thread linux-il
Muli Ben-Yehuda wrote: On Mon, Nov 24, 2003 at 10:49:43AM +0200, Maxim Kovgan wrote: On Sun, 23 Nov 2003, Noam Rathaus wrote: hi Noam! it is great you've brought up the subject, and if u find more info on what exactly was there, please post it on here. This link has surfaced lately: http://www

Re: Debian.org Hacked... How far was it from apt-get installing Trojans?

2003-11-24 Thread Muli Ben-Yehuda
On Mon, Nov 24, 2003 at 10:49:43AM +0200, Maxim Kovgan wrote: > On Sun, 23 Nov 2003, Noam Rathaus wrote: > > hi Noam! > it is great you've brought up the subject, > and if u find more info on what exactly was there, > please post it on here. This link has surfaced lately: http://www.wiggy.net/deb

Re: Debian.org Hacked... How far was it from apt-get installing Trojans?

2003-11-24 Thread linux-il
Maxim Kovgan wrote: how often do you dissassemble your compiled code ? According to the following, even dissassemling your compiled code won't be trusty because how can you trust your dissassembler that it wasn't trojan'ed to hide the melicious code? http://www.acm.org/classics/sep95/ Excellent re

Re: Debian.org Hacked... How far was it from apt-get installing Trojans?

2003-11-24 Thread Maxim Kovgan
On Sun, 23 Nov 2003, Noam Rathaus wrote: hi Noam! it is great you've brought up the subject, and if u find more info on what exactly was there, please post it on here. and there is always a danger that some malicious submitter submits a package to rpm/deb/tgz database with a trojan. as well as mi

Re: Debian.org Hacked... How far was it from apt-get installing Trojans?

2003-11-23 Thread Muli Ben-Yehuda
On Sun, Nov 23, 2003 at 02:36:46PM +0200, Shachar Shemesh wrote: > Last - a correction for Muli. While the main distro site was not broken > into, the "security" and "non-us" sites were. Apparently, non of the > packages were tampered with, but the actual servers holding the packages > were, in

Re: Debian.org Hacked... How far was it from apt-get installing Trojans?

2003-11-23 Thread linux-il
Shachar Shemesh wrote: So far for the theory. In practice, I'm not sure whether the mechanism for checking these signatures is easilly installable. As such, it is likely that many, if not most, Debian installations do not, in fact, verify signatures against the debian-keyring. I was wondering ab

Re: Debian.org Hacked... How far was it from apt-get installing Trojans?

2003-11-23 Thread Shachar Shemesh
Noam Rathaus wrote: Hi, I was wondering if Debian.org was hacked, how far was I as a simple user doing routinely "apt-get update" followed by "apt-get upgrade" (on the stable Debian) from getting my system Trojaned? Or as an advanced user doing the same on the unstable packages? Thanks Noam Rath

Re: Debian.org Hacked... How far was it from apt-get installing Trojans?

2003-11-23 Thread linux-il
Muli Ben-Yehuda wrote: The debian advisory was very explicit that the archive was never compromised. I haven't heard any more details, but I'd love to hear how the break in occured and what where there trust relationships between the broken-into machines and the archive machines. And how are they

Re: Debian.org Hacked... How far was it from apt-get installing Trojans?

2003-11-23 Thread Muli Ben-Yehuda
On Sun, Nov 23, 2003 at 01:25:01PM +0200, Noam Rathaus wrote: > Hi, > > I was wondering if Debian.org was hacked, how far was I as a simple > user doing routinely "apt-get update" followed by "apt-get upgrade" > (oan the stable Debian) from getting my system Trojaned? Or as an > advanced user doin

Debian.org Hacked... How far was it from apt-get installing Trojans?

2003-11-23 Thread Noam Rathaus
Hi, I was wondering if Debian.org was hacked, how far was I as a simple user doing routinely "apt-get update" followed by "apt-get upgrade" (on the stable Debian) from getting my system Trojaned? Or as an advanced user doing the same on the unstable packages? Thanks Noam Rathaus CTO Beyond Sec