[funsec] Unreal IRCd backdoor

Larry Seltzer larry at larryseltzer.com
Mon Jun 14 07:25:20 CDT 2010


Similar to an incident with WordPress a few years ago.

One of the lessons people seem to want to learn from this is to check
MD5s, but I don't see what that accomplishes. Usually the MD5 is stored
alongside the file that has been compromised; if they can compromise the
main file, surely they can make a new MD5.

The unrealircd guys are starting to use GPG which is a better solution (if
they're careful with their keys)(and as long as the source tree they're
signing hasn't been compromised), but GPG is a PITA. After the Wordpress
incident I proposed an easier method:
http://www.eweek.com/c/a/Security/A-Cheap-and-Easy-Proposal-for-File-Distr
ibution-Safety/

LJS

-----Original Message-----
From: funsec-bounces at linuxbox.org [mailto:funsec-bounces at linuxbox.org] On
Behalf Of Juha-Matti Laurio
Sent: Monday, June 14, 2010 7:51 AM
To: Gadi Evron; funsec at linuxbox.org
Subject: Re: [funsec] Unreal IRCd backdoor

Advisory and MD5's listed at
http://www.unrealircd.com/txt/unrealsecadvisory.20100612.txt

Juha-Matti

Gadi Evron [ge at linuxbox.org] kirjoitti:
> Very interesting post by Fyodor:
> http://seclists.org/nmap-dev/2010/q2/826
>
> 	Gadi.
>
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.


More information about the funsec mailing list