[funsec] Unreal IRCd backdoor
larry at larryseltzer.com
Mon Jun 14 07:25:20 CDT 2010
Similar to an incident with WordPress a few years ago.
One of the lessons people seem to want to learn from this is to check
MD5s, but I don't see what that accomplishes. Usually the MD5 is stored
alongside the file that has been compromised; if they can compromise the
main file, surely they can make a new MD5.
The unrealircd guys are starting to use GPG which is a better solution (if
they're careful with their keys)(and as long as the source tree they're
signing hasn't been compromised), but GPG is a PITA. After the Wordpress
incident I proposed an easier method:
From: funsec-bounces at linuxbox.org [mailto:funsec-bounces at linuxbox.org] On
Behalf Of Juha-Matti Laurio
Sent: Monday, June 14, 2010 7:51 AM
To: Gadi Evron; funsec at linuxbox.org
Subject: Re: [funsec] Unreal IRCd backdoor
Advisory and MD5's listed at
Gadi Evron [ge at linuxbox.org] kirjoitti:
> Very interesting post by Fyodor:
Fun and Misc security discussion for OT posts.
Note: funsec is a public and open mailing list.
More information about the funsec