[funsec] Unreal IRCd backdoor
Larry Seltzer
larry at larryseltzer.com
Mon Jun 14 07:25:20 CDT 2010
Similar to an incident with WordPress a few years ago.
One of the lessons people seem to want to learn from this is to check
MD5s, but I don't see what that accomplishes. Usually the MD5 is stored
alongside the file that has been compromised; if they can compromise the
main file, surely they can make a new MD5.
The unrealircd guys are starting to use GPG which is a better solution (if
they're careful with their keys)(and as long as the source tree they're
signing hasn't been compromised), but GPG is a PITA. After the Wordpress
incident I proposed an easier method:
http://www.eweek.com/c/a/Security/A-Cheap-and-Easy-Proposal-for-File-Distr
ibution-Safety/
LJS
-----Original Message-----
From: funsec-bounces at linuxbox.org [mailto:funsec-bounces at linuxbox.org] On
Behalf Of Juha-Matti Laurio
Sent: Monday, June 14, 2010 7:51 AM
To: Gadi Evron; funsec at linuxbox.org
Subject: Re: [funsec] Unreal IRCd backdoor
Advisory and MD5's listed at
http://www.unrealircd.com/txt/unrealsecadvisory.20100612.txt
Juha-Matti
Gadi Evron [ge at linuxbox.org] kirjoitti:
> Very interesting post by Fyodor:
> http://seclists.org/nmap-dev/2010/q2/826
>
> Gadi.
>
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
More information about the funsec
mailing list