Q: SF Online article (http://online.securityfocus.com/news/462) (hopefully the link works)
This indicate how the source code for various programs recently backdoored. One of the programs is one I use very often (though Im not sure but the version I use is backdoored), irssi (http://www.irssi.org).
Another was fragroute. Im not sure if dsniff and Dug Song (http://www.monkey.org/dugsong/) programs were infected or not, but best if you look at your source. monkey.org (Dug Songs host) surprised me. I never thought they would get cracked. Oh well. Its one of my main learning experience.
One for pointing this out is that when digital signatures are available, check them. I havent done so and always (OpenBSD ports that for me sometimes), but ill definitely keep on the lookout for them in the future. Also track what is happening with your machine is very important.
Re:thats some sweet cracking! LOL wish I could do all that! Security is my favorite part of computer systems! Anyone recommend some good sites that focus on security flaws and uptodate news on security related things! The site that I was visiting just vanished it had one of those news flash uptodate things that was really cool!
Re:Originally posted by: guy
If someone can crack the servers that host the content and modifies the source, they can just as easily modify the checksums to reflect the updated files.
Considering most software packages use MD5 checksums instead of digital signatures, they're no help.
The creator of irssi is using his gpg key. Your point has been brought up before (it is a good point though!) and I have seen no good solutions for it. The only solution I can come up with is storing the key/md5 sum/sha1 sum on multiple servers. Just because a cracker got into one doesnt mean he got all 3 (or whatever.
Re:If someone can crack the servers that host the content and modifies the source, they can just as easily modify the checksums to reflect the updated files.
Considering most software packages use MD5 checksums instead of digital signatures, they're no help.
Re:yep, i almost crapped my pants when i found out. turns out that the backdoor in irssi was in the configure script, and thus only affected you if you built it from source (read: debian saves the day!
)Re:Originally posted by: guy
Thanks for the link.
What a world…
Yeah…
The version of irssi Im using was not backdoored (thankfully).
Thread from BUGTRAQ about fragroute being backdoored. (http://online.securityfocus.com/archive/1/274927/2002-06-04/2002-06-10/1)
Pay special attention to Dug Song's email (the third email in the 3 email thread on that page).
irssi page about the breakin. (http://www.irssi.org/?page=backdoor)
Re:Thanks for the link.
What a world…
0 Comments.