Kernel backdoor foiled
This is a discussion on Kernel backdoor foiled within the Linux Security forums, part of the System Security and Security Related category; Howdo, <http://www.theregister.co.uk/content/55/33855.html> makes for interesting reading. The article doesn't ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-07-2003
|
|||
|
|||
Kernel backdoor foiled
Howdo,
<http://www.theregister.co.uk/content/55/33855.html> makes for interesting reading. The article doesn't address two questions, IMO: (a) doesn't BitKeeper know who checked-in that bit of code? and (b) how much further scope is there for other instances of similar things to have got through? ~Tim -- 17:49:53 up 154 days, 9:29, 10 users, load average: 0.02, 0.12, 0.25 piglet@stirfried.vegetable.org.uk |These are the days when you wish http://spodzone.org.uk/cesspit/ |your bed was already made. 
|
|
11-08-2003
|
|||
|
|||
|
Re: Kernel backdoor foiled
Datagram from Tim Haynes incoming on netlink socket
<86brrocbjm.fsf@potato.vegetable.org.uk>. Dumping datagram. > Howdo, > ><http://www.theregister.co.uk/content/55/33855.html> makes for interesting > reading. > > The article doesn't address two questions, IMO: > (a) doesn't BitKeeper know who checked-in that bit of code? It appears that the machine or CVS server was somehow compromised. -Ilari -- You just can't be too careful with certain things -- Ilari Liusvaara Linux LK_Perkele_IV9 2.4.22-rc3 #2 Sun Aug 24 14:36:19 EEST 2003 i686 unknown 1:18pm up 55 days, 2:12, 11 users, load average: 0.12, 0.04, 0.02
|
|
11-09-2003
|
|||
|
|||
|
Re: Kernel backdoor foiled
Tim Haynes <usenet-20031107@stirfried.vegetable.org.uk> wrote in message news:<86brrocbjm.fsf@potato.vegetable.org.uk>...
> Howdo, > > <http://www.theregister.co.uk/content/55/33855.html> makes for interesting > reading. > > The article doesn't address two questions, IMO: (a) doesn't BitKeeper know > who checked-in that bit of code? and (b) how much further scope is there > for other instances of similar things to have got through? > > ~Tim Good one Tim. Let's see what did the old sig say? #1) Script Kiddies -- anyone using the tools/knowledge of others to crack. #2) Gangs -- orgainzed groups of script kiddies. #3) Criminals -- professionals stealing, services, money, or account data. #4) LEA/Intelligence -- professionals trying to catch the rest of them. That one is a 3+ Well done development team, well done. -m-
|
|
11-10-2003
|
|||
|
|||
|
Re: Kernel backdoor foiled
Hi, Tim Haynes <usenet-20031107@stirfried.vegetable.org.uk> writes: > <http://www.theregister.co.uk/content/55/33855.html> makes for interesting > reading. > > The article doesn't address two questions, IMO: (a) doesn't BitKeeper know > who checked-in that bit of code? and (b) how much further scope is there > for other instances of similar things to have got through? There were links in the article from which I gathered: - somebody did *not* use BitKeeper for the checkin but changed the file directly. - This got out in CVS ditribution - Automatic checks gave errors on the changed but not checked in files - people got suspicious and detected the backdoor K.-H.
|
Linear Mode
