Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: dikline suspected to be behind repositoryhacking.

From: "Krpata, Tyler" <tkrpata () bjs com>
Date: Mon, 6 Mar 2006 17:43:38 -0500
What apt sources were you using? That's kind of an important part of
this story.

-----Original Message-----
From: Jason Savora [mailto:jsavora () ipspace com] 
Sent: Monday, March 06, 2006 5:15 PM
To: full-disclosure () lists grok org uk
Subject: [Full-disclosure] dikline suspected to be behind
repositoryhacking. 

dikline suspected to be behind repository hacking.

Recently we have discovered a severe code modification in the Ruby
programming language downloaded from various debian based non-official
apt-repositories.

Ruby is the interpreted scripting language for quick and easy
object-oriented programming available from ruby-lang . org

Please be advised the official release of ruby from ruby-lang.org is not
hacked.

During normal application development in the ruby language at our firm
our developers actively use Ruby as a language. We are currently
developing a smart system for badge access scanning at door entry points
in our building using HID cards.

In the process of development we have had to downgrade, modify, and
remove many instances of ruby for testing (including non POSIX versions
of Ruby for Win32API development via ruby.exe for windows system's).

Steven Colbert of HID INC. Has been working with us on various projects
for the past year on and off, and we are now working with debian-sarge
and ubuntu linux system's.

During a recent ritual of removal/re-installation of Ruby using debian's
apt-get we discovered a very big flaw in the files installed for Ruby.

A hacked version of ruby is wondering around apt repositories
everywhere.

[clip]

-Justin Savora
Global Interaction Software System's INC. 
Office: 310-286-2013
jsavora () ipspace com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: