oss-sec mailing list archives
Re: Vendor-sec hosting and future of closed lists
From: Marcus Meissner <meissner () suse de>
Date: Fri, 4 Mar 2011 01:24:31 +0100
On Thu, Mar 03, 2011 at 07:12:24PM +0100, Marcus Meissner wrote:
Hi folks, As moderator of vendor-sec and one of the sysadmins of lst.de I noticed a break-in into the lst.de machine last week, which was likely used to sniff email traffic of vendor-sec. This incident probably happened on Jan 20 as confirmed by timestamp, but might have existed for longer. As the system in use at lst.de is quite old and the admin team and myself does not really have the time anymore to keep it on a secure level, we would like to move the list to another hosting place. I have disabled the specific backdoor, but as I am not sure how the break-in happened it might reappear. So I recommend not mailing embargoed issues to vendor-sec () lst de at this time.
So after I posted this (and went for some beers) the attacker read this and reentered the lst.de machine, went amok and destroyed the machine's installation. The machine has now been shutdown. So everyone please consider vendor-sec () lst de is dead and gone at this point, successors (or not) will hopefully result out of this discussion. Ciao, Marcus (ex-moderator)
Attachment:
_bin
Description:
Current thread:
- Re: Vendor-sec hosting and future of closed lists, (continued)
- Re: Vendor-sec hosting and future of closed lists Eugene Teo (Mar 06)
- Re: Vendor-sec hosting and future of closed lists Andrea Barisani (Mar 07)
- Re: Vendor-sec hosting and future of closed lists Josh Bressers (Mar 08)
- Vendor-sec hosting and future of closed lists R P Herrold (Mar 08)
- Re: Vendor-sec hosting and future of closed lists akuster (Mar 08)
- Re: Vendor-sec hosting and future of closed lists Andrea Barisani (Mar 08)
- Re: Vendor-sec hosting and future of closed lists Mike O'Connor (Mar 14)
- Re: Vendor-sec hosting and future of closed lists Andrea Barisani (Mar 16)
- Re: Vendor-sec hosting and future of closed lists Eugene Teo (Mar 06)
- Re: Vendor-sec hosting and future of closed lists Art Manion (Mar 15)