Vulnerability Development mailing list archives
Re: Re: ssh trojaned
From: "Nick Lange" <nicklange () wi rr com>
Date: Mon, 5 Aug 2002 09:02:38 -0500
Ok, a weekend late [ I forgot to send this]... once again, forcing a web of trust on the code we deploy anyways... so we can either take up Signature authorities for files on the net [Which I don't like... as this is only the first real case of poisoned files on a big distro] OR have MD5 Sums from multiple locations pulled and then an average presented to the user, assuming that these locations wouldn't be updated as fast [perhaps forcing a 1-2 day delay on updating any sums for a given mirror except for new entries?] we can increase the probability that a release can be trusted slightly... or perhaps, if I am mirror A have a watchdog script compare my md5 sum to every other md5 sum accross the mirrors, and take some action should the ratio of unmatching MD5's falls below a certain percentage... or something like that. Do scripts like that exist already? Cheers, nick ----- Original Message ----- From: <wozz () 0xdeadbeef org> To: "Eirik Seim" <default () stengt net> Cc: <vuln-dev () securityfocus com>; "Steve Wright" <stevew () cwazy co uk> Sent: Friday, August 02, 2002 1:20 PM Subject: Re: Re: ssh trojaned
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Of course, verifying checksums does you no good if the checksums have been
replaced along with the binary. Be sure to aquire your checksums from some other, presumably safe, location.
On Thu, 1 Aug 2002 22:41:39 +0200 (CEST), Eirik Seim <default () stengt net>
wrote:
Oh, and the guys that inserted the trojan might easily had access to more on the same ftp site, and subsequently also its mirrors. If you don't usually verify checksums, now is a great time to start doing so. - Eirik -- New and exciting signature!-----BEGIN PGP SIGNATURE----- Version: Hush 2.1 Note: This signature can be verified at https://www.hushtools.com wlsEARECABsFAj1KzbEUHHdvenpAMHhkZWFkYmVlZi5vcmcACgkQ1vK8vFo3sjzZEQCf YpqiXaafmDfMuhErWoaJ/u86csgAoLvBK8uxMoIDpfZdfOwBrwdnRRYD =EoUt -----END PGP SIGNATURE-----
Current thread:
- ssh trojaned Steve Wright (Aug 01)
- Re: ssh trojaned Ron DuFresne (Aug 02)
- Re: ssh trojaned Dan Cuthbert (Aug 02)
- <Possible follow-ups>
- Re: ssh trojaned Eirik Seim (Aug 02)
- RE: ssh trojaned Fabrizio Siciliano (Aug 02)
- RE: ssh trojaned Rory Savage (Aug 02)
- Re: Re: ssh trojaned wozz (Aug 02)
- RE: Re: ssh trojaned Joe Harrison (Aug 03)
- Re: Re: ssh trojaned Nick Lange (Aug 05)
- Re: ssh trojaned loki_ (Aug 05)
- Re: ssh trojaned Nick Lange (Aug 05)
- Re: ssh trojaned Joakim Andersson (Aug 05)
- Re: ssh trojaned Clemens 'Gullevek' Schwaighofer (Aug 06)
- Re: ssh trojaned Andreas Krennmair (Aug 06)
- Re: ssh trojaned Alex Lambert (Aug 06)
- Message not available
- Re: ssh trojaned Clemens 'Gullevek' Schwaighofer (Aug 07)
- Re: ssh trojaned Ron DuFresne (Aug 02)
- Re: Re: ssh trojaned Jonas Anden (Aug 05)
- Re: Re: ssh trojaned Tan Wee Yeh (Aug 05)
- Re: Re: ssh trojaned Thomas Cannon (Aug 05)