Re: Unreal IRCd backdoor

[Larry Seltzer <larry () larryseltzer com>]

Similar to an incident with WordPress a few years ago.

One of the lessons people seem to want to learn from this is to check
MD5s, but I don't see what that accomplishes. Usually the MD5 is stored
alongside the file that has been compromised; if they can compromise the
main file, surely they can make a new MD5.

The unrealircd guys are starting to use GPG which is a better solution (if
they're careful with their keys)(and as long as the source tree they're
signing hasn't been compromised), but GPG is a PITA. After the Wordpress
incident I proposed an easier method:
http://www.eweek.com/c/a/Security/A-Cheap-and-Easy-Proposal-for-File-Distr
ibution-Safety/

LJS

-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On
Behalf Of Juha-Matti Laurio
Sent: Monday, June 14, 2010 7:51 AM
To: Gadi Evron; funsec () linuxbox org
Subject: Re: [funsec] Unreal IRCd backdoor

Advisory and MD5's listed at
http://www.unrealircd.com/txt/unrealsecadvisory.20100612.txt

Juha-Matti

Gadi Evron [ge () linuxbox org] kirjoitti:
> Very interesting post by Fyodor:
> http://seclists.org/nmap-dev/2010/q2/826
>
>       Gadi.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.