Brian McWilliams, SecurityFocus 2002-06-03
The popular open-source security tool Fragroute is bugged in plain sight by unknown hackers, who may have struck before.
Colapse all |
Post comment
Download Sites Hacked, Source Code Backdoored
2002-06-04
Coldman (6 replies)
Coldman (6 replies)
Download Sites Hacked, Source Code Backdoored
2002-06-04
doxavg (1 replies)
doxavg (1 replies)
>These examples shows that opens source code is not more >secure than closed source code, probably even more >dangerous, since most people [wrongly] believe that OS >software is less vulnerable...
The argument for open source software being more secure than closed source software has nothing to d...
[ more ] [ reply ]
The argument for open source software being more secure than closed source software has nothing to d...
[ more ] [ reply ]
Download Sites Hacked, Source Code Backdoored
2002-06-07
Anonymous (2 replies)
Anonymous (2 replies)
It should not be to terribly difficult to have the source, and binaries for that matter MD5 checksumed by a embedded perl or php script against checksums stored in a database.
Each request is checked before it downloaded. No match, no download period. Email sent to the site admin automaticaly, end ...
[ more ] [ reply ]
Each request is checked before it downloaded. No match, no download period. Email sent to the site admin automaticaly, end ...
[ more ] [ reply ]
Download Sites Hacked, Source Code Backdoored
2002-06-12
Robert Pitt
Robert Pitt
If the kids who broke into the site had the knowledge to alter the irc clients code, then it's not a great leap of the imagination to suppose they would have little problem defeating such an obvious protection method either. More than anything this would simply make the site admins feel (falsely) se...
[ more ] [ reply ]
[ more ] [ reply ]
Download Sites Hacked, Source Code Backdoored
2002-06-14
Anonymous
Anonymous
This could be awkward on sites such as SourceForge where the actual sources are allowed to be change - though nominally only by those with commit access. How could you tell a backdoor installation (via a hacked admin account) from an normal authorized upload?
Just checksumming or signing wouldn't...
[ more ] [ reply ]
Just checksumming or signing wouldn't...
[ more ] [ reply ]
well..
2002-06-04
frozen chocolate jesus
frozen chocolate jesus
The argument for security in opensource software is based on the fact that bugs are found, disclosed, and fixed quickly..... but the argument doesn't really apply here, this isn't a bug, it's a backdoor in the code, and it could have happened to anything, opensource or not.
Your suggestion that a...
[ more ] [ reply ]
Your suggestion that a...
[ more ] [ reply ]
Download Sites Hacked, Source Code Backdoored
2002-06-04
cras (1 replies)
cras (1 replies)
Signatures won't help the first people who don't check it, but invalid signatures will be noticed quite soon, especially if it's checked automatically daily. At least it will be noticed within a day or two, rather than a few months later.....
[ more ] [ reply ]
[ more ] [ reply ]
Download Sites Hacked, Source Code Backdoored
2002-06-05
Anonymous (1 replies)
Anonymous (1 replies)
since the site itself was hacked, it is possible that the private key that would have been used to sign the code could have been stolen as well. This would have defeated the digital signing system, as the cracker could have signed the code as the author.
Solution? I guess dont store private keys ...
[ more ] [ reply ]
Solution? I guess dont store private keys ...
[ more ] [ reply ]
Download Sites Hacked, Source Code Backdoored
2002-06-07
Chris Berry <compjma (at) hotmail (dot) com [email concealed]> (1 replies)
Chris Berry <compjma (at) hotmail (dot) com [email concealed]> (1 replies)
Oh thats easy, just defeat their high tech know how with stone age technology. Put the private key on a write protected diskette, you can even leave it in the drive. Hehe....
[ more ] [ reply ]
[ more ] [ reply ]
Download Sites Hacked, Source Code Backdoored
2002-06-10
Anonymous
Anonymous
Um, Chris....
Sorry, but putting the private key on a 'ro' (read-only, i.e. write-protected) disk just won't let you modify it... you'll still be able to use it to sign files... The only way to circumvent a user signing a file using a private key is to use this method in conjuction with CRC/MD5 ...
[ more ] [ reply ]
Sorry, but putting the private key on a 'ro' (read-only, i.e. write-protected) disk just won't let you modify it... you'll still be able to use it to sign files... The only way to circumvent a user signing a file using a private key is to use this method in conjuction with CRC/MD5 ...
[ more ] [ reply ]
open vrs closed...
2002-06-05
Anonymous
Anonymous
open source:
there is a problem, let's fix it!
closed source (from the yahoo news article):
Refusing to confirm the security flaw, the Microsoft spokesman said the company "feel(s) strongly that speculating on the issue while the investigation is in progress would be irresponsible and counterpr...
[ more ] [ reply ]
there is a problem, let's fix it!
closed source (from the yahoo news article):
Refusing to confirm the security flaw, the Microsoft spokesman said the company "feel(s) strongly that speculating on the issue while the investigation is in progress would be irresponsible and counterpr...
[ more ] [ reply ]
Download Sites Hacked, Source Code Backdoored
2002-06-08
Anonymous
Anonymous
I don't think that this particular incident should be what we use as the opportunity to debate open source vs. closed source software. This type of incident could happen to any software developer.
Example:
If someone hacked Windows Update, and backdoored a few of the security updates - it would ...
[ more ] [ reply ]
Example:
If someone hacked Windows Update, and backdoored a few of the security updates - it would ...
[ more ] [ reply ]
You're wrong.
2002-06-14
twoforty
twoforty
News flash.. rewind a year. VeriSign hacked into, digital signatures stolen. Now any product developed on a closed source OS (windows) can be trojaned or backdoored...
Software is software. The reason this bug was found was due to its open source nature. Someone simply read the source, violla... ...
[ more ] [ reply ]
Software is software. The reason this bug was found was due to its open source nature. Someone simply read the source, violla... ...
[ more ] [ reply ]
Download Sites Hacked, Source Code Backdoored
2002-06-04
OobsdoO (1 replies)
OobsdoO (1 replies)
Download Sites Hacked, Source Code Backdoored
2002-06-05
Anonymouse
Anonymouse
That's, "All your r3wts _ARE_ belong to us."
Yes, signatures will be unuseful in the short term, for the clueless masses of winblows users primarily, but if they become a widespread common factor, how quickly do you think that signature "autochecking" ftp programs and web browser plugins will bec...
[ more ] [ reply ]
Yes, signatures will be unuseful in the short term, for the clueless masses of winblows users primarily, but if they become a widespread common factor, how quickly do you think that signature "autochecking" ftp programs and web browser plugins will bec...
[ more ] [ reply ]
Most users who download sources and then compile those usualy don't have enough knowledge and experience...
[ more ] [ reply ]