Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Download Sites Hacked, Source Code Backdoored
Brian McWilliams, SecurityFocus 2002-06-03

The popular open-source security tool Fragroute is bugged in plain sight by unknown hackers, who may have struck before.

Comments Mode:
Download Sites Hacked, Source Code Backdoored 2002-06-04
Coldman (6 replies)
Download Sites Hacked, Source Code Backdoored 2002-06-04
doxavg (1 replies)
Download Sites Hacked, Source Code Backdoored 2002-06-07
Anonymous (2 replies)
Download Sites Hacked, Source Code Backdoored 2002-06-12
Robert Pitt
Download Sites Hacked, Source Code Backdoored 2002-06-14
Anonymous
This could be awkward on sites such as SourceForge where the actual sources are allowed to be change - though nominally only by those with commit access. How could you tell a backdoor installation (via a hacked admin account) from an normal authorized upload?

Just checksumming or signing wouldn't be enough to discriminate between the two cases. I suppose this is another argument for developers to keep their own source tree in a non-public (preferably normally non connected) place to diff against the public tree.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/462/13036#13036
well.. 2002-06-04
frozen chocolate jesus
Download Sites Hacked, Source Code Backdoored 2002-06-04
cras (1 replies)
Download Sites Hacked, Source Code Backdoored 2002-06-05
Anonymous (1 replies)
Download Sites Hacked, Source Code Backdoored 2002-06-07
Chris Berry <compjma (at) hotmail (dot) com [email concealed]> (1 replies)
Download Sites Hacked, Source Code Backdoored 2002-06-10
Anonymous
open vrs closed... 2002-06-05
Anonymous
Download Sites Hacked, Source Code Backdoored 2002-06-08
Anonymous
You're wrong. 2002-06-14
twoforty
Download Sites Hacked, Source Code Backdoored 2002-06-04
OobsdoO (1 replies)
Download Sites Hacked, Source Code Backdoored 2002-06-05
Anonymouse
Download Sites Hacked, Source Code Backdoored 2002-06-04
Anonymous
Not only one 2002-06-07
notstarh
Download Sites Hacked, Source Code Backdoored 2002-06-09
DrFrancky
Download Sites Hacked, Source Code Backdoored 2002-06-12
Anonymous







 

Privacy Statement
Copyright 2009, SecurityFocus