Ok, thanks for confirming (and Chris and Adam). And while I have you here, thank you for all of your contributions to OpenBSD, its amazing to me the scope and quality of what y'all have built.
I thought I was being reasonably careful: ssh disabled for root, key-only login on my admin account, following stable, etc...then again, I'm running owncloud and a bunch of other (no doubt less secure) software. Perhaps I should separate the router and 'everything else' roles, so that the router only has builtin OpenBSD software on it, no packages. Then again, whatever the exploit, they could probably still use it on the newly separated 'everything else' box. Anyway, I clearly have a lot to learn about security. On Thu, Aug 14, 2014 at 09:23:54PM -0400, Ted Unangst wrote: > On Thu, Aug 14, 2014 at 17:54, Scott Bonds wrote: > > > So...have I been p0wned or does anyone know what innocent thing might be > > happening here? Please CC sc...@ggr.com on any replies, as I'm not > > subscribed to updates from the list. > > Bad news: yeah. They appear to have screwed up their rootkit by > installing the i386 edition, but those files should not be there. I'd > reinstall after giving some consideration to how this may have > happened (and changing all your passwords, rotating ssh keys, etc.).
