Hi,
I was wondering if Debian.org was hacked, how far was I as a simple user doing
routinely "apt-get update" followed by "apt-get upgrade" (on the stable Debian) from
getting my system Trojaned? Or as an advanced user doing the same on the unstable
packages?
Thanks
Noam Rathaus
CTO
Beyond Sec
On Sun, Nov 23, 2003 at 01:25:01PM +0200, Noam Rathaus wrote:
> Hi,
>
> I was wondering if Debian.org was hacked, how far was I as a simple
> user doing routinely "apt-get update" followed by "apt-get upgrade"
> (oan the stable Debian) from getting my system Trojaned? Or as an
> advanced user doin
Muli Ben-Yehuda wrote:
The debian advisory was very explicit that the archive was never
compromised. I haven't heard any more details, but I'd love to hear
how the break in occured and what where there trust relationships
between the broken-into machines and the archive machines.
And how are they
Noam Rathaus wrote:
Hi,
I was wondering if Debian.org was hacked, how far was I as a simple user doing routinely "apt-get update" followed by "apt-get upgrade" (on the stable Debian) from getting my system Trojaned? Or as an advanced user doing the same on the unstable packages?
Thanks
Noam Rath
Shachar Shemesh wrote:
So far for the theory. In practice, I'm not sure whether the mechanism
for checking these signatures is easilly installable. As such, it is
likely that many, if not most, Debian installations do not, in fact,
verify signatures against the debian-keyring.
I was wondering ab
On Sun, Nov 23, 2003 at 02:36:46PM +0200, Shachar Shemesh wrote:
> Last - a correction for Muli. While the main distro site was not broken
> into, the "security" and "non-us" sites were. Apparently, non of the
> packages were tampered with, but the actual servers holding the packages
> were, in
On Sun, 23 Nov 2003, Noam Rathaus wrote:
hi Noam!
it is great you've brought up the subject,
and if u find more info on what exactly was there,
please post it on here.
and there is always a danger that some malicious submitter submits a
package to rpm/deb/tgz database with a trojan. as well as mi
Maxim Kovgan wrote:
how often do you dissassemble your compiled code ?
According to the following, even dissassemling your compiled
code won't be trusty because how can you trust your dissassembler
that it wasn't trojan'ed to hide the melicious code?
http://www.acm.org/classics/sep95/
Excellent re
On Mon, Nov 24, 2003 at 10:49:43AM +0200, Maxim Kovgan wrote:
> On Sun, 23 Nov 2003, Noam Rathaus wrote:
>
> hi Noam!
> it is great you've brought up the subject,
> and if u find more info on what exactly was there,
> please post it on here.
This link has surfaced lately: http://www.wiggy.net/deb
Muli Ben-Yehuda wrote:
On Mon, Nov 24, 2003 at 10:49:43AM +0200, Maxim Kovgan wrote:
On Sun, 23 Nov 2003, Noam Rathaus wrote:
hi Noam!
it is great you've brought up the subject,
and if u find more info on what exactly was there,
please post it on here.
This link has surfaced lately: http://www
[EMAIL PROTECTED] wrote:
Maxim Kovgan wrote:
how often do you dissassemble your compiled code ?
According to the following, even dissassemling your compiled
code won't be trusty because how can you trust your dissassembler
that it wasn't trojan'ed to hide the melicious code?
http://www.acm.org/
On Mon, Nov 24, 2003 at 11:38:04AM +0200, Muli Ben-Yehuda wrote:
> On Mon, Nov 24, 2003 at 10:49:43AM +0200, Maxim Kovgan wrote:
> > On Sun, 23 Nov 2003, Noam Rathaus wrote:
> >
> > hi Noam!
> > it is great you've brought up the subject,
> > and if u find more info on what exactly was there,
> > p
Shaul Karl" <[EMAIL PROTECTED]>
To: "Maxim Kovgan" <[EMAIL PROTECTED]>
Cc: "Linux-IL Mailing List" <[EMAIL PROTECTED]>
Sent: Saturday, November 29, 2003 3:00 AM
Subject: Re: Debian.org Hacked... How far was it from apt-get installing
Trojans?
> On Mon
13 matches
Mail list logo
