Re: Re: ssh trojaned

From: Nick Lange (nicklangeat_private)
Date: Mon Aug 05 2002 - 07:02:38 PDT

Next message: Deus, Attonbitus: "Re: REFRESH: EUDORA MAIL 5.1.1"

Previous message: Mark Shirley: "Re: AOL Instant Messenger - Away Setting and Snoopers"
In reply to: wozzat_private: "Re: Re: ssh trojaned"
Next in thread: kevinat_private: "RE: Re: ssh trojaned"
Reply: loki_at_private: "Re: ssh trojaned"
Reply: Jonas Anden: "Re: Re: ssh trojaned"
Reply: Thomas Cannon: "Re: Re: ssh trojaned"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ok, a weekend late [ I forgot to send this]...

once again, forcing a web of trust on the code we deploy anyways...
so we can either take up Signature authorities for files on the net [Which I
don't like... as this is only the first real case of poisoned files on a big
distro]
OR
have MD5 Sums from multiple locations pulled and then an average presented
to the user, assuming that these locations wouldn't be updated as fast
[perhaps forcing a 1-2 day delay on updating any sums for a given mirror
except for new entries?] we can increase the probability that a release can
be trusted slightly...
or perhaps, if I am mirror A have a watchdog script compare my md5 sum to
every other md5 sum accross the mirrors, and take some action should the
ratio of unmatching MD5's falls below a certain percentage...
or something like that.
Do scripts like that exist already?
Cheers,
nick
----- Original Message -----
From: <wozzat_private>
To: "Eirik Seim" <defaultat_private>
Cc: <vuln-devat_private>; "Steve Wright" <stevewat_private>
Sent: Friday, August 02, 2002 1:20 PM
Subject: Re: Re: ssh trojaned


>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Of course, verifying checksums does you no good if the checksums have been
replaced along with the binary.  Be sure to aquire your checksums from some
other, presumably safe, location.
>
> On Thu, 1 Aug 2002 22:41:39 +0200 (CEST), Eirik Seim <defaultat_private>
wrote:
>
> >
> >Oh, and the guys that inserted the trojan might easily had access to more
> >on the same ftp site, and subsequently also its mirrors.  If you don't
> >usually verify checksums, now is a great time to start doing so.
> >
> >
> >- Eirik
> >--
> >New and exciting signature!
> >
> >
> >
>
> -----BEGIN PGP SIGNATURE-----
> Version: Hush 2.1
> Note: This signature can be verified at https://www.hushtools.com
>
> wlsEARECABsFAj1KzbEUHHdvenpAMHhkZWFkYmVlZi5vcmcACgkQ1vK8vFo3sjzZEQCf
> YpqiXaafmDfMuhErWoaJ/u86csgAoLvBK8uxMoIDpfZdfOwBrwdnRRYD
> =EoUt
> -----END PGP SIGNATURE-----
>

Next message: Deus, Attonbitus: "Re: REFRESH: EUDORA MAIL 5.1.1"
Previous message: Mark Shirley: "Re: AOL Instant Messenger - Away Setting and Snoopers"
In reply to: wozzat_private: "Re: Re: ssh trojaned"
Next in thread: kevinat_private: "RE: Re: ssh trojaned"
Reply: loki_at_private: "Re: ssh trojaned"
Reply: Jonas Anden: "Re: Re: ssh trojaned"
Reply: Thomas Cannon: "Re: Re: ssh trojaned"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 05 2002 - 08:04:15 PDT