[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: openssh trojaned..

To: Jan Wildeboer <jan.wildeboer@gmx.de>
Subject: Re: openssh trojaned..
From: Joshua Steele <selerius@codefusion.org>
Date: Thu, 1 Aug 2002 08:59:55 -0400 (EDT)
Cc: Lars Hansson <lars@unet.net.ph>, <misc@openbsd.org>

>From what i gather so far, it was caused becase of the problems with the
ssl library.  The patch has been available since july 31, it is 013.
Though noone I have talked to says they knew about an exploit being
released for it, apparently it is out.  You can read
http://slashdot.org/comments.pl?sid=37188&cid=3991288 for more information
about how it was discovered, and what it exactly does...its a mirror of
the one guys site, since /. killed his transfer for the month.

What is kinda scary is A) how the hell did someone plant the trojan on
openbsd.org and B) how many other systems are infected.

As far as hurting the reputation, I am still debating.  Yes its bad, and
since its on /. everyone knows about it...but hey....shit happens, you
can't always be prepared, you just have to react quick when it does.

-josh

On Thu, 1 Aug 2002, Jan Wildeboer wrote:

> Lars Hansson wrote:
>
> > They will probably inform us when they have figured out if it's true and
>  > if so, how it happened.
>
> Well - the word of  atrojan in OpenSSH is spreading. It has also been
> mentioned on the Heise Newsticker, a known german site:
>
> http://www.heise.de/newsticker/data/pab-01.08.02-000/
>
> I would expect an immediate response of the OpenSSH people. This is
> hurting the reputation of OpenSSH and OpenBSD too.
>
> Jan Wildeboer

Follow-Ups:
- Re: openssh trojaned..
  - From: Nick Nauwelaerts <nick@wanadoo.be>

References:
- Re: openssh trojaned..
  - From: Jan Wildeboer <jan.wildeboer@gmx.de>

Prev by Date: Re: openssh trojaned..
Next by Date: Re: openssh trojaned..
Prev by thread: Re: openssh trojaned..
Next by thread: Re: openssh trojaned..
Index(es):
- Date
- Thread