[pehrens at ligo.caltech.edu: Re: Nmap *NOT* affected by libpcap trojan]

Alex Snow alex_snow at gmx.net
Wed Nov 13 20:59:04 EST 2002 

Yeah that's what I do with all the freenet packages on my server.
Explorer has caused a general protection fault in module kernel32.dll. I'm
sick of Winblows!
----- Original Message -----
From: "Igor Gueths" <igueths at attbi.com>
To: <speakup at braille.uwo.ca>
Sent: Wednesday, November 13, 2002 8:04 PM
Subject: Re: [pehrens at ligo.caltech.edu: Re: Nmap *NOT* affected by libpcap
trojan]


> Also if you digitally sign a file make sure there's some kind of
> convention established for what encryption algorithm (s)/decrypters are
> used. For example, have a note about gnupg is required to varify the
> signature, etc. I know knerlel.org, for a fact, digitally signs some of
> their files. Especially the source tree for the stable kernels, and I
> think for developmental as well.
>
> May you code in the power of the source,
> may the kernel, libraries, and utilities be with you,
> throughout all distributions until the end of the epoch.
>
> On Wed, 13 Nov 2002, Alex Snow wrote:
>
> > Yeah that's why it's getting increasingly important to digitally sign
files
> > before releasing them, so that way you can tell if someone screwed witht
he
> > file.
> > Explorer has caused a general protection fault in module kernel32.dll.
I'm
> > sick of Winblows!
> > ----- Original Message -----
> > From: "Scott Howell" <showell at lrxms.net>
> > To: <speakup at braille.uwo.ca>
> > Sent: Wednesday, November 13, 2002 7:07 PM
> > Subject: [pehrens at ligo.caltech.edu: Re: Nmap *NOT* affected by libpcap
> > trojan]
> >
> >
> > > Folks, I am subscribed to the list about Nmap. This info might e very
> > > interesting to folks. I have not had a chance to verify all the info
nor
> > > have I seen anything from Bug Track, but that could be more a problem
> > > with not geting mail from my ISP. In any case, if anyone does know
more,
> > > please share.
> > >
> > > tnx
> > >
> > >
> > > ----- Forwarded message from Philip Ehrens
> > <pehrens at ligo.caltech.edu> -----
> > >
> > > Mailing-List: contact nmap-hackers-help at insecure.org; run by ezmlm
> > > From: Philip Ehrens <pehrens at ligo.caltech.edu>
> > > To: Fyodor <fyodor at insecure.org>
> > > Cc: nmap-hackers at insecure.org
> > > Subject: Re: Nmap *NOT* affected by libpcap trojan
> > > Mail-Followup-To: Philip Ehrens <pehrens at lrxms.net>,
> > > Fyodor <fyodor at insecure.org>, nmap-hackers at insecure.org
> > >
> > > I would like to point out that the type of trojan described below
> > > is becoming increasingly common.  ftp.sendmail.org was compromised
> > > recently and a similar trojan was placed in the sendmail source
> > > tarball.
> > >
> > > I know of at least 12 common packages that have had their source
> > > tarballs compromised within the last 3 months on servers that were
> > > considered secure.  The folks doign this have gone as far as to
> > > hijack DNS and root machines on specific subnets in order to place
> > > this type of trojan.
> > >
> > > These trojans are activated during te build process of the source
> > > tarball in most cases, usually the configure script contains some
> > > variation of code that establishes a connection to a remote machine.
> > >
> > > I believe that the folks doing this are actually trying to catch
> > > certain specific machines or subnets, and are not doing this to
> > > set up DDOS or just to own large numbers of boxes.  When I activated
> > > one of these trojans while building a package all that happened was
> > > that my /etc/passwd file was shipped off.  The machine listening on
> > > the other end never did anything except stay connected for a while.
> > >
> > > I expect to see more and more of this at an accellerating rate
> > > from now on...  if you are letting root make remote connections
> > > you are asking for trouble!
> > >
> > > Sorry for using your list for this Fyodor, I won't do it again.
> > >
> > > Phil
> > >
> > > Fyodor wrote:
> > > > I just wanted to send out a quick note that the version of libpcap
> > > > shipped with Nmap does NOT contain the trojan described at:
> > > >
> > > > http://hlug.fscker.com/
> > > >
> >
http://slashdot.org/article.pl?sid=02/11/13/1255243&mode=nested&tid=172&thre
> > shold=3
> > > >
> > > > Cheers,
> > > > -F
> > >
> > > --------------------------------------------------
> > > For help using this (nmap-hackers) mailing list, send a blank email to
> > > nmap-hackers-help at insecure.org . List run by ezmlm-idx
(www.ezmlm.org).
> > >
> > > ----- End forwarded message -----
> > >
> > > _______________________________________________
> > > Speakup mailing list
> > > Speakup at braille.uwo.ca
> > > http://speech.braille.uwo.ca/mailman/listinfo/speakup
> > >
> >
> >
> > _______________________________________________
> > Speakup mailing list
> > Speakup at braille.uwo.ca
> > http://speech.braille.uwo.ca/mailman/listinfo/speakup
> >
>
>
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>

More information about the Speakup mailing list