From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pop.gmx.de ([213.165.64.20] helo=mail.gmx.net) by speech.braille.uwo.ca with smtp (Exim 3.35 #1 (Debian)) id 18C9KN-0005gu-00 for ; Wed, 13 Nov 2002 21:01:55 -0500 Received: (qmail 18099 invoked by uid 0); 14 Nov 2002 02:01:28 -0000 Received: from dhcp129-10-151-24.nt01-c5.cpe.charter-ne.com (HELO computer) (24.151.10.129) by mail.gmx.net (mp002-rz3) with SMTP; 14 Nov 2002 02:01:28 -0000 Message-ID: <001701c28b81$6911a000$6401a8c0@computer> From: "Alex Snow" To: References: Subject: Re: [pehrens@ligo.caltech.edu: Re: Nmap *NOT* affected by libpcap trojan] Date: Wed, 13 Nov 2002 20:59:04 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: speakup-admin@braille.uwo.ca Errors-To: speakup-admin@braille.uwo.ca X-BeenThere: speakup@braille.uwo.ca X-Mailman-Version: 2.0.11 Precedence: bulk Reply-To: speakup@braille.uwo.ca X-Reply-To: "Alex Snow" List-Help: List-Post: List-Subscribe: , List-Id: Speakup is a screen review system for Linux. List-Unsubscribe: , List-Archive: Yeah that's what I do with all the freenet packages on my server. Explorer has caused a general protection fault in module kernel32.dll. I'm sick of Winblows! ----- Original Message ----- From: "Igor Gueths" To: Sent: Wednesday, November 13, 2002 8:04 PM Subject: Re: [pehrens@ligo.caltech.edu: Re: Nmap *NOT* affected by libpcap trojan] > Also if you digitally sign a file make sure there's some kind of > convention established for what encryption algorithm (s)/decrypters are > used. For example, have a note about gnupg is required to varify the > signature, etc. I know knerlel.org, for a fact, digitally signs some of > their files. Especially the source tree for the stable kernels, and I > think for developmental as well. > > May you code in the power of the source, > may the kernel, libraries, and utilities be with you, > throughout all distributions until the end of the epoch. > > On Wed, 13 Nov 2002, Alex Snow wrote: > > > Yeah that's why it's getting increasingly important to digitally sign files > > before releasing them, so that way you can tell if someone screwed witht he > > file. > > Explorer has caused a general protection fault in module kernel32.dll. I'm > > sick of Winblows! > > ----- Original Message ----- > > From: "Scott Howell" > > To: > > Sent: Wednesday, November 13, 2002 7:07 PM > > Subject: [pehrens@ligo.caltech.edu: Re: Nmap *NOT* affected by libpcap > > trojan] > > > > > > > Folks, I am subscribed to the list about Nmap. This info might e very > > > interesting to folks. I have not had a chance to verify all the info nor > > > have I seen anything from Bug Track, but that could be more a problem > > > with not geting mail from my ISP. In any case, if anyone does know more, > > > please share. > > > > > > tnx > > > > > > > > > ----- Forwarded message from Philip Ehrens > > ----- > > > > > > Mailing-List: contact nmap-hackers-help@insecure.org; run by ezmlm > > > From: Philip Ehrens > > > To: Fyodor > > > Cc: nmap-hackers@insecure.org > > > Subject: Re: Nmap *NOT* affected by libpcap trojan > > > Mail-Followup-To: Philip Ehrens , > > > Fyodor , nmap-hackers@insecure.org > > > > > > I would like to point out that the type of trojan described below > > > is becoming increasingly common. ftp.sendmail.org was compromised > > > recently and a similar trojan was placed in the sendmail source > > > tarball. > > > > > > I know of at least 12 common packages that have had their source > > > tarballs compromised within the last 3 months on servers that were > > > considered secure. The folks doign this have gone as far as to > > > hijack DNS and root machines on specific subnets in order to place > > > this type of trojan. > > > > > > These trojans are activated during te build process of the source > > > tarball in most cases, usually the configure script contains some > > > variation of code that establishes a connection to a remote machine. > > > > > > I believe that the folks doing this are actually trying to catch > > > certain specific machines or subnets, and are not doing this to > > > set up DDOS or just to own large numbers of boxes. When I activated > > > one of these trojans while building a package all that happened was > > > that my /etc/passwd file was shipped off. The machine listening on > > > the other end never did anything except stay connected for a while. > > > > > > I expect to see more and more of this at an accellerating rate > > > from now on... if you are letting root make remote connections > > > you are asking for trouble! > > > > > > Sorry for using your list for this Fyodor, I won't do it again. > > > > > > Phil > > > > > > Fyodor wrote: > > > > I just wanted to send out a quick note that the version of libpcap > > > > shipped with Nmap does NOT contain the trojan described at: > > > > > > > > http://hlug.fscker.com/ > > > > > > http://slashdot.org/article.pl?sid=02/11/13/1255243&mode=nested&tid=172&thre > > shold=3 > > > > > > > > Cheers, > > > > -F > > > > > > -------------------------------------------------- > > > For help using this (nmap-hackers) mailing list, send a blank email to > > > nmap-hackers-help@insecure.org . List run by ezmlm-idx (www.ezmlm.org). > > > > > > ----- End forwarded message ----- > > > > > > _______________________________________________ > > > Speakup mailing list > > > Speakup@braille.uwo.ca > > > http://speech.braille.uwo.ca/mailman/listinfo/speakup > > > > > > > > > _______________________________________________ > > Speakup mailing list > > Speakup@braille.uwo.ca > > http://speech.braille.uwo.ca/mailman/listinfo/speakup > > > > > _______________________________________________ > Speakup mailing list > Speakup@braille.uwo.ca > http://speech.braille.uwo.ca/mailman/listinfo/speakup >