[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to ensure the integrity of Debian mirrors?


> Did the machine have all updates from RH installed? For Debian we move
> all security fixes into the stable tree after a while and make a new
> stable release. RH does not do that: they keep all updates seperate
> forever, which makes it easier for people to miss them.

No, the updates have not been installed. But even if there were
some security holes it is very suspicious that these were exploited
from different sites immediately after the installation. This makes
me guess that the installation had triggered some kind of
advertising mechanism that allowed the intruders to locate the
machine. This assumption implies that the mirror was compromised.
(Actually the URL of the mirror had been announced on an IRC channel)

Cheers, Thomas

Reply to: