Re: How to ensure the integrity of Debian mirrors?

To: debian-devel@lists.debian.org
Subject: Re: How to ensure the integrity of Debian mirrors?
From: "Thomas Gebhardt" <gebhardt@HRZ.Uni-Marburg.DE>
Date: Thu, 07 Jan 1999 10:23:46 +0100
Message-id: <[🔎] 199901070923.KAA10527@pcrz64.HRZ.Uni-Marburg.DE>
In-reply-to: wakkerma's message of Wed, 06 Jan 1999 17:36:15 +0100. <[🔎] 19990106173615.J639@cs.leidenuniv.nl>

Hi,

> 
> Did the machine have all updates from RH installed? For Debian we move
> all security fixes into the stable tree after a while and make a new
> stable release. RH does not do that: they keep all updates seperate
> forever, which makes it easier for people to miss them.

No, the updates have not been installed. But even if there were
some security holes it is very suspicious that these were exploited
from different sites immediately after the installation. This makes
me guess that the installation had triggered some kind of
advertising mechanism that allowed the intruders to locate the
machine. This assumption implies that the mirror was compromised.
(Actually the URL of the mirror had been announced on an IRC channel)

Cheers, Thomas

Reply to:

Follow-Ups:
- Re: How to ensure the integrity of Debian mirrors?
  - From: "Steve Lamb" <morpheus@rpglink.com>
- Re: How to ensure the integrity of Debian mirrors?
  - From: Remco Blaakmeer <remco-blaakmeer@quicknet.nl>

References:
- Re: How to ensure the integrity of Debian mirrors?
  - From: Wichert Akkerman <wakkerma@cs.leidenuniv.nl>

Prev by Date: Re: Overall Unmet dependencies
Next by Date: Re: Startx fails after updating my slink system!!!
Previous by thread: Re: How to ensure the integrity of Debian mirrors?
Next by thread: Re: How to ensure the integrity of Debian mirrors?
Index(es):
- Date
- Thread