Re: How to ensure the integrity of Debian mirrors?
On Thu, 7 Jan 1999, Thomas Gebhardt wrote:
> > Did the machine have all updates from RH installed? For Debian we move
> > all security fixes into the stable tree after a while and make a new
> > stable release. RH does not do that: they keep all updates seperate
> > forever, which makes it easier for people to miss them.
> No, the updates have not been installed. But even if there were
> some security holes it is very suspicious that these were exploited
> from different sites immediately after the installation. This makes
> me guess that the installation had triggered some kind of
> advertising mechanism that allowed the intruders to locate the
> machine. This assumption implies that the mirror was compromised.
> (Actually the URL of the mirror had been announced on an IRC channel)
That last sentence makes me very suspicious. Many crackers use IRC to get
in contact with their victims. Announcing URLs of compromised ftp mirrors
seems to be just another (and very convenient) trick. They don't even have
to DCC you the trojan horse, you'll download it yourself.
What was that URL anyway?