James Troup <james@nocrew.org> writes: > Since we didn't have direct physical access to klecker it's Internet > connection was shut down and disk images were made via serial console > to a local machine on a firewalled net connection. [...] > Gluck, Master and Murphy were wiped and reinstalled from CD. data and > services are in the process of being restored. As Joey confirmed, this means that klecker (aka security.d.o) wasn't reinstalled after the compromise - Could someone *please* explain how we know that klecker's kernel and binaries are not modified *without* rebooting it from a clean r/o medium (like a CDROM) [1]? Marc Footnotes: [1] Which seems to be impossible, as we don't have physical access. -- $_=')(hBCdzVnS})3..0}_$;//::niam/s~=)]3[))_$(rellac(=_$({pam(esrever })e$.)4/3* )e$(htgnel+23(rhc,"u"(kcapnu ,""nioj ;|_- |/+9-0z-aZ-A|rt~=e$;_$=e${pam tnirp{y V2ajFGabus} yV2ajFGa&{gwmclBHIbus}gwmclBHI&{yVGa09mbbus}yVGa09mb&{hBCdzVnSbus'; s/\n//g;s/bus/\nbus/g;eval scalar reverse # <mailto:marc@marcbrockschmidt.de>
Attachment:
pgpqVI0lUOxGg.pgp
Description: PGP signature