James Troup <james@nocrew.org> writes:
> Since we didn't have direct physical access to klecker it's Internet
> connection was shut down and disk images were made via serial console
> to a local machine on a firewalled net connection.
[...]
> Gluck, Master and Murphy were wiped and reinstalled from CD. data and
> services are in the process of being restored.
As Joey confirmed, this means that klecker (aka security.d.o) wasn't
reinstalled after the compromise - Could someone *please* explain how we
know that klecker's kernel and binaries are not modified *without*
rebooting it from a clean r/o medium (like a CDROM) [1]?
Marc
Footnotes:
[1] Which seems to be impossible, as we don't have physical access.
--
$_=')(hBCdzVnS})3..0}_$;//::niam/s~=)]3[))_$(rellac(=_$({pam(esrever })e$.)4/3*
)e$(htgnel+23(rhc,"u"(kcapnu ,""nioj ;|_- |/+9-0z-aZ-A|rt~=e$;_$=e${pam tnirp{y
V2ajFGabus} yV2ajFGa&{gwmclBHIbus}gwmclBHI&{yVGa09mbbus}yVGa09mb&{hBCdzVnSbus';
s/\n//g;s/bus/\nbus/g;eval scalar reverse # <mailto:marc@marcbrockschmidt.de>
Attachment:
pgpqVI0lUOxGg.pgp
Description: PGP signature