RE: "Ian Murdock" Death
CONFIDENTIAL
Thank you for the questions and the responses.
* This is a real investigation.
* The messages are flagged with "CONFIDENTIAL" because it
has legal and federal/international court significance to all
recipients of the information and generates additional protections
of such for people that abuse/misuse the information.
* Congressional and other reviews related to information
security, information classification, and the like is
currently occurring. It is possible this sort of thing
may be added to core Internet infrastructure in the future
along with new core data features. It is also possible
Debian may be reviewing these standards on an engineering
basis to resolve a significant number of complicated
privacy and legal problems that are occurring and causing
great harm and misery to many people.
* The name "Ian Murdock" does not initially appear to be
present in any of the Wayback Engine's Archives of this
page: https://www.debian.org/intro/organization
* Please review for yourself:
https://web.archive.org/web/20040623083118/http://www.debian.org/intro/organization
* I have personally been a user of Debian for approximately
15 years and developed an application called "AutoNOC"
for which the history can be reviewed here and am now
working on some new things now for which Debian is a
candidate.
https://web.archive.org/web/20160306155441/http://autonoc.com/
* I am also currently reviewing all LSB distributions trying to
identify the build that is the most secure, high-integrity,
and trust-worthy.
* As a result of new technologies, information in this message
may, in the future, "cease to exist", as a result of new
privacy and other technologies being debated. The message
is also submitted in this manner to spark related debate
as to this sort of technology.
Can anyone explain why "Ian Murdock" appears to have "died in national
news by way of committing suicide after an alcohol and women fueled
event that led to an altercation with police"?
And why isn't his name listed in any of the leadership archives
on Wayback?
Thank you for your assistance in providing clear, accurate answers.
Kyle
Dnia 2016-07-15, pią o godzinie 16:18 -0700, Kyle Lussier pisze:
> CONFIDENTIAL
>
> Hello Debian / Savatore -
>
> I am investigating the death of Ian Murdock and also a debian user.
>
> * Debian's core MIT distribution may have been compromised by
> "Ian" internally to get into one of our servers.
>
> * Can you confirm that "Ian Murdock" was the "ian" in debian?
>
> * Can you confirm that he is actually dead/committed suicide?
>
> * If not, did he fake his death? Perhaps after compromising
> servers intentionally and committing many felonies?
>
> The coroner and related PD have not responded however several
> federal agencies are aware of the issue.
>
> This is a very serious matter.
>
> Thank you for your assistance!
>
> Kyle
>
>
> -------- Original Message --------
> Subject: [SECURITY] [DSA 3620-1] pidgin security update
> From: Salvatore Bonaccorso <carnil@debian.org>
> Date: Fri, July 15, 2016 12:03 pm
> To: debian-security-announce@lists.debian.org
>
>
> Błąd podczas weryfikowania podpisu:
> Hash: SHA512
> gpg: nagłówek opakowania:
> -\r\n
> gpg: niepoprawne oznaczenie linii
> minusami:
> -------------------------------------------------------------------------\r\n
> gpg: nieoczekiwane opakowanie:
> Debian Security Advisory DSA-3620-1
> security@debian.org\r\n
> gpg: niepoprawny nagłówek
> opakowania:
> Content-Type: application/x-inlinepgp-signed; charset="utf-8"
> Content-Transfer-Encoding: quoted-printable
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> -
> -------------------------------------------------------------------------
> Debian Security Advisory DSA-3620-1 security@debian.org
> https://www.debian.org/security/ Salvatore Bonaccorso
> July 15, 2016 https://www.debian.org/security/faq
> -
> -------------------------------------------------------------------------
>
> Package : pidgin
> CVE ID : CVE-2016-2365 CVE-2016-2366 CVE-2016-2367 CVE-2016-2368
> CVE-2016-2369 CVE-2016-2370 CVE-2016-2371 CVE-2016-2372
> CVE-2016-2373 CVE-2016-2374 CVE-2016-2375 CVE-2016-2376
> CVE-2016-2377 CVE-2016-2378 CVE-2016-2380 CVE-2016-4323
>
> Yves Younan of Cisco Talos discovered several vulnerabilities in the
> MXit protocol support in pidgin, a multi-protocol instant messaging
> client. A remote attacker can take advantage of these flaws to cause a
> denial of service (application crash), overwrite files, information
> disclosure, or potentially to execute arbitrary code.
>
> For the stable distribution (jessie), these problems have been fixed
> in
> version 2.11.0-0+deb8u1.
>
> For the testing distribution (stretch), these problems have been fixed
> in version 2.11.0-1.
>
> For the unstable distribution (sid), these problems have been fixed in
> version 2.11.0-1.
>
> We recommend that you upgrade your pidgin packages.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: https://www.debian.org/security/
>
> Mailing list: debian-security-announce@lists.debian.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQIcBAEBCgAGBQJXiTCbAAoJEAVMuPMTQ89E4nUP/jEpNVpOe4FcStlU24Cv1qOS
> BsNBvRlp1XhhshzoBAWZSBTKFi4jqilOZUgjsHO76nHS7j0J4wzoWc36ZIp23O5p
> KX9+A87ZdS4C3hI1YGgTdCcMTKSnWIrS1YcOW/0qBx7jdXt5EhFPKJa/byhHsp23
> zguJ+glemJQ9uqpylc5om2udV4u9U5Nnc+Ga92zeR7Kefs20yRTLOef4Pd69LPwh
> +zM0/qkI+JMii0yMpMJsIpMsXzQvzvgd4E6r3+NrWOHOCoZ8XZD4UvsR3Bnw8nvg
> ed+hg2nj3uMWgXtv4Bdx+yUxsWdRFSjpiD1EXWmvzREgmDdrlnCGZB3yQbepA0Yi
> lHsHEAwq3GZalLAeW8lwIQVaSLSREO6ZxcY7OxG2vdYzbkoQKCK7K4rR4T3yxB83
> tAvYWRxCTMaeRxqUgLEAq0iMqQhvrmNDDEt5VVsE1bSn9gig6MkSGepFdzx4Yipq
> +a8XUgJt8tLbpuTD9Pg9Ig8Mee0SaHSxr8bP6fFlfJu0Wt59MKn3wNzcqPhb+3Ie
> FtLyo6XBC4hnsoVlRT569fwkuYaI/kptT95tKiqyYI+RFnSW0WP4dycmo2pHOuIP
> mckCbAM7s+vuCGe1YQHJiOCeTrIDKAkKPbudjBL/g2zbcY+KayMXTvZbbW+ma8c0
> wMiDOiIYUd4xMSvjBeF0
> =3DQNWs
> -----END PGP SIGNATURE-----
>
Reply to: