Linux utility site hacked, infected

ZDNet Australia ^ | 11/14/02 | Patrick Gray

[Leroy S. Mort]

The download site for two very common Linux based utilities, tcpdump.org, was hacked into on Nov. 11, and the software available for download was modified to contain Trojan Horse code.

This Trojan Horse, or "back door" software allows the hacker that wrote it to access any machine on which the modified software is run.

The two software items affected are tcpdump and libpcap, tools commonly used in information security applications. Some Intrusion Detection System (IDS) software requires libpcap.

The identity of the hacker conducting this campaign is unknown, as is whether a connection exists between the separate incidents.

CERT releasedan advisory in which they ".encourage sites using libpcap and tcpdump to verify the authenticity of their distribution, regardless of where it was obtained."

CERT provided the information necessary to determine the authenticity of any libpcap or tcpdump software recently downloaded. The advisory also encourages users to verify all software before installing it. "As a matter of good security practice, the CERT/CC encourages users to verify, whenever possible, the integrity of downloaded software."

[Leroy S. Mort]

Take care, penguin-heads.

[TomServo]

Ping!

[prolusion]

This Trojan Horse, or "back door" software allows the hacker that wrote it to access any machine on which the modified software is run.

One of many strategies hackers use to root boxes. (linux or otherwise)

The advisory also encourages users to verify all software before installing it. "As a matter of good security practice, the CERT/CC encourages users to verify, whenever possible, the integrity of downloaded software."

md5sum your downloads. Don't blindly open attachments. "Be nice to your baby sister. Oh, yeah, never drive on the railroad tracks."

All Operating Systems suck, each in their respective way.

[ChadGore]

Woooow, ya think Bill Gates would have something better to with his time?

[Xenalyte]

Major DRAG ping!

[ShadowAce]

All Operating Systems suck, each in their respective way.

Every OS Sucks

[TechJunkYard]

md5sum your downloads.

Sooner or later, that's not going to be good enough. Yes, it worked out this time and with the OpenSSH thing last time. But remember that the sums can be changed too.... we need to start signing the sums with trusted keys.

[r9etb]

Take care, penguin-heads.

B-b-b-b-b-but .... that's impossible!!!! Only Microsoft can get hacked. Open-source stuff is inherently secure! All the MS-haters are clear on the point!

The lesson is, of course, that no operating system is safe from a determined person who wants to hack it. If anything, open source provides the hackers a leg up, because they can see exactly what they're trying to hack.

[BlackbirdSST]

B-b-b-b-b-but .... that's impossible!!!! Only Microsoft can get hacked. I can barely keep my composure, after all the anti MS thread's and all the uppity crap that constantly get's thrown around, it was just a matter of time. I'm personally waiting on that hacker that has nothing better to do with his time than to create a MAC ATTACK (maybe it can be a Big MAC ATTACK, and hit all three or four of them at the same time!), and shut those folk's up too. LMAO. I'll be able to humor myself over this for day's to come. Blackbird.

[Common Tator]

If anything, open source provides the hackers a leg up, because they can see exactly what they're trying to hack

The primary problem to open source is inhouse attacks. Inhouse stealing accounts for more loss than shop lifters today. In the future in house attacks will be the most common form of attack. It is a lot easier with open source code.

Any good programmer can get the source code to Linux or BSD Unux. They can make changes, recompile and install the corrupted code. As far as CRC check sums are concerned, one just makes a corrupt module then play with unused bytes in the module to make both the size in bytes and the MD5 check some the same in both the valid and corruput module.

A person with access to a bank could change the modules so they don't do anything for months after he has left the compaany. Then the code steals the money and immediately erases itsself and all traces of the crime. The real danger is not the guy trying to hack from the net, it is the janitor that cleans the server room.

[Leroy S. Mort]

I'm personally waiting on that hacker that has nothing better to do with his time than to create a MAC ATTACK (maybe it can be a Big MAC ATTACK, and hit all three or four of them at the same time!), and shut those folk's up too. LMAO.

MAC viruses exist, but MAC is the the Switzerland of Operating Systems - an insignificant entity, and not much to be gained by invasion

[BlackbirdSST]

an insignificant entity, and not much to be gained by invasion Except for that one, with nothing better to do with his time. Blackbird.

[Bush2000]

Have you heard anything about this yet?

[Bush2000]

Phew! Thank God the source code for Linux is available for public inspection.

BWAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA!!!!!

[rdb3]

No, I haven't. But now that I have, am I supposed to be sad or something?

I have better things to do with my time. This is nothing new.

No mercy.
Coming soon: Tha SYNDICATE.
101 things that the Mozilla browser can do that Internet Explorer cannot.

[rdb3]

You do realize that you are Harr and two sides of the same coin, don't you?

[Bush2000]

You do realize that you are Harr and two sides of the same coin, don't you?

Of course. Like most other people around here, we choose sides.

[Bush2000]

bump

[Campion]

The real danger is not the guy trying to hack from the net, it is the janitor that cleans the server room.

Any server physically accessible to an attacker is insecure. It doesn't matter what operating system it runs, or whether the source code for that OS is open or closed.