Linux utility site hacked, infected

ZDNet Australia ^ | 11/14/02 | Patrick Gray

[Leroy S. Mort]

The download site for two very common Linux based utilities, tcpdump.org, was hacked into on Nov. 11, and the software available for download was modified to contain Trojan Horse code.

This Trojan Horse, or "back door" software allows the hacker that wrote it to access any machine on which the modified software is run.

The two software items affected are tcpdump and libpcap, tools commonly used in information security applications. Some Intrusion Detection System (IDS) software requires libpcap.

The identity of the hacker conducting this campaign is unknown, as is whether a connection exists between the separate incidents.

CERT releasedan advisory in which they ".encourage sites using libpcap and tcpdump to verify the authenticity of their distribution, regardless of where it was obtained."

CERT provided the information necessary to determine the authenticity of any libpcap or tcpdump software recently downloaded. The advisory also encourages users to verify all software before installing it. "As a matter of good security practice, the CERT/CC encourages users to verify, whenever possible, the integrity of downloaded software."

[Bush2000]

Any server physically accessible to an attacker is insecure. It doesn't matter what operating system it runs, or whether the source code for that OS is open or closed.

It's humorous to note how quiet Linux advocates are on this thread.

[dheretic]

three or four of them at the same time

Sorry, but there are plenty more than 3 or 4 of the 25 million + Mac users out there that are online.

[Bush2000]

Sorry, but there are plenty more than 3 or 4 of the 25 million + Mac users out there that are online.

Your numbers are insignificant. It's like a gnat sitting on an elephant's rear.

[dheretic]

MAC viruses exist, but MAC is the the Switzerland of Operating Systems - an insignificant entity, and not much to be gained by invasion

Hmmmm Switzerland only happens to be the only capitalist liberal federal republic in all of Europe. Besides a few state-owned corporations it is as capitalist if not more so than the US. The tax laws there are much less government-friendly than they are in the US. Not to mention that firearm ownership there is an obligation of the male citizenry. Switzerland isn't insignificant, it is the model for what the US should aspire to be like again.

[dheretic]

Your numbers are insignificant. It's like a gnat sitting on an elephant's rear.

The number of people with technical and artistic skills is also "insignificant" but that doesn't mean that a single one of them isn't worth 50 people without such abilities.

[Campion]

It's humorous to note how quiet Linux advocates are on this thread.

It's humorous to watch you get so excited over a couple of obscure utility programs being hacked, as though it somehow struck a body blow against all of open source ... even down to the predictable attempt to insinuate that they're part of the Linux kernel. Makes you look ... desperate.

[chilepepper]

Bill's $491M campaign to disparage Linux is finally paying off!

[chilepepper]

In the bad old days what you say is true, Linux had many
security flaws. It still has security flaws, but they are becoming much fewer and far between.

Almost ALL of the early commercial Firewalls were LINUX based, and most still are Linux or OpenBSD

Firewall (e.g. TCP/IP port blocking filters) software comes with basically all

Linux distributions hence Linux is MUCH safer than Windows out of the box.

Windows security is a JOKE.

The recent attacks on the 13 key DNS root servers were mounted from WINDOWS
machines, not LINUX machines. Not only are Windows computers expense, bloated,
crash prone, have whimsical and obfuscated bugs, but

THEY ARE A NATIONAL SECURITY THREAT!

The effort required to lock them down is a factor of ten
(at least) more difficult than for a Linux box, particularly for a server. I know this because
I've had to do this, (just a few days ago our ANTI-VIRUS SIGNATURE SERVER (!)
got taken over by SubSeven and was used to attack our home organization - had a hidden
and unpatched copy of IIS running, was taken over by a neighboring machine via unprotected
shares, even though our company security policy prohibits unpatched IIS and/or unprotected
shares)

This just DOES NOT HAPPEN under Linux, even if there exist theoretical Linux vulnerablities.

We have a 2:1 ratio of LINUX to Windows, yet 100% of the security issues come from the
WINDOWS boxes. This latest vulnerability did not affect us in the slightest...

Microsoft stock was cool to own three or four years ago, but things change and
Microsoft is quickly becoming a FASCIST organization via their licensing. They are NOT
particularly innovative except in their EULA

[Bush2000]

Linux distributions hence Linux is MUCH safer than Windows out of the box. Windows security is a JOKE.

You apparently haven't tried the .NET Server RCs. Practically everything is locked-down now. The problems you speak of are old news. ABMers are going to have to find a new mantra.

[Bush2000]

It's humorous to watch you get so excited...

Who's excited? I'm amused, more than anything else. Mostly, to watch you guys fall all over yourselves to make excuses: "It's not Linux! It's a couple of Linux utilities! Windows is worse! The admin should be shot! Breaking into this box was a small problem -- keep moving folks! Bill Gates is evil! Licensing is evil! Activation is evil! Blah, blah, blah!"

[stylin_geek]

Give me access and a floppy drive, and the system is mine.

[Bush2000]

Bill's $491M campaign to disparage Linux is finally paying off!

Do you have a reference besides Slashdot? I haven't read that anywhere.

[stylin_geek]

Not to mention hacking first started with Unix based systems.

[Darth Hillary]

Bill didn't do it, not only would he be nailed to a cross if he got caught, but he has been having too much fun with the giant condom that was gifted to him in Hyberdad.

Open sores has more expoits than the penguins think.

[chilepepper]

Practically everything is locked-down now.

Read: you have to connect to Microsoft Redmond where the
state of your license will be checked before it works!!!

[Bush2000]

Read: you have to connect to Microsoft Redmond where the state of your license will be checked before it works!!!

Get a life.

[Bush2000]

Not to mention hacking first started with Unix based systems.

Keep in mind: To a lot of these newbie losers, the beginning of their computing universe was the late 90's.

[chilepepper]

Not only did hacking start with UNIX, it started with the very first UNIX! Dennis Richie had a backdoor in the login program!

Hacking (and ANTI-hacking) has been part of the UNIX culture since the beginning -- this is one of the reasons it has better potential security: it was interesting to see M$ get bite by some of the same security flaws UNIX had to solve five years before!

[Scott McCollum]

Ah, the idiotic double-standard all Linux fanatics fail to see! Is it required to drink the digital Kool-Aid to join the Linux cult?

Bush2000 has really been on top of this subject on the Free Republic boards as has World Tech Tribune. Good job, Bush2000!

As amusing as it is to watch this kind of cultish/childish whining from the Linux Left; seeing the throngs of flailing hypocrites is a little sad at the same time...

[stands2reason]

I hear orally servicing billionaire geeks pays remarkably well.