Linked by Jordan Spencer Cunningham on Mon 14th Jun 2010 23:58 UTC
Bugs & Viruses Recently, the Linux version of UnrealIRCd was discovered to have had a Trojan worm its way into the source code. Even more embarrassing for the developers of Unreal is that the Trojan's been holding open the backdoor in the source code since November of 2009-- not very recently. And, of course, bloggers and press in general are taking the opportunity of another breach in Linux security to point out doomsday devices that don't really exist.
Thread beginning with comment 430048
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Source code?
by aesiamun on Tue 15th Jun 2010 04:28 UTC in reply to "RE: Source code?"
aesiamun
Member since:
2005-06-29

While the source tarball was tainted, they didn't fix the md5 string file...anyone caring about security would have run an md5sum and compared it to what the original developers put up there as the original md5 sum.

Reply Parent Score: 3

RE[3]: Source code?
by lemur2 on Tue 15th Jun 2010 04:45 in reply to "RE[2]: Source code?"
lemur2 Member since:
2007-02-17

While the source tarball was tainted, they didn't fix the md5 string file...anyone caring about security would have run an md5sum and compared it to what the original developers put up there as the original md5 sum.


All done automatically and with better security if you use the package manager system.

Since this package was open source, why didn't they simply submit it to the distributions? That way it would have been part of the various distribution package management systems, as a bonus the original website would not have had bandwidth worries nor the need to find mirrors, and this incident would have been avoided.

Reply Parent Score: 2