Linked by Jordan Spencer Cunningham on Mon 14th Jun 2010 23:58 UTC
Bugs & Viruses Recently, the Linux version of UnrealIRCd was discovered to have had a Trojan worm its way into the source code. Even more embarrassing for the developers of Unreal is that the Trojan's been holding open the backdoor in the source code since November of 2009-- not very recently. And, of course, bloggers and press in general are taking the opportunity of another breach in Linux security to point out doomsday devices that don't really exist.
Thread beginning with comment 430171
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Comment by lemur2
by tomcat on Tue 15th Jun 2010 19:52 UTC in reply to "Comment by lemur2"
tomcat
Member since:
2006-01-06

"Later, UnrealIRCd administrator Syzop posted an announcement on the main UnrealIRCd site stating that many new measures are being put into place to keep something like this from happening again (or if it does happen, to bring the malware to light much sooner). Aside from all releases being PGP/GPG-signed, the main site will be isolated from the others, some parts of the main site will be unmodifiable by anyone, several methods have been added to detect if any data is modified or switched, and files will only be available at the main site (for now).
Only a problem then if you obtained the software from the main UnrealIRCd site or one of a few mirrors. Not a problem at all for anyone installing software from their distribution's repositories, which is by far the normal channel for installing Linux software, and the only one which is guaranteed to be proof against malware. For example, distribution repositories releases are PGP/GPG-signed. Use the distribution repositories via your package manager, and you will have no such problems. This incident is yet another illustration of this. "

We were just discussing the weakness of all repositories, with you claiming otherwise. Your emperor isn't wearing any clothes. Suck it.

Reply Parent Score: 2

RE[2]: Comment by lemur2
by lemur2 on Tue 15th Jun 2010 23:02 in reply to "RE: Comment by lemur2"
lemur2 Member since:
2007-02-17

"Later, UnrealIRCd administrator Syzop posted an announcement on the main UnrealIRCd site stating that many new measures are being put into place to keep something like this from happening again (or if it does happen, to bring the malware to light much sooner). Aside from all releases being PGP/GPG-signed, the main site will be isolated from the others, some parts of the main site will be unmodifiable by anyone, several methods have been added to detect if any data is modified or switched, and files will only be available at the main site (for now). Only a problem then if you obtained the software from the main UnrealIRCd site or one of a few mirrors. Not a problem at all for anyone installing software from their distribution's repositories, which is by far the normal channel for installing Linux software, and the only one which is guaranteed to be proof against malware. For example, distribution repositories releases are PGP/GPG-signed. Use the distribution repositories via your package manager, and you will have no such problems. This incident is yet another illustration of this.
We were just discussing the weakness of all repositories, with you claiming otherwise. Your emperor isn't wearing any clothes. Suck it. "

WTF?? The UnrealIRCd package with the trojan didn't come from a repository. In fact, that was the whole reason why this incident occurred in the first place ... it didn't use the repository/package manager distribution system at all. If you don't understand these things, why do you comment on them?

Edited 2010-06-15 23:03 UTC

Reply Parent Score: 2