lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 19 Oct 2006 12:16:20 -0500 (CDT)
From: "Heiko Zuerker" <heiko@...rker.org>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Devil Linux 1.2.10 has an IRC bot onboard

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Victor,

Victor Grishchenko <gritzko <at> plotinka.ru> writes:
> While building and testing a customized version of DevilLinux router
> distro I found an IRC bot onboard. As far as I understood, it was
> EnergyMech compiled from source right there plus some executable named
> "TODO" (for camouflage purposes). The stuff unfolds at /shm/sshd/ and
> runs somehow. Sadly, I had no time for detailed investigation. It leaves
> an overall impression of script kiddie's work.
> Last days DevilLinux website seems to be dead.

I am the project leader of Devil-Linux.
First of all our website is up and was not down at any time.

I don't know how this bot got on your system, but what you're writing does
not make any sense.
1. There's no bot included in the DL sources
2. I can never have been compiled on a running DL system, because there
are no compilers included.
3. It can only have been introduced (compiled from source as you say) if
the machine you compiled DL on, was compromised.
4. The location you specify (/shm) is a ramdisk. So it must be copied onto
the system after it boots up. This can only be the case if you have the
system wide open and somebody can log in easily.
5. I verified the official 1.2.10 release and there's no bot to be seen.

So it seems the problem does not like with Devil-Linux, but rather with
your own system.
Please stop spreading accusations like this, especially without properly
analyzing the issue first.

Regards
  Heiko Zuerker
  http://www.devil-linux.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iEYEARECAAYFAkU3suQACgkQUcytMSbs+YX8RgCgkxOwclrtMFfp95/cPet0qvef
J1wAnAyRX9HXEspUD16YsMBkdFfA5bwE
=dRcY
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists