lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <200304142003.h3EK3LHN025507@haackey.com>
Date: Mon, 14 Apr 2003 13:03:21 -0700 (PDT)
From: Neeko Oni <neeko@...ckey.com>
To: bugtraq@...urityfocus.com
Subject: Re: bitchx sources backdoored on distribution site


>From ftp.bitchx.org (msg in /pub):

              * * * * * *  A T T E N T I O N  * * * * * *

 Over the weekend of April 12th and 13th someone once again was releasing
 back doored code for BitchX on a false ftp site that was linked from the
 official BitchX Website.  We stress to everyone to please take notice of
 information that we post on http://faq.bitchx.org to help prevent these
 problems from causing you to download falsified source code for BitchX.

--

So it's entirely possible the source you downloaded was backdoored;  It 
would have been nicer had you included the site you downloaded from.  
According to bitchx.org it looks like it was only one off-site FTP.  
As it was an 'official' FTP (the assumption we're making), whether 
they're to blame or not is left for someone else to decide.  

.Neeko Oni

(Hey Bugtraq mod, wake up.)

> 
> --UlVJffcvxoiEqYs2
> Content-Type: text/plain; charset=iso-8859-2
> Content-Disposition: inline
> Content-Transfer-Encoding: 8bit
> 
> Hi,
> 
> Can anyone verify that the bitchx 1.0c19 sources are backdoored.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ