lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <F50FBEAD7A52B8468B9F3C875916681AEEE661@BXCH2K.bjw2k.asg>
Date: Mon Mar  6 22:43:47 2006
From: tkrpata at bjs.com (Krpata, Tyler)
Subject: dikline suspected to be behind
	repositoryhacking. 

What apt sources were you using? That's kind of an important part of
this story.

-----Original Message-----
From: Jason Savora [mailto:jsavora@...pace.com] 
Sent: Monday, March 06, 2006 5:15 PM
To: full-disclosure@...ts.grok.org.uk
Subject: [Full-disclosure] dikline suspected to be behind
repositoryhacking. 

dikline suspected to be behind repository hacking.

Recently we have discovered a severe code modification in the Ruby
programming language downloaded from various debian based non-official
apt-repositories.

Ruby is the interpreted scripting language for quick and easy
object-oriented programming available from ruby-lang . org

Please be advised the official release of ruby from ruby-lang.org is not
hacked.

During normal application development in the ruby language at our firm
our developers actively use Ruby as a language. We are currently
developing a smart system for badge access scanning at door entry points
in our building using HID cards.

In the process of development we have had to downgrade, modify, and
remove many instances of ruby for testing (including non POSIX versions
of Ruby for Win32API development via ruby.exe for windows system's).

Steven Colbert of HID INC. Has been working with us on various projects
for the past year on and off, and we are now working with debian-sarge
and ubuntu linux system's.

During a recent ritual of removal/re-installation of Ruby using debian's
apt-get we discovered a very big flaw in the files installed for Ruby.

A hacked version of ruby is wondering around apt repositories
everywhere.

[clip]

-Justin Savora
Global Interaction Software System's INC. 
Office: 310-286-2013
jsavora@...pace.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ