[Lincs] lug.org.uk has been compromised! My 2p

[Chris Marr]

Greets, I guess I should have intro'd myself earlier, I signed up for the
mailing list about a month ago.

How do you get a backdoor installed (whatever software it came with) in the
first place? I'd have thought that lug admins would 1) get the software from
a reputable source (ie, download from apache) to have some level of
culpability, or 2) download source, check it for issues (ie backdoors) and
then compile and test it.

I suppose now the cat's out of the bag, how long before it's put back?

Chris

----- Original Message ----- 
From: <Grahame.Mulliss at ulh.nhs.uk>
To: <lincs at mailman.lug.org.uk>
Sent: Monday, November 22, 2004 1:31 PM
Subject: RE: [Lincs] lug.org.uk has been compromised!


[Grahame] Is this a actual "Linux" security problem because it sounds
like an Apache security issue to me...

>This just compounds two previous points. The first being an age old
>argument over the security of Linux and the second being should we be
>hosting with large providers.

[Grahame] I have to agree with this comment below, but I've still not
found a commercial provider who offers that level of service... sad but
true.

Hosting it ourselves is an interesting idea but brings up it a couple of
issues... namely who's willing to host it?

>My personal belief of a service providor is that you should be on a
>personal level with the people who have root over you - you shouldn't
>just be able to say "the admins have been informed" you should be able
>to turn around to your dependees and say "I've talked to splat this
>morning and they say they've got a {person of non specific gender} on
it
>and its all going to be ok". Maybe I'm just old fashioned though.

_______________________________________________
Lincs mailing list
Lincs at mailman.lug.org.uk
http://mailman.lug.org.uk/mailman/listinfo/lincs



_______________________________________________
Lincs mailing list
Lincs at mailman.lug.org.uk
http://mailman.lug.org.uk/mailman/listinfo/lincs