berlios.de compromised since 2005
Chris Adams
cmadams at hiwaay.net
Wed Jan 13 22:01:09 UTC 2010
Once upon a time, Stephen John Smoogen <smooge at gmail.com> said:
> On Wed, Jan 13, 2010 at 11:33 AM, Jon Ciesla <limb at jcomserv.net> wrote:
> > Thanks, Seth. And if we don't, what's a good resource for security
> > auditing n00bs?
>
> 1) Look over the change history. Don't trust the source repository but
> older versions of the tar balls and see what has changed between them.
To add to this, by "older versions of the tar balls", don't just
download an older version from the suspected bad place (as it could have
been tampered with as well). For packages that have been in Fedora
since before the initial suspected attack, grab an old SRPM from a
Fedora archive mirror.
--
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
More information about the devel
mailing list