search for: backdoored

This morning I discovered this in my clamav report from one of our imap servers: /usr/share/nmap/scripts/irc-unrealircd-backdoor.nse: Unix.Trojan.MSShellcode-21 FOUND I have looked at this script and it appears to be part of the nmap distribution. It actually tests for irc backdoors. IRC is not used here and its ports are blocked by default both at the gateway and on all internal hosts.

Some of you probably already read this: http://marc.info/?l=openbsd-tech&m=129236621626462&w=2 Interesting...I wonder what is the impact of all this on FreeBSD code. We may very well suppose that any government or corporation funded code can theoretically have some kind of backdoor inside. --Andy

Hi devs, recently I had to replace authorized_keys on several systems to enforce an access policy change. I was badly surprised that authorized_keys2(!) was still processed, which allowed some old keys to enter the systems again, because I wasn't aware of the file's existance on the server and use by sshd, since this "backward compatibility" isn't documented, not even a

On Tue 2015-05-26 12:57:05 -0400, Hubert Kario wrote: > creating composites that will pass even 100000 rounds of Miller-Rabin is > relatively simple.... > (assuming the values for M-R tests are picked randomly) Can you point me to the algorithms for doing that? This would suggest that we really do want primality proofs (and a good way to verify them). Do those algorithms hold for

...that they have assigned PS to take its hideable strings from. Also, you may want to look at some code that looks through the wtmp/utmp files and looks for null entries, most wtmp cleaners NULL out the entry, rather than writing a whole new wtmp. I would not be so sure as to rely on what they have backdoored locally, as most people would want to place many remote backdoors. If there is no remote backdoors, then what use is there to put a local backdoor in? I would think the most common remote backdoor pairs would be something like: rshd/tcpd/inetd/login and local: passwd/ping/chfn. I witness many p...

On Mon, 28 May 2018, Yegor Ievlev wrote: > Can we prefer RSA to ECDSA? For example: > HostKeyAlgorithms > ssh-rsa,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256 not without a good reason

Hi Timo, hi all others! In fact, I've only read one person claiming that IPv6 support opens up "too many backdoors" [1], but anyway, as I intend to run just particular services, please give me your opinion if it's insecure to have a dovecot server, which is accessed through a public IPv6 address... (or note just shortly what else could give a firm ground to such claims...) [1]

Not wishing to extend this thread further, but ... > There are conspiracy theories out there that the NSA is involved with > bringing systemd to Linux so they can have easy access to *"unknown"* > bugs - aka backdoors - to all Linux installations using systemd *[1]*. They're conspiracy theories, and that's it. The bottom line is that in general people don't like

On Thu, Apr 16, 2015 at 10:01 AM, James B. Byrne <byrnejb at harte-lyne.ca> wrote: > This morning I discovered this in my clamav report from one of our > imap servers: > > /usr/share/nmap/scripts/irc-unrealircd-backdoor.nse: > Unix.Trojan.MSShellcode-21 FOUND > > > I have looked at this script and it appears to be part of the nmap > distribution. It actually tests

Back in 2003/2004 when finding the topic for my masters thesis, I had a secondary project idea, perhaps its about time to do something about the idea, and hear if anyone else thinks its a good idea? The basic idea is to: "Categorize traffic by behavior" The categorization should be based upon things like packet timing characteristics and packet size, rather than standard port

...uli could themselves have a backdoor that we don't know about. Am i understanding you correctly? I've been talking with several cryptographers for the last year about finite-field DH (FFDH) and i haven't heard any suggestion that any of them think there is likely to be such a class of backdoored moduli. > yes, it would basically exclude the chance that the primes are backdoored, > there's still the chance for the values to be composites > > for values to be used on this many machines, I'd say we should have primality > proofs, not just M-R "guess" Does...

So pretty sure one of my boxes has been owned. Just wanted some advise on what to do next. Obviously, i'll need to nuke the fecker and start over but it would be really nice to find out how they got in as its a CentOS 4.3 which is bang up to date. So i found: PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND 7052 apache 25 0 27320 5348 8 R 99.0 0.5

On Thu, January 14, 2016 11:46 am, m.roth at 5-cent.us wrote: > Timo Sch??ler wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA256 >> >> On 01/14/2016 05:34 PM, m.roth at 5-cent.us wrote: >>> Michael H wrote: >>>> Probably worth a read... >>>> >>>> http://www.openssh.com/txt/release-7.1p2 >>>>

I have discovered that a gamer has hacked into my web server through a backdoor left open by my predecessor. I have closed the door, but when I try to delete the folders left behind I receive "Access Denied", or when I try to take ownership I receive "Unable to Find File...". I have removed most of the files to obtain enough space to continue operations but would like to remove

I've been asked to create a graphical "call-queue" manager. That is, use the existing call queues application but allow a way to view what's coming and attach information to it. As far as the "attaching information" that's in the realm of my application, but I'm trying to figure out if the internals of queues are exposed through any interface. Any help there?

[mod: Just to show you that people DO get bitten after a bugwarning has gone out on linux-security..... -- REW] -----BEGIN PGP SIGNED MESSAGE----- Content-Type: text/plain; charset=us-ascii Has anyone been hit with the Bind Inverse Query Buffer Overrun on their Linux servers? We have had 3 servers attacked using this expoit and all of the machines had several binaries replaced with trojan

Drew Hess wrote: > Anyway, consider the chances that someone will use the BSD license to make > proprietary changes to FLAC. Weigh that against the chances that FLAC Well, I think going GPL would be too much, only GPL softwares could use the library. BSD is too much too because changes in the software world (improvements, bugs, backdoors) would not be available to you. Only the hardware

We're aware of those arguments but don't find them convincing enough to switch early. On Mon, 28 May 2018, Yegor Ievlev wrote: > A backdoored curve could be easily generated using the algorithm used > to generate the NIST curves. > https://bada55.cr.yp.to/vr.html > > The algorithm that generates a backdoored curve is very simple: > Suppose the NSA (the author of the curves) knows a way to solve ECDLP > in polynominal t...

I have a learning disability. In fact, I am a learning-disabled genius. So I pretty much keep to myself. I have a few friends. It's nice to meet you all. I don't call it Replikon.Net on a whim. Lately, I am building a robust cluster. You see, I am pretty much useless without my Slate. So I have, let's see, six (6) of them right now. They are Samsung XE700T1A Business Slates. 3 with

[redirected from -hackers to -security] Jakub Lach <jakub_lach@mailplus.pl> writes: > http://marc.info/?l=openbsd-tech&m=129236621626462&w=2 http://maycontaintracesofbolts.blogspot.com/2010/12/openbsd-ipsec-backdoor-allegations.html DES -- Dag-Erling Sm?rgrav - des@des.no