Displaying 20 results from an estimated 175 matches for "backdoors".
2015 Apr 16
3
ClamAV reports a trojan
This morning I discovered this in my clamav report from one of our
imap servers:
/usr/share/nmap/scripts/irc-unrealircd-backdoor.nse:
Unix.Trojan.MSShellcode-21 FOUND
I have looked at this script and it appears to be part of the nmap
distribution. It actually tests for irc backdoors. IRC is not used
here and its ports are blocked by default both at the gateway and on
all internal hosts.
However, I none-the-less copied that file, removed namp, re-installed
nmap from base, and diffed the file of the same name installed with
nmap against the copy. They are identical.
The ques...
2010 Dec 15
5
Allegations regarding OpenBSD IPSEC
Some of you probably already read this:
http://marc.info/?l=openbsd-tech&m=129236621626462&w=2
Interesting...I wonder what is the impact of all this on FreeBSD code.
We may very well suppose that any government or corporation funded code
can theoretically have some kind of backdoor inside.
--Andy
2011 May 09
2
backdoor by authorized_keys2 leftovers
Hi devs,
recently I had to replace authorized_keys on several systems to
enforce an access policy change.
I was badly surprised that authorized_keys2(!) was still processed,
which allowed some old keys to enter the systems again, because I
wasn't aware of the file's existance on the server and use by sshd,
since this "backward compatibility" isn't documented, not even a
2015 May 26
2
Weak DH primes and openssh
On Tue 2015-05-26 12:57:05 -0400, Hubert Kario wrote:
> creating composites that will pass even 100000 rounds of Miller-Rabin is
> relatively simple....
> (assuming the values for M-R tests are picked randomly)
Can you point me to the algorithms for doing that? This would suggest
that we really do want primality proofs (and a good way to verify them).
Do those algorithms hold for
1998 May 23
7
Re: Re: Re: Bind Overrun Bug and Linux (fwd)
..., you may want to look at some code that looks through the wtmp/utmp
files and looks for null entries, most wtmp cleaners NULL out the entry,
rather than writing a whole new wtmp.
I would not be so sure as to rely on what they have backdoored locally, as
most people would want to place many remote backdoors. If there is no
remote backdoors, then what use is there to put a local backdoor in?
I would think the most common remote backdoor pairs would be something
like: rshd/tcpd/inetd/login and local: passwd/ping/chfn. I witness many
people using *all* of the backdoors provided with these rootkits, j...
2018 May 27
2
Strange crypto choices
On Mon, 28 May 2018, Yegor Ievlev wrote:
> Can we prefer RSA to ECDSA? For example:
> HostKeyAlgorithms
> ssh-rsa,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256
not without a good reason
2011 Jun 23
3
dovecot security with IPv6
Hi Timo, hi all others!
In fact, I've only read one person claiming that IPv6 support opens up
"too many backdoors" [1], but anyway, as I intend to run just
particular services, please give me your opinion if it's insecure to
have a dovecot server, which is accessed through a public IPv6
address...
(or note just shortly what else could give a firm ground to such claims...)
[1] http://forums.gentoo.org...
2017 Apr 15
5
OT: systemd Poll - So Long, and Thanks for All the fish.
Not wishing to extend this thread further, but ...
> There are conspiracy theories out there that the NSA is involved with
> bringing systemd to Linux so they can have easy access to *"unknown"*
> bugs - aka backdoors - to all Linux installations using systemd *[1]*.
They're conspiracy theories, and that's it. The bottom line is that in
general people don't like not understanding things and when they come
across something they don't understand they create a mythology around
those things to rati...
2015 Apr 16
0
ClamAV reports a trojan
...discovered this in my clamav report from one of our
> imap servers:
>
> /usr/share/nmap/scripts/irc-unrealircd-backdoor.nse:
> Unix.Trojan.MSShellcode-21 FOUND
>
>
> I have looked at this script and it appears to be part of the nmap
> distribution. It actually tests for irc backdoors. IRC is not used
> here and its ports are blocked by default both at the gateway and on
> all internal hosts.
>
> However, I none-the-less copied that file, removed namp, re-installed
> nmap from base, and diffed the file of the same name installed with
> nmap against the copy....
2007 Nov 24
1
Project proposal/idea: Categorize traffic by behavior
...rized by large packets being back-to-back.
I propose this could be implemented with Netfilter target modules for
categorizing traffic, and using conntrack flows for saving the group/type,
that other rules can match upon.
What can it be used for?
------------------------
Security/NIDS: Detecting backdoors, by identifying interactive on
non-standard ports.
QoS: Prioritize traffic based on type (e.g. interactive or RTP-streams)
without needing to write static iptables rules to match each new protocols
port number. Some protocols, like Skype, its not possible to do
categorizing based upon standar...
2015 May 26
8
Weak DH primes and openssh
On Tue 2015-05-26 14:02:07 -0400, Hubert Kario wrote:
> On Tuesday 26 May 2015 13:43:13 Daniel Kahn Gillmor wrote:
>> On Tue 2015-05-26 12:57:05 -0400, Hubert Kario wrote:
>> > creating composites that will pass even 100000 rounds of Miller-Rabin is
>> > relatively simple....
>> > (assuming the values for M-R tests are picked randomly)
>>
>> Can you
2006 May 04
2
Uselib24/bindz - owned!
So pretty sure one of my boxes has been owned. Just wanted some advise
on what to do next. Obviously, i'll need to nuke the fecker and start
over but it would be really nice to find out how they got in as its a
CentOS 4.3 which is bang up to date.
So i found:
PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND
7052 apache 25 0 27320 5348 8 R 99.0 0.5
2016 Jan 14
2
Fwd: Heads up: OpenSSH users
On Thu, January 14, 2016 11:46 am, m.roth at 5-cent.us wrote:
> Timo Sch??ler wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> On 01/14/2016 05:34 PM, m.roth at 5-cent.us wrote:
>>> Michael H wrote:
>>>> Probably worth a read...
>>>>
>>>> http://www.openssh.com/txt/release-7.1p2
>>>>
2005 Feb 14
3
Hackers on my Web server
I have discovered that a gamer has hacked into my web server through a
backdoor left open by my predecessor. I have closed the door, but when I
try to delete the folders left behind I receive "Access Denied", or when
I try to take ownership I receive "Unable to Find File...". I have
removed most of the files to obtain enough space to continue operations
but would like to remove
2003 Apr 23
2
Call Queue Manager and DID Digits
I've been asked to create a graphical "call-queue"
manager. That is, use the existing call queues application but allow
a way to view what's coming and attach information to it. As far as the
"attaching information" that's in the realm of my application, but I'm
trying to figure out if the internals of queues are exposed through any
interface. Any help there?
1998 May 19
7
Bind Overrun Bug and Linux
[mod: Just to show you that people DO get bitten after a bugwarning has
gone out on linux-security..... -- REW]
-----BEGIN PGP SIGNED MESSAGE-----
Content-Type: text/plain; charset=us-ascii
Has anyone been hit with the Bind Inverse Query Buffer Overrun on
their Linux servers? We have had 3 servers attacked using this
expoit and all of the machines had several binaries replaced with
trojan
2004 Sep 10
3
Should FLAC join Xiph?
...he chances that someone will use the BSD license to make
> proprietary changes to FLAC. Weigh that against the chances that FLAC
Well, I think going GPL would be too much, only GPL softwares could use
the library. BSD is too much too because changes in the software world
(improvements, bugs, backdoors) would not be available to you. Only the
hardware world is a problem. And usually when they support a format
they're ready to pay for the development and even the port ot their
architecture.
I use a lot the SciTE editor which is BSD-like. Neil Hodgson is working
full time on it because som...
2018 May 28
2
Strange crypto choices
We're aware of those arguments but don't find them convincing enough to
switch early.
On Mon, 28 May 2018, Yegor Ievlev wrote:
> A backdoored curve could be easily generated using the algorithm used
> to generate the NIST curves.
> https://bada55.cr.yp.to/vr.html
>
> The algorithm that generates a backdoored curve is very simple:
> Suppose the NSA (the author of the
2018 Apr 18
0
Robust Cluster
...unning XP under Windows 7,
And Windows 7 doesn't pool.
Now, Linux pools.
All Unix has always pooled, more or less.
Right from the start.
I want to build something robust.
I've experimented with DDNS on NoIP.
I'm getting the paid service.
Combined with enom and replikon.net,
I can have backdoors and VPNs to every system.
These backdoors would be a fallback.
The Ethernet would be the front door.
PXELINUX would boot from a flash card in a Linksys 150N router, or two,
Using WiFi or Ethernet.
Well, that's the proposal.
I think it would be robust.
Capiche?
Doug
--
Cheers!
Douglas Go...
2010 Dec 15
1
IPSEC allegations
[redirected from -hackers to -security]
Jakub Lach <jakub_lach@mailplus.pl> writes:
> http://marc.info/?l=openbsd-tech&m=129236621626462&w=2
http://maycontaintracesofbolts.blogspot.com/2010/12/openbsd-ipsec-backdoor-allegations.html
DES
--
Dag-Erling Sm?rgrav - des@des.no