search for: welivesecur

ESET recently published an interesting post-mortem of the so-called "Operation Windigo" malware campaign [1]. OpenSSH backdoors (codename Linux/Ebury), described by ESET last month [2], are a key component of Windigo's attack surface. --mancha [1] http://www.welivesecurity.com/wp-content/uploads/2014/03/operation_windigo.pdf [2] http://www.welivesecurity.com/2014/02/21/an-in-depth-analysis-of-linuxebury/

[I've CCed openssh-unix-dev for awareness, but set Mail-Followup-To to just debian-devel and debian-ssh to avoid potentially spamming them with a long discussion. If you choose to override this then that's your call, but please be mindful of upstream's time.] Following the xz-utils backdoor, I'm reconsidering some choices in Debian's OpenSSH packaging. Please note that