Results 1 to 6 of 6
  1. #1
    Join Date
    Dec 2001
    Posts
    380

    Gentoo UnrealIRCd got backdoor

    "the malware-compromised code was included in the official Gentoo distribution", since Nov. 2009.


    http://www.fewt.com/2010/06/linux-infected.html

    http://www.unrealircd.com/txt/unreal...y.20100612.txt

    http://www.zdnet.com/blog/bott/linux...r-updated/2206

  2. #2
    Join Date
    Jun 2010
    Location
    Phoenix, AZ, USA
    Posts
    30
    It happens all the time.

  3. #3
    Join Date
    Jun 2002
    Location
    United Kingdom
    Posts
    1,236
    Gentoo UnrealIRCd? Not really.... unreal's UnrealIRCd.

    Gentoo have obviously pulled the package from the unreal servers which are the ones which actually shipped the backdoor to everyone else.

    What is the big fuss over "Gentoo shipping backdoor". At the end of the day, ok, gentoo shipped the "source code" with the backdoor code. But i bet many other distributions shipped a compiled version of unrealircd with the backdoor too. Considering that the backdoor has only just been discovered, a lot of distributions which have an unrealircd package will have this.

    We are going to have anti-linux users jumping up and down that linux has a virus now. At the end of the day.... this is nothing to do with linux.... Its the package that has the backdoor compiled in, and its unrealircd's fault for not noticing it. At the end of the day its a hidden feature really.

    The only reason they targetted linux not windows is because all they had to do was replace one file in the tar.gz file for the linux version, whereas applying the same backdoor to the windows version would mean recompiling it with the backdoor in.

    Also a qoute from the UnrealIRCd site:

    On an unrelated side note, I find the claims in various media that this security incident indicates that Linux and Open Source cannot be trusted and that Microsoft and closed-software is better really silly. It lacks any foundation. A hacker, once in, could just as easily have inserted the backdoor in Windows software. In fact, it is *THANKS* to it being Open Source that this backdoor got noticed, though - I fully agree - much too late.
    Last edited by matt2kjones; 06-16-2010 at 07:18 AM.

  4. #4
    Join Date
    Dec 2001
    Posts
    380
    Quote Originally Posted by matt2kjones View Post
    Gentoo UnrealIRCd? Not really.... unreal's UnrealIRCd.

    We are going to have anti-linux users jumping up and down that linux has a virus now. At the end of the day.... this is nothing to do with linux.... Its the package that has the backdoor compiled in, and its unrealircd's fault for not noticing it. At the end of the day its a hidden feature really.
    Thanks for correction and clarifications.

    I don't care Windows, but I hope Linux Distributions will improve more and more.

    Linux is already a good desktop OS, strong enough to Mac and Windows. Mac actually is a *BSD.

  5. #5
    Join Date
    Jun 2002
    Location
    United Kingdom
    Posts
    1,236
    Any operating system is only as secure as the software you run on top of it and the way that the user configures it.

    Its a shame that open source is getting targetted as unsecure because of this one package security issue. But then again, looking at it from windows point of view.... If the windows version of it had been modified and not the linux source code, then anti-microsoft people would be acting the same way as anti-linux/open source people are now

  6. #6
    Join Date
    Dec 2001
    Posts
    380
    Only an O/S kernel is meaningless to end-user, they need OS packed with lots of productivities softwares as modern distributions do.

    Technical guys care OS/each module bugs, but end-users/reporters care the final products bugs.

Similar Threads

  1. [For Hire]Icecast2/PHP Based CMS & Forum/UnrealIRCD installs
    By tricky1 in forum Employment / Job Requests
    Replies: 0
    Last Post: 06-23-2008, 09:50 PM
  2. backdoor
    By Floid in forum Dedicated Server
    Replies: 6
    Last Post: 06-06-2005, 12:10 PM
  3. Anyone know how to setup UnrealIRCd 3.2 an IRC server?
    By Ferneaux in forum Employment / Job Offers
    Replies: 3
    Last Post: 07-26-2004, 09:57 PM
  4. Backdoor
    By Serverplan in forum Hosting Security and Technology
    Replies: 3
    Last Post: 03-28-2004, 06:14 PM

Related Posts from theWHIR.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •