Results 1 to 6 of 6
Thread: Gentoo UnrealIRCd got backdoor
Hybrid View
-
06-15-2010, 06:07 AM #1Aspiring Evangelist
- Join Date
- Dec 2001
- Posts
- 380
Gentoo UnrealIRCd got backdoor
"the malware-compromised code was included in the official Gentoo distribution", since Nov. 2009.
http://www.fewt.com/2010/06/linux-infected.html
http://www.unrealircd.com/txt/unreal...y.20100612.txt
http://www.zdnet.com/blog/bott/linux...r-updated/2206
-
06-15-2010, 11:06 PM #2Junior Guru Wannabe
- Join Date
- Jun 2010
- Location
- Phoenix, AZ, USA
- Posts
- 30
It happens all the time.
-
06-16-2010, 07:09 AM #3Web Hosting Master
- Join Date
- Jun 2002
- Location
- United Kingdom
- Posts
- 1,238
Gentoo UnrealIRCd? Not really.... unreal's UnrealIRCd.
Gentoo have obviously pulled the package from the unreal servers which are the ones which actually shipped the backdoor to everyone else.
What is the big fuss over "Gentoo shipping backdoor". At the end of the day, ok, gentoo shipped the "source code" with the backdoor code. But i bet many other distributions shipped a compiled version of unrealircd with the backdoor too. Considering that the backdoor has only just been discovered, a lot of distributions which have an unrealircd package will have this.
We are going to have anti-linux users jumping up and down that linux has a virus now. At the end of the day.... this is nothing to do with linux.... Its the package that has the backdoor compiled in, and its unrealircd's fault for not noticing it. At the end of the day its a hidden feature really.
The only reason they targetted linux not windows is because all they had to do was replace one file in the tar.gz file for the linux version, whereas applying the same backdoor to the windows version would mean recompiling it with the backdoor in.
Also a qoute from the UnrealIRCd site:
On an unrelated side note, I find the claims in various media that this security incident indicates that Linux and Open Source cannot be trusted and that Microsoft and closed-software is better really silly. It lacks any foundation. A hacker, once in, could just as easily have inserted the backdoor in Windows software. In fact, it is *THANKS* to it being Open Source that this backdoor got noticed, though - I fully agree - much too late.Last edited by matt2kjones; 06-16-2010 at 07:18 AM.
-
06-16-2010, 08:39 AM #4Aspiring Evangelist
- Join Date
- Dec 2001
- Posts
- 380
-
06-16-2010, 08:44 AM #5Web Hosting Master
- Join Date
- Jun 2002
- Location
- United Kingdom
- Posts
- 1,238
Any operating system is only as secure as the software you run on top of it and the way that the user configures it.
Its a shame that open source is getting targetted as unsecure because of this one package security issue. But then again, looking at it from windows point of view.... If the windows version of it had been modified and not the linux source code, then anti-microsoft people would be acting the same way as anti-linux/open source people are now
-
06-16-2010, 10:43 AM #6Aspiring Evangelist
- Join Date
- Dec 2001
- Posts
- 380
Only an O/S kernel is meaningless to end-user, they need OS packed with lots of productivities softwares as modern distributions do.
Technical guys care OS/each module bugs, but end-users/reporters care the final products bugs.
Similar Threads
-
[For Hire]Icecast2/PHP Based CMS & Forum/UnrealIRCD installs
By tricky1 in forum Employment / Job RequestsReplies: 0Last Post: 06-23-2008, 09:50 PM -
backdoor
By Floid in forum Dedicated ServerReplies: 6Last Post: 06-06-2005, 12:10 PM -
Anyone know how to setup UnrealIRCd 3.2 an IRC server?
By Ferneaux in forum Employment / Job OffersReplies: 3Last Post: 07-26-2004, 09:57 PM -
Backdoor
By Serverplan in forum Hosting Security and TechnologyReplies: 3Last Post: 03-28-2004, 06:14 PM