-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
____/ Homer on Friday 02 Sep 2011 22:10 : \____
> Verily I say unto thee that Roy Schestowitz spake thusly:
>>
>> Kernel.org hacked, but Linux kernel safe thanks to git
>>
>> http://www.linuxfordevices.com/c/a/News/Kernelorg-hacked/?kc=rss
>>
>> Nothing to see here then... since OS X and Windows do not share their code,
>> this need not apply to them. The vulnerabilities are hidden from users.
>
> In this case the "vulnerability" was a user:
>
> [quote]
> Attackers compromised several servers at kernel.org using an
> off-the-shelf Trojan that appears to have entered via a compromised user
> credential
> [/quote]
>
> I'm not sure "hacked" is exactly the correct term for gaining access
> using stolen credentials.
>
> What I'd like to know is what sort of E-mail client on what platform
> allowed this trojan to execute and spread from an E-mail attachment?
This almost falls under the "social engineering" umbrella. WordPress once
had a similar issue. At least this got caught quickly (more eyeballs on the
code).
- --
~~ Best of wishes
Dr. Roy S. Schestowitz (Ph.D. Medical Biophysics), Imaging Researcher
http://Schestowitz.com | GNU/Linux administration | PGP-Key: 0x74572E8E
Editor @ http://techrights.org & Broadcaster @ http://bytesmedia.co.uk/
GPL-licensed 3-D Othello @ http://othellomaster.com
Non-profit search engine proposal @ http://iuron.com
Contact E-mail address (direct): s at schestowitz dot com
Contact Internet phone (SIP): schestowitz@xxxxxxxxx (24/7)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk5hVuUACgkQU4xAY3RXLo4ZQgCfQegFCYV9h/7+6kNBbL2XoY7T
xjUAnjBpXsJakyqYQ1+c3X91uMaoOvx6
=llWg
-----END PGP SIGNATURE-----
|
|
