Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenSSH Package Trojaned

Posted by michael on from the md5-saves-lives dept.

cperciva writes "The original story is here. And more details are available from the guy's weblog here." Here's a mirror of that email message. Another reader writes, "Not really a trojan because all it does is make a connection to 203.62.158.32:6667." Still another writes "The tarball of the portable OpenSSH on ftp.openbsd.org is trojaned. The backdoor is only used during build - generated binaries are fine." There isn't much authoritative information available, but this appears legitimate - please be careful if you're updating any of your machines with code from ftp.openbsd.org, and we'll update this story with more links as information is available. Update: 08/01 19:13 GMT by M : OpenSSH now has an advisory.

5 of 566 comments (clear)

  1. Irony by Dark+Lord+Seth · · Score: 0, Flamebait

    OpenBSD being focussed on security and all...

    --
    Hate me!
  2. Re:New catch phrase by windex · · Score: 0, Flamebait

    You are wrong. Why don't you read the fucking article. Mabye you could quit being some kind of egotistical openbsd-zelot as well?

  3. This is why I don't use open-source programs... by ball-lightning · · Score: 0, Flamebait

    This is why I'd rather use Windows than Linux. Even though companies like Microsoft HAVE installed some code that monitors you, I know Microsoft won't be snooping in my email account, etc.

  4. Re:Open Source PKI Needed? by hyperstation · · Score: 1, Flamebait

    you could dump debian and use gentoo

  5. This indicative of open-source development project by 183771 · · Score: 0, Flamebait

    I am afraid you are totally wrong, this could happen in open-source enviroments but also in closed development enviroments. The big difference is than i a closed-source project you even do not realise that you have been trojaned!!!