OpenSSH Package Trojaned

cperciva writes "The original story is here. And more details are available from the guy's weblog here." Here's a mirror of that email message. Another reader writes, "Not really a trojan because all it does is make a connection to 203.62.158.32:6667." Still another writes "The tarball of the portable OpenSSH on ftp.openbsd.org is trojaned. The backdoor is only used during build - generated binaries are fine." There isn't much authoritative information available, but this appears legitimate - please be careful if you're updating any of your machines with code from ftp.openbsd.org, and we'll update this story with more links as information is available. Update: 08/01 19:13 GMT by M : OpenSSH now has an advisory.

fuck you.

[sinserve]

First piss.

Slashdot Effect

slashdot effect n.

1. Also spelled "/. effect"; what is said to have happened when taco's anus is virtually unreachable because too many shirt-lifters are hitting it after he posts a boring pro-lunix article on the popular Slashdot news service. The term is quite widely used by /. readers, including variants like "Oh my god, my asshole has been slashdotted again!"

2. In a perhaps inevitable generation, the term is being used to describe any similar effect from being butt-fucked by a large admiring crowd. This would better be described as a flash crowd.

FREE NELSON MANDELA

it is confirmed: Theo de Raadt is dying

It is now official. Slashdot confirms: Theo de Raadt is dying.

One more crippling bombshell hit the already beleaguered *BSD community when Slashdot confirmed that confidence in OpenBSD security has dropped yet again, with OpenBSD down to less than a fraction of 1 percent of all servers. Coming on the heels of a recent Slashdot article which plainly states that OpenSSH has more holes than a default IIS install, this news serves to reinforce what we've known all along. Theo de Raadt is collapsing in complete disarray, and industry pundits believe he will soon fall dead.

You don't need to be Jordan Hubbard to predict de Raadt's future. The hand writing is on the wall: Theo faces a bleak future. In fact there won't be any future at all for Theo because Theo is dying. Things are looking very bad for Theo. As many of us are already aware, Theo continues to lose credibility. Red ink flows like a river of blood.

Let's keep to the facts and look at the numbers. OpenBSD leader Theo states that there are 7000 users of OpenBSD. How many exploits have there been to OpenBSD since Theo started coming clean about its failings? At least two remote root vulnerabilities in the last month. If we extrapolate that to two undisclosed exploits per month for the last six years OpenBSD has claimed to be free of holes, that's 144 security holes in 7000 machines, or 1,008,000 potential break-ins to an OpenBSD machine.

All major surveys show that Theo de Raadt is too arrogant to be able to live through this embarrassment. Theo is very sick and his long term survival prospects are very dim. If Theo is to survive at all it will only be through spending another 6 years covering up all the holes in OpenBSD. But the word is out, and nothing short of a miracle could save him at this point in time. For all practical purposes, Theo is dead.

Fact: Theo de Raadt is dying.

Re:it is confirmed: Theo de Raadt is dying

Err, mods on crack.. what is offtopic about Theo de Raadt on an article about a security hole in OpenBSD? Please fix the moderation, someone.

Re:it is confirmed: Theo de Raadt is dying

One of the funniest *BSD troll variants in ages :)))

Should we set up a fund to support Ms. DeRaadt? Oh wait, he's a computer geek. Never mind.

Re:How to stop this happening again?

hey douchebag, howabout you show everyone you have the lamest idea of what unix is.. oh wait, you did.

rm -rf /

would be better suited to your needs.

move along, nothing to see here.

Re:looks like it's from our australian friends

[jquirke]

Sorry, it's late and I'm not thinking straight.

Mod my post down please.