Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenSSH Package Trojaned

Posted by michael on from the md5-saves-lives dept.

cperciva writes "The original story is here. And more details are available from the guy's weblog here." Here's a mirror of that email message. Another reader writes, "Not really a trojan because all it does is make a connection to 203.62.158.32:6667." Still another writes "The tarball of the portable OpenSSH on ftp.openbsd.org is trojaned. The backdoor is only used during build - generated binaries are fine." There isn't much authoritative information available, but this appears legitimate - please be careful if you're updating any of your machines with code from ftp.openbsd.org, and we'll update this story with more links as information is available. Update: 08/01 19:13 GMT by M : OpenSSH now has an advisory.

4 of 566 comments (clear)

  1. what's up with OpenBSD? by tps12 · · Score: 0, Troll

    I don't mean to be making a "*BSD is Dying" post, but what's the deal? This is the second problem with OpenSSH in a few months, and OpenSSL was exploited just a few days ago.

    Is OpenBSD in trouble? More importantly, what are security-conscious people switching to, now that OpenBSD is no longer the fortress it once was?

    --

    Karma: Good (despite my invention of the Karma: sig)
  2. Re:How to stop this happening again? by yatest5 · · Score: 0, Troll

    Has anyone else thought about ways to solve this problem?

    Buy software produced by professionals?

    --
    • Mod parent up! [a] by Anonymous Coward (Score:5) Thurs, June 31, @13:37
  3. Re:THIS IS NOT THEO by mwalker · · Score: 0, Troll

    If you look at the parent author's posting history, you'll see that he is nothing more than a troll who fools people into thinking that he is Theo. (Incidentally, the name is "Theo de Raadt", not "Theo DeRaadt".)

    Look, this whole FreeBSD/OpenBSD flamewar has gotten out of hand. It's bad enough that you people are blocking each other's email, but let's not go accusing Theo of stealing his own account. Yes, a FreeBSD box was responsible for this security breakdown. Deal with it. There's no reason to go spreading wild accusations like this.
    That's Theo's Slashdot account. Quit being a jerk.

    --

    --
    What happens when you outlaw guns
  4. OBSERVATION by applejacks · · Score: 0, Troll

    Slashdot : - : A load of shit monkeys who think they are professional experts because they were able get a slashdot account and use a string of words with letters longer than 7 characters in a sentence that sounds remotely coherent.
    1.Usually found downloading pornographic material and spending all week downloading upgrades.
    2.Rarely if ever contributes original ideas or projects. See (1); Too busy upgrading.