Slashdot Mirror

← Back to Stories (view on slashdot.org)

ProFTPD.org Compromised, Backdoor Distributed

Posted by CmdrTaco on from the scary-world-we-live-in dept.

Orome1 writes "A warning has been issued by the developers of ProFTPD, the popular FTP server software, about a compromise of the main distribution server of the software project that resulted in attackers exchanging the offered source files for ProFTPD 1.3.3c with a version containing a backdoor. It is thought that the attackers took advantage of an unpatched security flaw in the FTP daemon in order to gain access to the server."

2 of 152 comments (clear)

  1. Dumb comment. by Anonymous Coward · · Score: 5, Informative

    And how, exactly, would the attackers sign the distribution files with the same private key the project uses?

  2. Re:FTP by a_nonamiss · · Score: 3, Informative

    FTP isn't secure, but it's got a very low overhead compared to sftp or smb. Still a very efficient way to send very large files over a trusted, reliable LAN. On a gigabit LAN, I get a significantly higher transfer speed than when using smb.

    I'm not saying I'd put it in production over the Internet. It's crazy insecure and is a pain in the butt to set up on a firewall, but for fast, simple transfers on a LAN, it's the best protocol out there.

    --
    -Arthur
    Cave ne ante ullas catapultas ambules