August 14, 2003

GNU FTP Compromise Concerns

If you haven't heard yet, the GNU FTP Server has been compromised. Been in the news for a few days now, but I just finally got around to sniffing around and checking MD5 checksums.

What I found interesting was the README file on the ftp server. Apparently the server has been compromised since March. That is a lot of code that could have been mucked with. They say they are checking each checksum individually, and no code has been covertly altered, and I only hope noone figured out how to modify the MD5 check sum info... rendering their forensic analysis useless.

Goes to show you NO ONE is immune to security problems. Next thing you will know, there is going to be a back door in the Linux kernel (put in by SCO ... gotta love conspiracy theories) that will deduct a license fee from your online bank account. OK... maybe thats to far fetched.... but the backdoor itself isn't.

Lesson to be learned? ALWAYS do an MD5 checksum on files from the Internet. Use the Trust, but Verify attitude I have barked about for eons and validate that it indeed is the file you expect. Go so far as to ensure the MD5 fingerprint from the author hasn't been altered either. In other words, check the MD5 checksum on the archive server, AND on the mailing lists... assuming its put up there. (Most new releases do this).

Posted by SilverStr at August 14, 2003 08:25 AM
Comments

I prefer, "Trust no one, least of all yourself".

The Wife's systems admin sent out an email message that had in it executables to fix the worm. My wife kindly forwarded them on to me. Then I deleted them. Like I'm going to run any executable sent to me in an email message. HA!

Posted by: raskal at August 19, 2003 05:40 PM