Re: berlios.de compromised since 2005

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Once upon a time, Stephen John Smoogen <smooge@xxxxxxxxx> said:
> On Wed, Jan 13, 2010 at 11:33 AM, Jon Ciesla <limb@xxxxxxxxxxxx> wrote:
> > Thanks, Seth. And if we don't, what's a good resource for security
> > auditing n00bs?
> 
> 1) Look over the change history. Don't trust the source repository but
> older versions of the tar balls and see what has changed between them.

To add to this, by "older versions of the tar balls", don't just
download an older version from the suspected bad place (as it could have
been tampered with as well).  For packages that have been in Fedora
since before the initial suspected attack, grab an old SRPM from a
Fedora archive mirror.

-- 
Chris Adams <cmadams@xxxxxxxxxx>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux