This email comes after the trojan mess was discovered and fixed, AND cvs.openbsd.org had been sweeped. Everybody (but venglin) knows that deraadt is faked on IRC constantly. I wouldn't be surprised if someone considered this idiot clueful. The world is like that. From: Przemyslaw Frasunek To: incidents@securityfocus.com Cc: lists-staff@freebsd.lublin.pl Date: 05 Aug 2002 11:37:24 +0200 Subject: Re: openssh-3.4p1.tar.gz trojaned Reply-To: Message-ID: <86u1m963zf.fsf@lagoon.freebsd.lublin.pl> User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2 Edwin Groothuis napisa?(a): > Just want to inform you that the OpenSSH package op ftp.openbsd.org > (and probably all its mirrors now) it trojaned: Actually, it's possible, that also other machines at openbsd.org were compromised (dns servers? cvs.openbsd.org?). Recently we had complains about some malicious IRC activity originating from cvs.openbsd.org, which was possibly cracked or DNS spoofed. 03:11 EFNet:[ Whois deraadt (deraadt@cvs.openbsd.org) 03:11 EFNet:: Ircname : Theo de Raadt 03:11 EFNet:: Server : irc.efnet.pl [ATMAN Network, Warsaw, Poland ] 03:11 EFNet:: Idle : 0 days 0 hours 1 mins 9 secs 03:11 EFNet:: Signon : Fri Aug 2 03:09:58 2002 03:10 EFNet:- irc.efnet.pl - *** Notice -- User deraadt (deraadt@cvs.openbsd.org) is attempting to join locally juped channel #phrack -- * Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE * * Inet: przemyslaw@frasunek.com ** PGP: D48684904685DF43EA93AFA13BE170BF * ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com