[Full-Disclosure] Cryptome Hacked!

From: Sung J. Choe (schoe@oicinc.com)
Date: 02/27/03

  • Next message: Mandrake Linux Security Team: "[Full-Disclosure] MDKSA-2003:025 - Updated webmin packages fix session ID spoofing vulnerability" 
    From: "Sung J. Choe" <schoe@oicinc.com>
To: "'full-disclosure@lists.netsys.com'" <full-disclosure@lists.netsys.com>
Date: Wed, 26 Feb 2003 13:10:04 -1000

    Cryptome.org, a site for privacy enthusiasts and leftists alike, was
    apparently hacked today. Their server is up but "all files were deleted".
    Besides the usual anti-American/anti-government vitriol that is usually
    found at Cryptome.org, they also distribute crypto software. This brings up
    the following question: What is the best method for ensuring the integrity
    of software which require a high level of trust? I am almost sure that any
    crypto software distributed by such extremists as John Young (operator of
    cryptome.org) has been tampered with in some way. Does anybody else share
    this opinion?

    .--------------------------------------------------.
    | Sung J. Choe <schoe[at]oicinc.com>, TICSA |
    | Systems Administrator, Facility Security Officer |
    .--------------------------------------------------.----.
                        | Oceanic Imaging Consultants, Inc. |
                        | Phone #: (808) 539-3634 x3634 |
                        .-----------------------------------.

    568D CAD6 53A0 92E6 4A2A 4E87 3BA0 5F90 37BB 8EE7

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html