Re: GNU software compromised : Cert Advisory

From: Alan Connor (xxxxxx_at_xxxx.xxx)
Date: 08/14/03


Date: Thu, 14 Aug 2003 08:55:17 GMT

On Thu, 14 Aug 2003 04:41:02 GMT, Bit Twister <BitTwister@localhost.localdomain> wrote:
>
>
> On Thu, 14 Aug 2003 04:23:08 GMT, gombvtw@moqphq.com.jb wrote:
>> |I noticed a M$ weenie posted this. Is it for real?
>>
>> It is unfortunately. And apparently it was done by someone who had login
>> access to the machine, using a local ptrace exploit in the week before a
>> patch was posted.
>>
>> |Haven't heard a word about it anyplace else.
>
> http://www.cert.org/advisories/
>
>>
>> Slashdot among lots of places.
>>
>> [Please, no futher crossposts unless you have some info to add.]

     
Am I understanding this correctly? All anyone has to do to evade this
cracker's work is to check the md5 sums?

If so, this isn't a security issue, it is a STUPIDITY issue.

No one with a lick of common sense installs anything they've downloaded from
the net without doing that basic test.

Alan