Re: GNU software compromised : Cert Advisory
From: Alan Connor (xxxxxx_at_xxxx.xxx)
Date: Thu, 14 Aug 2003 08:55:17 GMT
On Thu, 14 Aug 2003 04:41:02 GMT, Bit Twister <BitTwister@localhost.localdomain> wrote:
> On Thu, 14 Aug 2003 04:23:08 GMT, firstname.lastname@example.org wrote:
>> |I noticed a M$ weenie posted this. Is it for real?
>> It is unfortunately. And apparently it was done by someone who had login
>> access to the machine, using a local ptrace exploit in the week before a
>> patch was posted.
>> |Haven't heard a word about it anyplace else.
>> Slashdot among lots of places.
>> [Please, no futher crossposts unless you have some info to add.]
Am I understanding this correctly? All anyone has to do to evade this
cracker's work is to check the md5 sums?
If so, this isn't a security issue, it is a STUPIDITY issue.
No one with a lick of common sense installs anything they've downloaded from
the net without doing that basic test.