OT: What's up with the starship?
rurpy at yahoo.com
rurpy at yahoo.com
Mon Oct 16 13:39:25 EDT 2006
micahel at gmail.com wrote:
> rurpy at yahoo.com wrote:
--snip--
> As far as I can tell, the machine was compromised on 2006-09-02.
So it was compromised for over a month.
> Irritatingly we didn't find out until just after logrotate had deleted
> the logs for around the time of the attack.
Murphy strikes again. :-(
> It wasn't a very subtle rootkit -- installing a version of netstat with
> different command line options, for example...
>
> > 5. Verifying that such a thing has not happened can be very
> > difficult, particularly if the date and other details of the
> > compromise cannot be accurately determined.
>
> I guess you should find out from the author of whatever you downloaded
> what the checksums should have been for what you downloaded and check
> that against what you downloaded.
>
> If you don't still have the downloaded files, I can tell you what the
> md5's of the files in the back up are.
I don't think that would help in the case of Pywin32 since the
Sourceforge dates for build 210 are 9/22.
I emailed Mark Hammond but have not heard anything back yet.
> > 6. Many organisations give image and pr a higher priority
> > than the safety of their customers/users and wave off security
> > breechs with "don't worry, everything is fine. We're sure
> > nothing has been touched" when in fact they have no idea.
>
> There is no organization behind python.net.
>
> I am a volunteer. I help run python.net in my spare time.
Organizations do not have to be formal or official to exhibit
similar behavior.
> > 7. I have seen no public statements or information about
> > this leading me to wonder about the stuation and how it's
> > being handled, hence my seeking of further information.
>
> I'm sorry, I'm busy trying to get the server going again.
I understand, and appreciate your (and the other people
involved) efforts. I know it must be a royal pain in the
ass. But I am still responsible for the code I (and my
clients) run so I had to ask.
> > But, I am still completely at a loss why you, he, or anyone,
> > based on the information presented so far,.would conclude
> > that the python security problem is unrelated.
>
> Why would it be? For all it's position in the community, there aren't
> actually many python web apps running on python.net, certainly not as
> root...
That's what one would hope but to assume that without better
information (such as you just provided) would be foolish.
Thanks again for taking the time to answer my questions.
More information about the Python-list
mailing list