Date: Wed, 3 Dec 2003 15:56:01 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Peter Wemm <peter@wemm.org> Cc: hubs@freebsd.org Subject: Re: HEADS UP! Watch out for security on your machines and exploits! Message-ID: <20031203235601.GA70953@xor.obsecurity.org> In-Reply-To: <20031203234849.7238C2A7EA@canning.wemm.org> References: <20031203234849.7238C2A7EA@canning.wemm.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--nFreZHaLTZJo0R7j Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Dec 03, 2003 at 03:48:49PM -0800, Peter Wemm wrote: > There's definately a targeting of open source projects and infrastructure > machines going on. Another linux mirror has been compromised. There's > worrying developments on savannah.gnu.org, etc. =20 >=20 > Please take EXTRA care to watch your mirrors for 'funny stuff' and make d= amn > sure that you're fully up todate with patches. >=20 > Being a cvsup*/ftp*/etc mirror means that you're going to be scanned and > probed. Especially now. In particular, make sure you're running the latest openssh and sendmail, and any third-party software you're running like apache, which may have had vulnerabilities recently. A lot of cvsup/ftp/www mirrors are really bad about staying up-to-date with security patches - last time I checked there were a lot that were running old vulnerable sshds, etc. Kris --nFreZHaLTZJo0R7j Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/zngRWry0BWjoQKURAuGrAJ9vmeDs4eJsrO7EpHT0sMhM/QsTcACg+URs tNBUR66jZlPaBKGlCs5V8CA= =Uu6T -----END PGP SIGNATURE----- --nFreZHaLTZJo0R7j--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031203235601.GA70953>