Home page logo
/

oss-sec logo oss-sec mailing list archives

vsftpd download backdoored
From: Solar Designer <solar () openwall com>
Date: Mon, 4 Jul 2011 01:16:27 +0400

Hi,

Here's a great example of why maintainers should sign their release
tarballs, why distributions should insist on that, and why they should
actually check the signatures indeed.

I think we should be referring to this when convincing people to do that
(I had moderate success so far - some projects started signing their
tarballs after my suggestions/requests, some did not).

http://scarybeastsecurity.blogspot.com/2011/07/alert-vsftpd-download-backdoored.html

New vsftpd homepage:

https://security.appspot.com/vsftpd.html

Alexander


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault