HEADS UP! Watch out for security on your machines and exploits!
Kris Kennaway
kris at obsecurity.org
Wed Dec 3 15:56:04 PST 2003
On Wed, Dec 03, 2003 at 03:48:49PM -0800, Peter Wemm wrote:
> There's definately a targeting of open source projects and infrastructure
> machines going on. Another linux mirror has been compromised. There's
> worrying developments on savannah.gnu.org, etc.
>
> Please take EXTRA care to watch your mirrors for 'funny stuff' and make damn
> sure that you're fully up todate with patches.
>
> Being a cvsup*/ftp*/etc mirror means that you're going to be scanned and
> probed. Especially now.
In particular, make sure you're running the latest openssh and
sendmail, and any third-party software you're running like apache,
which may have had vulnerabilities recently.
A lot of cvsup/ftp/www mirrors are really bad about staying up-to-date
with security patches - last time I checked there were a lot that were
running old vulnerable sshds, etc.
Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hubs/attachments/20031203/6ea08348/attachment.bin
More information about the freebsd-hubs
mailing list