Hacker News new | past | comments | ask | show | jobs | submit login

http://www.cert.org/advisories/CA-2002-24.html I am still looking for the break-in that predates this breakin, my memory is fucking horrible. I apologize. It will take me a while for me to find it.



Thanks for the advisory, but you've got the facts wrong:

1) Main OpenBSD server wasn't compromised, main FTP server ("ftp.openbsd.org") was.

2) Source code (the one in CVS) wasn't compromised, only .tar.gz packages placed on the FTP server were.

3) They did want people to know about this, that's why they released security advisory [1].

On top of that, at the time "ftp.openbsd.org" wasn't even running OpenBSD, the FTP server was part of SunSITE powered by Solaris [2].

[1] http://marc.info/?l=openbsd-misc&m=102821528812161&w...

[2] http://www.openbsd.org/cgi-bin/cvsweb/www/faq/faq8.html.diff...


This wasn't in 2002, this was back in the 90s, I want to say 1996 or 1997. The source code was back-doored. The advisory you found was for completely different break-in in 2002.


I found? You linked to this incident in your previous comment.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: