From mxn at zoomtown.com Thu Jan 27 20:28:51 2005 From: mxn at zoomtown.com (Minh Nguyen) Date: Thu Jan 27 20:33:25 2005 Subject: [Jabberzilla] Jabberzilla needs to be validated at JabberStudio Message-ID: <41F99553.2000104@zoomtown.com> Hi, Maybe some of you are aware of the recent intrusions into jabber.org's server. As a precaution, owners of JabberStudio projects need to "validate" their project code. Since this project is hosted at JabberStudio now, this needs to be done soon, or we'll get removed from their servers. I just wanted to remind Pawel (prefiks) or whoever is in charge of this project. Here's the message on jabberstudio.org: > > What's Happening? > > It has been discovered that the server hosting JabberStudio has been > hacked (cracked if you want to say that) for what appears to be one > year. Careful analysis of logs and other information shows that the > attack was an automated rootkit and it was never used to view or alter > files. Regardless, we feel it is vital that all files be reviewed for > any malicious changes before they are copied over to new machines and > publicly distributed again. > > First, we suggest that anyone that has used JabberStudio change their > external passwords, especially if they connected to any machine from > the JabberStudio shell server. All user accounts on the machine have > been suspended until the new machines are finalized, so don't attempt > to change your shell server password. > > Next, all of the projects, listed below, need their admins to download > the linked files, review them, and then contact temas > once complete. Further, the files that have > been actually publicly released (the releases dir) need to have MD5 > sums sent to temas so that others may verify their old downloads. The > MD5 sums are not necessary for CVS or WWW files. Once in contact with > temas a method of extracting other files that were on the system will > be discussed. > > The admins review needs to verify that all the CVS source code was > actually written by the project participants, and not altered in any > way. They need to check releases for any alterations including such > acts as modified source, modified binaries, modified installers, etc. > Web files should be checked for any hidden changes, tracking, bad > links, binary objects, etc. If you feel you don't understand what to > look for please contact temas. > > Project admins will have two weeks from Friday January 28, 2005 to > complete this process. That is an end date of Friday, February 11, > 2005. Any projects that have not reported back in that time will be > removed from the website and new server until they can be verified. > > Apologies to the community that this was not discovered much sooner, > and that the cleanup process has to be so involved. > > Finally, I want to reiterate that there is no evidence that downloaded > files have been compromised in any way, but if we find any evidence > contrary to this it will be immediately spread through the appropriate > channels. > -- Minh Nguyen AIM: trycom2000; Jabber: mxn@myjabber.net; Blog: http://mxn.f2o.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: mxn.vcf Type: text/x-vcard Size: 548 bytes Desc: not available Url : http://mozdev.org/pipermail/jabberzilla/attachments/20050127/d842aecd/mxn.vcf From carl at betterbilling.net Fri Jan 28 18:12:57 2005 From: carl at betterbilling.net (Carl Tanner) Date: Fri Jan 28 20:17:09 2005 Subject: [Jabberzilla] Re: Jabberzilla Digest, Vol 14, Issue 1 Message-ID: <41FAE319.1080104@betterbilling.net> I talked to stpeter weeks ago about this. I thought that it was taken care of. Carl Tanner JabberZilla Wrangler and Project Admin jabberzilla-request@mozdev.org wrote: >Send Jabberzilla mailing list submissions to > jabberzilla@mozdev.org > >To subscribe or unsubscribe via the World Wide Web, visit > http://mozdev.org/mailman/listinfo/jabberzilla >or, via email, send a message with subject or body 'help' to > jabberzilla-request@mozdev.org > >You can reach the person managing the list at > jabberzilla-owner@mozdev.org > >When replying, please edit your Subject line so it is more specific >than "Re: Contents of Jabberzilla digest..." > > >------------------------------------------------------------------------ > >Today's Topics: > > 1. Jabberzilla needs to be validated at JabberStudio (Minh Nguyen) > > > > ------------------------------------------------------------------------ > > Subject: > [Jabberzilla] Jabberzilla needs to be validated at JabberStudio > From: > Minh Nguyen > Date: > Thu, 27 Jan 2005 20:28:51 -0500 > To: > jabberzilla@mozdev.org > > To: > jabberzilla@mozdev.org > > > Hi, > > Maybe some of you are aware of the recent intrusions into jabber.org's > server. As a precaution, owners of JabberStudio projects need to > "validate" their project code. Since this project is hosted at > JabberStudio now, this needs to be done soon, or we'll get removed > from their servers. I just wanted to remind Pawel (prefiks) or whoever > is in charge of this project. Here's the message on jabberstudio.org: > >> >> What's Happening? >> >> It has been discovered that the server hosting JabberStudio has been >> hacked (cracked if you want to say that) for what appears to be one >> year. Careful analysis of logs and other information shows that the >> attack was an automated rootkit and it was never used to view or >> alter files. Regardless, we feel it is vital that all files be >> reviewed for any malicious changes before they are copied over to new >> machines and publicly distributed again. >> >> First, we suggest that anyone that has used JabberStudio change their >> external passwords, especially if they connected to any machine from >> the JabberStudio shell server. All user accounts on the machine have >> been suspended until the new machines are finalized, so don't attempt >> to change your shell server password. >> >> Next, all of the projects, listed below, need their admins to >> download the linked files, review them, and then contact temas >> once complete. Further, the files that have >> been actually publicly released (the releases dir) need to have MD5 >> sums sent to temas so that others may verify their old downloads. The >> MD5 sums are not necessary for CVS or WWW files. Once in contact with >> temas a method of extracting other files that were on the system will >> be discussed. >> >> The admins review needs to verify that all the CVS source code was >> actually written by the project participants, and not altered in any >> way. They need to check releases for any alterations including such >> acts as modified source, modified binaries, modified installers, etc. >> Web files should be checked for any hidden changes, tracking, bad >> links, binary objects, etc. If you feel you don't understand what to >> look for please contact temas. >> >> Project admins will have two weeks from Friday January 28, 2005 to >> complete this process. That is an end date of Friday, February 11, >> 2005. Any projects that have not reported back in that time will be >> removed from the website and new server until they can be verified. >> >> Apologies to the community that this was not discovered much sooner, >> and that the cleanup process has to be so involved. >> >> Finally, I want to reiterate that there is no evidence that >> downloaded files have been compromised in any way, but if we find any >> evidence contrary to this it will be immediately spread through the >> appropriate channels. >> >>_______________________________________________ >>Jabberzilla mailing list >>Jabberzilla@mozdev.org >>http://mozdev.org/mailman/listinfo/jabberzilla >> >> From mxn at zoomtown.com Fri Jan 28 22:04:04 2005 From: mxn at zoomtown.com (Minh Nguyen) Date: Fri Jan 28 22:08:42 2005 Subject: [Jabberzilla] Re: Jabberzilla Digest, Vol 14, Issue 1 In-Reply-To: <41FAE319.1080104@betterbilling.net> References: <41FAE319.1080104@betterbilling.net> Message-ID: <41FAFD24.1030005@zoomtown.com> Sorry, it's just that the Jabberzilla page redirects to the "What's Happening?" page, so I thought that maybe this hadn't been taken care of yet. Carl Tanner wrote: > I talked to stpeter weeks ago about this. I thought that it was taken > care of. > > Carl Tanner > JabberZilla Wrangler and Project Admin > > jabberzilla-request@mozdev.org wrote: > > Minh Nguyen wrote: > >> Hi, >> >> Maybe some of you are aware of the recent intrusions into >> jabber.org's server. As a precaution, owners of JabberStudio projects >> need to "validate" their project code. Since this project is hosted >> at JabberStudio now, this needs to be done soon, or we'll get removed >> from their servers. I just wanted to remind Pawel (prefiks) or >> whoever is in charge of this project. Here's the message on >> jabberstudio.org: >> >>> >> -- Minh Nguyen AIM: trycom2000; Jabber: mxn@myjabber.net; Blog: http://mxn.f2o.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: mxn.vcf Type: text/x-vcard Size: 548 bytes Desc: not available Url : http://mozdev.org/pipermail/jabberzilla/attachments/20050128/673a4022/mxn.vcf