[nsp-sec] [Confidential] Webmail issue.
Scott A. McIntyre
scott at xs4all.net
Mon Jun 22 03:45:54 EDT 2009
On Jun 22, 2009, at 09:27 , Huopio Kauto wrote:
> ----------- nsp-security Confidential --------
>
> Now, there is a security notice placed at squirrelmail.org
> websited - dated June 16th. I have my doubts that this message
> was posted to squirrelmail.org _after_ June 16th..
Yes, it was. I'd been checking the site for a number of days around
the Incident and no warning appeared. Seems to be pre-dated. Not nice.
>
> -What is the status of the compromise at the moment?
They've gone radio-silent with us. We're their upstream provider, and
sponsor their hosting, but they don't have any obligation to keep us
in the loop, alas. We provided them with a new linux server to
migrate to, and have asked for the old hard drives so that we may do
some forensics.
> -What distribution is considered secure? Safe MD5:s?
Excellent questions for the developers. They still haven't said,
publicly, what is safe and what is not safe. We continue to apply
(strong) pressure to share details with us.
> -Are the plugins safe or not?
I think that when a root level compromise of a server takes place,
perhaps going back months, and that server contains source code, svn,
and a variety of other bits of data, one must adopt a high level of
caution.
Certainly our approach internally has been to assume the plugins are
NOT safe, but we're running a slightly different branch of the code
which predates any indication of compromise (Jan/Feb 2009).
I'll poke them again now, however.
Frustrating.
Scott A. McIntyre
XS4ALL Internet B.V.
More information about the nsp-security
mailing list