[nsp-sec] [Confidential] Webmail issue.

Scott A. McIntyre scott at xs4all.net
Mon Jun 22 03:45:54 EDT 2009


On Jun 22, 2009, at 09:27 , Huopio Kauto wrote:

> ----------- nsp-security Confidential --------
>
> Now, there is a security notice placed at squirrelmail.org
> websited - dated June 16th. I have my doubts that this message
> was posted to squirrelmail.org _after_ June 16th..

Yes, it was.  I'd been checking the site for a number of days around  
the Incident and no warning appeared.  Seems to be pre-dated.  Not nice.

>
> -What is the status of the compromise at the moment?

They've gone radio-silent with us.  We're their upstream provider, and  
sponsor their hosting, but they don't have any obligation to keep us  
in the loop, alas.  We provided them with a new linux server to  
migrate to, and have asked for the old hard drives so that we may do  
some forensics.


> -What distribution is considered secure? Safe MD5:s?

Excellent questions for the developers.  They still haven't said,  
publicly, what is safe and what is not safe.  We continue to apply  
(strong) pressure to share details with us.

> -Are the plugins safe or not?

I think that when a root level compromise of a server takes place,  
perhaps going back months, and that server contains source code, svn,  
and a variety of other bits of data, one must adopt a high level of  
caution.

Certainly our approach internally has been to assume the plugins are  
NOT safe, but we're running a slightly different branch of the code  
which predates any indication of compromise (Jan/Feb 2009).

I'll poke them again now, however.

Frustrating.

Scott A. McIntyre
XS4ALL Internet B.V.





More information about the nsp-security mailing list