X
Tech

Linux distributor security list destroyed after hacker compromise

Hackers have compromised a private e-mail list used by Linux and BSD distributors to share information on embargoed security vulnerabilities and used a backdoor to sniff e-mail traffic
Written by Ryan Naraine, Contributor

Hackers have compromised a private e-mail list used by Linux and BSD distributors to share information on embargoed security vulnerabilities and used a backdoor to sniff e-mail traffic, according to the moderator of the list.

In a note to "Vendor-Sec" members, moderator Marcus Meissner said he noticed the break-in on January 20 but warned that it might have existed for much longer.

I have disabled the specific backdoor, but as I am not sure how the break-in happened it might reappear. So I recommend not mailing embargoed issues to vendor-sec@....de at this time.

Immediately after Meissner's warning e-mail, the attacker re-entered the compromised machine and destroyed the installation.

The "Vendor-Sec" list is used by distributors of free/open-source OS and software to discuss potential distribution element (kernel, libraries, applications) security vulnerabilities, as well as to co-ordinate the release of security updates by members.

This means that a compromise and the capturing of e-mails could have serious consequences.

Meissner has since killed the list:

So everyone please consider vendor-sec@....de is dead and gone at this point, successors (or not) will hopefully result out of this discussion.

The H Security notes that this isn't the first compromise of the "Vendor-Sec" list.  In 2005, black hat hackers reportedly hijacked a kernel exploit for root access from the list.

Editorial standards