bryncoles
July 16th, 2008, 04:30 PM
apologies if someone already posted this...
http://www.heise.de/english/newsticker/news/112903
The research team found it relatively easy to get their own server listed as an official mirror for Ubuntu, Fedora, OpenSuSE, CentOS and Debian, which was subsequently contacted by thousands of clients, including military and government computers.
...
It is quite possible, claim the authors, for an attacker to send clients properly signed packages that are outdated and contain known vulnerabilities ... that the attacker will be able to exploit at his convenience.
ok, ive mangled that quote a little bit to convey the meaning - if not the wording - of the article.
at least i posted the source too!
http://www.heise.de/english/newsticker/news/112903
The research team found it relatively easy to get their own server listed as an official mirror for Ubuntu, Fedora, OpenSuSE, CentOS and Debian, which was subsequently contacted by thousands of clients, including military and government computers.
...
It is quite possible, claim the authors, for an attacker to send clients properly signed packages that are outdated and contain known vulnerabilities ... that the attacker will be able to exploit at his convenience.
ok, ive mangled that quote a little bit to convey the meaning - if not the wording - of the article.
at least i posted the source too!