[jdev] IMPORTANT: JSF/JabberStudio Service Update
Dan Plesse
dplesse at optonline.net
Wed Jan 26 16:16:21 CST 2005
1. I wish it was Spyware.
2. Installing a service it is very serious breach.
3. I assumed it did not come from JabberStudio
-----Original Message-----
From: jdev-bounces at jabber.org [mailto:jdev-bounces at jabber.org] On Behalf Of
Julian Missig
Sent: Wednesday, January 26, 2005 4:44 PM
To: Jabber software development list
Subject: Re: [jdev] IMPORTANT: JSF/JabberStudio Service Update
I'm sure there are many machines in the world which have spyware
installed... just because yours does doesn't mean it necessarily came
from jabber.org.
Now, if you find one of those in any of the pieces of software listed
on JabberStudio, that's another thing entirely.
Julian
On 26 Jan 2005, at 16:38, Dan Plesse wrote:
> Thanks for the update peter.
>
> I just found out that under services: Network Functions, service name:
> cfgPrn was loading at startup c:\windows\system32\spool\nt\svchost.exe
> which was a backdoor. Who and how did [they] do that? I also had a
> folder called "USA AutoSpeedTester" with HideRun.exe. Apparently
> someone
> needed to know how fast my connection was too.
>
>
>
> -----Original Message-----
> From: jdev-bounces at jabber.org [mailto:jdev-bounces at jabber.org] On
> Behalf Of
> Peter Saint-Andre
> Sent: Wednesday, January 26, 2005 3:49 PM
> To: jdev at jabber.org; jadmin at jabber.org; juser at jabber.org;
> members at jabber.org
> Subject: [jdev] IMPORTANT: JSF/JabberStudio Service Update
>
> Last week I announced a service outage related to the machine that
> hosts both the www.jabber.org website and the JabberStudio service.
> This message contains further information about the matter.
>
> The machine (hades.jabber.org) was cracked approximately one year ago
> by means of an automated rootkit. Based on the evidence of the initial
> investigation by the admin team for this machine, the rootkit was not
> used to view or modify any files. Furthermore, we have found no
> evidence of instrusion into the other machines that are part of the
> jabber.org infrastructure (e.g., the production jabber server or the
> mailing list server).
>
> The affected machine has been rebuilt and fully locked down, and access
> has been restricted to a handful of admins, who are actively working
> on the transition to new server machines that the Jabber Software
> Foundation purchased recently.
>
> Developers who use JabberStudio for their projects MUST follow the
> instructions posted at http://www.jabberstudio.org/ in order to
> validate
> their code. Only validated code will be restored to JabberStudio! If
> you
> have questions about the JabberStudio service, please direct them to
> Thomas Muldowney (a.k.a. temas).
>
> I am working to restore the complete www.jabber.org website, and will
> do
> so as soon as I am comfortable with the security profile of the website
> code. Hopefully that will happen by the end of this week, but security
> is a higher priority than speed at this point.
>
> Thank you for your patience. Do not hesitate to contact me via email or
> Jabber if you have any questions.
>
> Peter
>
> --
> Peter Saint-Andre
> stpeter at jabber.org
>
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mail.jabber.org/mailman/listinfo/jdev
>
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mail.jabber.org/mailman/listinfo/jdev
>
_______________________________________________
jdev mailing list
jdev at jabber.org
http://mail.jabber.org/mailman/listinfo/jdev
More information about the JDev
mailing list