[jdev] IMPORTANT: JSF/JabberStudio Service Update

Wed Jan 26 16:55:22 CST 2005

Er, ok, then I'm not understanding why you're bothering posting this to 
jdev at all.

On 26 Jan 2005, at 17:16, Dan Plesse wrote:

> 1. I wish it was Spyware.
> 2. Installing a service it is very serious breach.
> 3. I assumed it did not come from JabberStudio
>
>
> -----Original Message-----
> From: jdev-bounces at jabber.org [mailto:jdev-bounces at jabber.org] On 
> Behalf Of
> Julian Missig
> Sent: Wednesday, January 26, 2005 4:44 PM
> To: Jabber software development list
> Subject: Re: [jdev] IMPORTANT: JSF/JabberStudio Service Update
>
> I'm sure there are many machines in the world which have spyware
> installed... just because yours does doesn't mean it necessarily came
> from jabber.org.
>
> Now, if you find one of those in any of the pieces of software listed
> on JabberStudio, that's another thing entirely.
>
> Julian
>
> On 26 Jan 2005, at 16:38, Dan Plesse wrote:
>
>
>> Thanks for the update peter.
>>
>> I just found out that under services: Network Functions, service name:
>> cfgPrn was loading at startup c:\windows\system32\spool\nt\svchost.exe
>> which was a backdoor. Who and how did [they] do that? I also had a
>> folder called "USA AutoSpeedTester" with HideRun.exe. Apparently
>> someone
>> needed to know how fast my connection was too.
>>
>>
>>
>> -----Original Message-----
>> From: jdev-bounces at jabber.org [mailto:jdev-bounces at jabber.org] On
>> Behalf Of
>> Peter Saint-Andre
>> Sent: Wednesday, January 26, 2005 3:49 PM
>> To: jdev at jabber.org; jadmin at jabber.org; juser at jabber.org;
>> members at jabber.org
>> Subject: [jdev] IMPORTANT: JSF/JabberStudio Service Update
>>
>> Last week I announced a service outage related to the machine that
>> hosts both the www.jabber.org website and the JabberStudio service.
>> This message contains further information about the matter.
>>
>> The machine (hades.jabber.org) was cracked approximately one year ago
>> by means of an automated rootkit. Based on the evidence of the initial
>> investigation by the admin team for this machine, the rootkit was not
>> used to view or modify any files. Furthermore, we have found no
>> evidence of instrusion into the other machines that are part of the
>> jabber.org infrastructure (e.g., the production jabber server or the
>> mailing list server).
>>
>> The affected machine has been rebuilt and fully locked down, and 
>> access
>> has been restricted to a handful of admins, who are actively working
>> on the transition to new server machines that the Jabber Software
>> Foundation purchased recently.
>>
>> Developers who use JabberStudio for their projects MUST follow the
>> instructions posted at http://www.jabberstudio.org/ in order to
>> validate
>> their code. Only validated code will be restored to JabberStudio! If
>> you
>> have questions about the JabberStudio service, please direct them to
>> Thomas Muldowney (a.k.a. temas).
>>
>> I am working to restore the complete www.jabber.org website, and will
>> do
>> so as soon as I am comfortable with the security profile of the 
>> website
>> code. Hopefully that will happen by the end of this week, but security
>> is a higher priority than speed at this point.
>>
>> Thank you for your patience. Do not hesitate to contact me via email 
>> or
>> Jabber if you have any questions.
>>
>> Peter
>>
>> -- 
>> Peter Saint-Andre
>> stpeter at jabber.org
>>
>> _______________________________________________
>> jdev mailing list
>> jdev at jabber.org
>> http://mail.jabber.org/mailman/listinfo/jdev
>>
>> _______________________________________________
>> jdev mailing list
>> jdev at jabber.org
>> http://mail.jabber.org/mailman/listinfo/jdev
>>
>>
>
>
>
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mail.jabber.org/mailman/listinfo/jdev
>
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mail.jabber.org/mailman/listinfo/jdev
>