community-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marco Esser <marcoes...@hotmail.de>
Subject AW: Are Apache projects affected by the informations leaked by the NSA hack ?
Date Fri, 26 Aug 2016 10:00:04 GMT
Hi Mark,


Thank you for your quick response !
I doesn't mean the leak by Edward Snowden. A group called Shadow Brokers hacked a least one
NSA server. Edward Snowden thinks that it must be a NSA malware staging server.

As far as I understand they spread some information and tools for free and want to have a
lot of money to give away the rest. See these links as a start point to this story:

http://www.wired.co.uk/article/nsa-hacking-tools-stolen-hackers

<http://www.wired.co.uk/article/nsa-hacking-tools-stolen-hackers><https://theintercept.com/2016/08/19/the-nsa-was-hacked-snowden-documents-confirm/>https://theintercept.com/2016/08/19/the-nsa-was-hacked-snowden-documents-confirm/

[https://prod01-cdn06.cdn.firstlook.org/wp-uploads/sites/1/2016/08/NSA-drive-feature-hero.jpg]<https://theintercept.com/2016/08/19/the-nsa-was-hacked-snowden-documents-confirm/>

The NSA Leak Is Real, Snowden Documents Confirm<https://theintercept.com/2016/08/19/the-nsa-was-hacked-snowden-documents-confirm/>
theintercept.com
A never-before-published NSA manual makes it clear that malware released by a hacker group
this week came from the spy agency.


[https://prod01-cdn06.cdn.firstlook.org/wp-uploads/sites/1/2016/08/NSA-drive-feature-hero.jpg]<https://theintercept.com/2016/08/19/the-nsa-was-hacked-snowden-documents-confirm/>

The NSA Leak Is Real, Snowden Documents Confirm<https://theintercept.com/2016/08/19/the-nsa-was-hacked-snowden-documents-confirm/>
theintercept.com
A never-before-published NSA manual makes it clear that malware released by a hacker group
this week came from the spy agency.



[http://wi-images.condecdn.net/image/PJPdyP8z5km/crop/1020]<http://www.wired.co.uk/article/nsa-hacking-tools-stolen-hackers>

Hacking the hackers: everything you need to know about Shadow Brokers' attack on the NSA<http://www.wired.co.uk/article/nsa-hacking-tools-stolen-hackers>
www.wired.co.uk
A mystery group claims to be selling malware and tools used by America's National Security
Agency





________________________________
Von: Mark Thomas <markt@apache.org>
Gesendet: Freitag, 26. August 2016 11:43
An: dev@community.apache.org
Betreff: Re: Are Apache projects affected by the informations leaked by the NSA hack ?

On 26/08/2016 10:13, Marco Esser wrote:
> Hello All,
>
> i hope I´m posting my question to the right mailing list. I searched a long time for
as better place but din´t find one.
>
>
> Does somebody analyze the available information from the NSA Hack regarding influence
on software developed in the apache projects ?

I assume you mean the leaks by Edward Snowden. I don't recall seeing
anything in the news regarding the NSA being hacked.

I'm involved in the Apache security team and the Apache Tomcat project.
I'm not aware of any analysis of the Snowden leak w.r.t. vulnerabilities
in / back-doors in / influence on Apache software.

> My special interest is to get knowledge about NSA hack tools or the try to implement
backdoors, etc in the following software used by my customers:
>
> Apache HTTP
> Tomcat applicationserver
> popular modules for both servers

I've only investigated the Tomcat vulnerabilities in any depth. None of
the issues I have seen in my long involvement in the Apache Tomcat
project has been suggestive of a deliberate back door being placed in
the code.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message