community-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Gruno <humbed...@apache.org>
Subject Re: AW: Are Apache projects affected by the informations leaked by the NSA hack ?
Date Fri, 26 Aug 2016 10:09:29 GMT
Hi Marco,

I would suggest you check out
https://musalbas.com/2016/08/16/equation-group-firewall-operations-catalogue.html
for a review of the exploits supposedly found. There doesn't seem to be
any ASF-related software mentioned, although it's of course always a
possibility ;)

With regards,
Daniel.

On 08/26/2016 12:00 PM, Marco Esser wrote:
> Hi Mark,
> 
> 
> Thank you for your quick response !
> I doesn't mean the leak by Edward Snowden. A group called Shadow Brokers hacked a least
one NSA server. Edward Snowden thinks that it must be a NSA malware staging server.
> 
> As far as I understand they spread some information and tools for free and want to have
a lot of money to give away the rest. See these links as a start point to this story:
> 
> http://www.wired.co.uk/article/nsa-hacking-tools-stolen-hackers
> 
> <http://www.wired.co.uk/article/nsa-hacking-tools-stolen-hackers><https://theintercept.com/2016/08/19/the-nsa-was-hacked-snowden-documents-confirm/>https://theintercept.com/2016/08/19/the-nsa-was-hacked-snowden-documents-confirm/
> 
> [https://prod01-cdn06.cdn.firstlook.org/wp-uploads/sites/1/2016/08/NSA-drive-feature-hero.jpg]<https://theintercept.com/2016/08/19/the-nsa-was-hacked-snowden-documents-confirm/>
> 
> The NSA Leak Is Real, Snowden Documents Confirm<https://theintercept.com/2016/08/19/the-nsa-was-hacked-snowden-documents-confirm/>
> theintercept.com
> A never-before-published NSA manual makes it clear that malware released by a hacker
group this week came from the spy agency.
> 
> 
> [https://prod01-cdn06.cdn.firstlook.org/wp-uploads/sites/1/2016/08/NSA-drive-feature-hero.jpg]<https://theintercept.com/2016/08/19/the-nsa-was-hacked-snowden-documents-confirm/>
> 
> The NSA Leak Is Real, Snowden Documents Confirm<https://theintercept.com/2016/08/19/the-nsa-was-hacked-snowden-documents-confirm/>
> theintercept.com
> A never-before-published NSA manual makes it clear that malware released by a hacker
group this week came from the spy agency.
> 
> 
> 
> [http://wi-images.condecdn.net/image/PJPdyP8z5km/crop/1020]<http://www.wired.co.uk/article/nsa-hacking-tools-stolen-hackers>
> 
> Hacking the hackers: everything you need to know about Shadow Brokers' attack on the
NSA<http://www.wired.co.uk/article/nsa-hacking-tools-stolen-hackers>
> www.wired.co.uk
> A mystery group claims to be selling malware and tools used by America's National Security
Agency
> 
> 
> 
> 
> 
> ________________________________
> Von: Mark Thomas <markt@apache.org>
> Gesendet: Freitag, 26. August 2016 11:43
> An: dev@community.apache.org
> Betreff: Re: Are Apache projects affected by the informations leaked by the NSA hack
?
> 
> On 26/08/2016 10:13, Marco Esser wrote:
>> Hello All,
>>
>> i hope I´m posting my question to the right mailing list. I searched a long time
for as better place but din´t find one.
>>
>>
>> Does somebody analyze the available information from the NSA Hack regarding influence
on software developed in the apache projects ?
> 
> I assume you mean the leaks by Edward Snowden. I don't recall seeing
> anything in the news regarding the NSA being hacked.
> 
> I'm involved in the Apache security team and the Apache Tomcat project.
> I'm not aware of any analysis of the Snowden leak w.r.t. vulnerabilities
> in / back-doors in / influence on Apache software.
> 
>> My special interest is to get knowledge about NSA hack tools or the try to implement
backdoors, etc in the following software used by my customers:
>>
>> Apache HTTP
>> Tomcat applicationserver
>> popular modules for both servers
> 
> I've only investigated the Tomcat vulnerabilities in any depth. None of
> the issues I have seen in my long involvement in the Apache Tomcat
> project has been suggestive of a deliberate back door being placed in
> the code.
> 
> Mark
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> For additional commands, e-mail: dev-help@community.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org


Mime
View raw message