Vsftpd backdoor discovered in source code (The H)
Posted Jul 5, 2011 4:53 UTC (Tue) by danieldk
Parent article: Vsftpd backdoor discovered in source code (The H)
Evans, the author of vsftpd which is described on its web site as "probably the most secure and fastest FTP server for Unix-like systems" was alerted on Sunday to the fact that a bad tarball had been downloaded from the vsftpd master site with an invalid GPG signature.
Yet another reminder to check source tarballs using the signature, or preferably use a package manager with code signing.
to post comments)