Re: debian unofficial website hacked

To: debian-accessibility@lists.debian.org
Subject: Re: debian unofficial website hacked
From: john doe <johndoe65534@mail.com>
Date: Fri, 9 Feb 2018 07:35:58 +0100
Message-id: <[🔎] 163c98f3-cc1d-b1b0-1398-6cc334e9340a@mail.com>
In-reply-to: <[🔎] alpine.NEB.2.21.1802081506420.14354@panix1.panix.com>
References: <[🔎] alpine.NEB.2.21.1802080632080.11451@panix1.panix.com> <[🔎] 7ca0fb9a-d10e-ef40-1e9a-ad6422a82386@mail.com> <[🔎] alpine.NEB.2.21.1802081351220.259@panix1.panix.com> <[🔎] 9d61f874-e986-89a1-62f3-8fdbe7f317cc@mail.com> <[🔎] alpine.NEB.2.21.1802081506420.14354@panix1.panix.com>

On 2/8/2018 9:06 PM, Jude DaShiell wrote:

https://cdimage.debian.org/cdimage/unofficial/non-free/cd-including-firmware/buster_di_alpha2/amd64/bt-dvd/


Please try the following:

Eatch line that starts with a dollar sign ($) is a command and should beentered as written.



$ mkdir alfa2
$ cd alfa2

$ wgethttps://cdimage.debian.org/cdimage/unofficial/non-free/cd-including-firmware/buster_di_alpha2/amd64/bt-dvd/SHA512SUMS.signhttps://cdimage.debian.org/cdimage/unofficial/non-free/cd-including-firmware/buster_di_alpha2/amd64/bt-dvd/SHA512SUMS


Output of the above command:

--...--https://cdimage.debian.org/cdimage/unofficial/non-free/cd-including-firmware/buster_di_alpha2/amd64/bt-dvd/SHA512SUMS.signResolving cdimage.debian.org (cdimage.debian.org)... 194.71.11.165,194.71.11.173, 2001:6b0:19::173, ...Connecting to cdimage.debian.org(cdimage.debian.org)|194.71.11.165|:443... connected.

HTTP request sent, awaiting response... 200 OK
Length: 833
Saving to: â€˜SHA512SUMS.signâ€™

SHA512SUMS.sign100%[======================================================================================================>]833 --.-KB/s in 0s


... (11.4 MB/s) - â€˜SHA512SUMS.signâ€™ saved [833/833]

--...--https://cdimage.debian.org/cdimage/unofficial/non-free/cd-including-firmware/buster_di_alpha2/amd64/bt-dvd/SHA512SUMS

Reusing existing connection to cdimage.debian.org:443.
HTTP request sent, awaiting response... 200 OK
Length: 172
Saving to: â€˜SHA512SUMSâ€™

SHA512SUMS100%[======================================================================================================>]172 --.-KB/s in 0s


... (208 MB/s) - â€˜SHA512SUMSâ€™ saved [172/172]

FINISHED --...--
Total wall clock time: 0.5s
Downloaded: 2 files, 1005 in 0s (13.6 MB/s)

$ gpg --delete-keys debian

Output of the above command:

pub 4096R/0xDA87E80D6294BE9B 2011-01-05 Debian CD signing key<debian-cd@lists.debian.org>


Delete this key from the keyring? (y/N) y

Comment: Press 'y' for eatch keys that are to be deleted.

$ gpg --recv-key 0xDA87E80D6294BE9B

Output of the above command:

gpg: requesting key 0xDA87E80D6294BE9B from hkps serverhkps.pool.sks-keyservers.netgpg: key 0xDA87E80D6294BE9B: public key "Debian CD signing key<debian-cd@lists.debian.org>" imported

gpg: 2 marginal(s) needed, 2 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   3  signed:   1  trust: 0-, 0q, 0n, 0m, 0f, 3u
gpg: depth: 1  valid:   1  signed:   0  trust: 1-, 0q, 0n, 0m, 0f, 0u
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)

$ gpg --verify SHA512SUMS.sign SHA512SUMS

Output of the above command:

gpg: Signature made Wed, Dec 06, 2017  3:02:18 AM CET
gpg:                using RSA key 0xDA87E80D6294BE9B

gpg: Good signature from "Debian CD signing key<debian-cd@lists.debian.org>"

gpg: WARNING: This key is not certified with a trusted signature!

gpg: There is no indication that the signature belongs to theowner.

Primary key fingerprint: DF9B 9C49 EAA9 2984 3258  9D76 DA87 E80D 6294 BE9B

If it does not work please post the commands used and the output ofthose commands.


Note that my mailer might fold this e-mail.

On Thu, 8 Feb 2018, john doe wrote:

Date: Thu, 8 Feb 2018 14:03:40
From: john doe <johndoe65534@mail.com>
To: debian-accessibility@lists.debian.org
Subject: Re: debian unofficial website hacked
Resent-Date: Thu,  8 Feb 2018 19:03:53 +0000 (UTC)
Resent-From: debian-accessibility@lists.debian.org

On 2/8/2018 7:54 PM, Jude DaShiell wrote:

Yes, I imported the debian signing key and I have MD5SUMS andMD5SUMS.sign
 sha256SUMS SHA256SUMS.sign SHA512SUMS and SHA512SUMS.sign SHA1SUMS
 SHA1SUMS.sign.


From which URL did you get the  files?

 On Thu, 8 Feb 2018, john doe wrote:

 Date: Thu, 8 Feb 2018 07:12:27
 From: john doe <johndoe65534@mail.com>
 To: debian-accessibility@lists.debian.org
 Subject: Re: debian unofficial website hacked
 Resent-Date: Thu,? 8 Feb 2018 12:12:39 +0000 (UTC)
 Resent-From: debian-accessibility@lists.debian.org

 On 2/8/2018 12:34 PM, Jude DaShiell wrote:

?running gpg --verify *.sign on all sign files found wheredebian-buster
 is
?downloaded returns bad key and [unknown] on those files.? I thinkthe
 ?website has got dirty.


 - Did you import the Debian signing key?

- Which files did you verify (URL used, you should only usedebian.org)?

 - What commands did you use and what are the output of those commands?



--
John Doe

Reply to:

Follow-Ups:
- Re: debian unofficial website hacked
  - From: Jude DaShiell <jdashiel@panix.com>

References:
- debian unofficial website hacked
  - From: Jude DaShiell <jdashiel@panix.com>
- Re: debian unofficial website hacked
  - From: john doe <johndoe65534@mail.com>
- Re: debian unofficial website hacked
  - From: Jude DaShiell <jdashiel@panix.com>
- Re: debian unofficial website hacked
  - From: john doe <johndoe65534@mail.com>
- Re: debian unofficial website hacked
  - From: Jude DaShiell <jdashiel@panix.com>

Prev by Date: Re: debian unofficial website hacked
Next by Date: Processing of espeakup_0.80-5+deb9u1_source.changes
Previous by thread: Re: debian unofficial website hacked
Next by thread: Re: debian unofficial website hacked
Index(es):
- Date
- Thread