Posts Tagged ‘Android’

Pirate files on php.net site? The next reason why you should use MD5 and PGP checksums!

Monday, September 12th, 2011

It’s been two weeks since the publication of an article on ZDNet on illegal files found on the php.net server. The author wrote in the article:

PHP, utilized by millions of Web sites around the Web, has a not-so-hidden secret on their Web site: a directory full of pirated content, config files containing user name and password information, and more.

While the ZDNet article contains some factual errors (the “pirated content” was located only on the id.php.net server, which is simply a 3rd party mirror hosted by http://www.pesat.net.id/), the screenshot below demonstrates one major problem…

Pirate files on php.net (courtesy of ZDnet)

… If someone (even sysadmin) downloaded pirated and potentially malicious files to the trusted web server, someone else can with ease replace the valid content (ie. PHP binaries or documentation) with a tainted data. (more…)

Kernel.org hacked – how to get Android repo?

Monday, September 5th, 2011

As you may already know, kernel.org site which hosts the Android git repository has been hacked. Because of this we can’t obtain the Android source code from its servers. All attempts to do so ultimately fail with the similar response:

[root@localhost WORKING_DIRECTORY]# repo sync
android.git.kernel.org[0: 130.239.17.13]: errno=Connection refused
android.git.kernel.org[0: 199.6.1.173]: errno=Connection refused
android.git.kernel.org[0: 2001:6b0:e:4017:1972:112:1:0]: errno=Network is unreachable
android.git.kernel.org[0: 2001:500:60:10:1972:112:1:0]: errno=Network is unreachable
fatal: unable to connect a socket (Network is unreachable)
error: Cannot fetch platform/bionic

or:

[root@localhost ~]# curl https://android.git.kernel.org/repo>  ~/bin/repo
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--     0
curl: (7) couldn't connect to host

I will describe another way to get the Android source codes if you hadn’t already cloned it’s repo before kernel.org servers went down. (more…)

Kernel.org has been hacked… Google requested to take android repo offline.

Thursday, September 1st, 2011

This hack was discovered on August 28th. Currently all kernel.org boxes are offline to do a backup and are in the process of doing complete reinstalls.

How the hackers managed to gain root access is currently unknown and is being investigated. The maintainers of kernel.org are in the process of doing an analysis on the code within git, and the tarballs to confirm that nothing has been modified.

Until then, say goodbye to the Android repository:

[root@localhost WORKING_DIRECTORY]# repo sync
android.git.kernel.org[0: 130.239.17.13]: errno=Connection refused
android.git.kernel.org[0: 199.6.1.173]: errno=Connection refused
android.git.kernel.org[0: 2001:6b0:e:4017:1972:112:1:0]: errno=Network is unreachable
android.git.kernel.org[0: 2001:500:60:10:1972:112:1:0]: errno=Network is unreachable
fatal: unable to connect a socket (Network is unreachable)
error: Cannot fetch platform/bionic

(more…)