Linux distributor security list destroyed after hacker compromise
![ryan-naraine.jpg](https://www.zdnet.com/a/img/resize/58705b1ab848cb0209d7d7d504dffaab176d93aa/2014/07/22/4b4e2273-1175-11e4-9732-00505685119a/ryan-naraine.jpg?auto=webp&fit=crop&frame=1&height=192&width=192)
In a note to "Vendor-Sec" members, moderator Marcus Meissner said he noticed the break-in on January 20 but warned that it might have existed for much longer.
I have disabled the specific backdoor, but as I am not sure how the break-in happened it might reappear. So I recommend not mailing embargoed issues to vendor-sec@....de at this time.
Immediately after Meissner's warning e-mail, the attacker re-entered the compromised machine and destroyed the installation.
The "Vendor-Sec" list is used by distributors of free/open-source OS and software to discuss potential distribution element (kernel, libraries, applications) security vulnerabilities, as well as to co-ordinate the release of security updates by members.
This means that a compromise and the capturing of e-mails could have serious consequences.
Meissner has since killed the list:
So everyone please consider vendor-sec@....de is dead and gone at this point, successors (or not) will hopefully result out of this discussion.
The H Security notes that this isn't the first compromise of the "Vendor-Sec" list. In 2005, black hat hackers reportedly hijacked a kernel exploit for root access from the list.