Popular FTP package (vsftp) tarball poisoned
A backdoor has been discovered in the source code of a widely used FTP package.
Version 2.3.4 of the source code for vsftpd – billed as probably the most secure and fastest FTP server for Unix-like systems – was replaced with a compromised version with an invalid signature. The dodgy tarball version of the code was uploaded onto the main download site and available for around three days before the hack was detected by Chris Evans, the author of vsftpd, on Sunday (3 July).
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump