Debian Project Servers Compromised

Sean was one of many to pass along the bad news from the debian-announce mailing list: "Some Debian Project machines have been compromised. This is a very unfortunate incident to report about. Some Debian servers were found to have been compromised in the last 24 hours. The archive is not affected by this compromise! In particular the following machines have been affected: 'master' (Bug Tracking System), 'murphy' (mailing lists), 'gluck' (web, cvs), 'klecker' (security, non-us, web search, www-master). Some of these services are currently not available as the machines undergo close inspection. Some services have been moved to other machines (www.debian.org for example). The security archive will be verified from trusted sources before it will become available again." They were going to announce 3.0r2 this morning; they've checked it and it's unaffected but obviously they're still postponing that release.

SCO Again!...

[isoga]

Obviously SCO are trying to break in and steal the source to prove once and for all that Linux has stolen their patents!

;)

dave

Tech stuff [homelinux.net]

Re:...not the archive.

[Anonymous Coward]

You're assuming here that the average script kiddie actually has a reason other than mindless vandalism.

Re:That explains

[Anonymous Coward]

Thanks for that insightful interpretation of events, Captain Obvious.

Has a Microsoft release ever been compromised?

[Anonymous Coward]

Sorry, but I had to say it.... a Microsoft release has never been delayed because one of their servers were compromised.

Let's just remember that before we extoll the virtues of how great open source is.

Hearing the news,

[KoolDude]

...thousands of slashdotters flocked to Netcraft website to check whether debian.org was running on IIS.

Re:Has a Microsoft release ever been compromised?

[Travoltus]

No, they just release it, virus or hacks and all. :)
(just kidding)

Re:SCO Again!...

[Urkki]

No no. They are trying to break in to *insert* patented code into Linux code, so they'd have a leg to stand on in the court ;)

Re:Hearing the news,

[cgranade]

Better than to debian.org to check to see the news... server comes back up, crippled, sees /. and runs again...

Re:Not on debian-announce archive

[Tri]

But when the three other random posters are debian devels... ;-)

Except that anonymous coward person. I've never seen *him* in the keyring...

Re:It's good to see that they are holding everythi

[xscarecrowx]

because he did it, duh!

OH NO!!!!

[HungWeiLo]

Was any code stolen? OH wait...

TRACED back to MSFT .de

[Anonymous Coward]

Cracked from M$

Terrorist attack against Debian

[S. Baldrick]

In response to the dastardly assault against the twin (mini-)towers, the President of Debian drew a line in the sand and immediately announced the invasion of Slackware.

What the hell?

[O.M.A.C.]

I ran apt-get and my machine was converted to Windows 2003!

You should be using...

[gosand]

Why my apt-get was failing from people.debian.org last nite. Not to mention why debian.org was down. :(

Funny, my apt-get using h4x0r3d.debian.org was working perfectly....

Re:whoa - better switch to NT !

[Noryungi]

bill g4t3z takes credit!

This should read "Bi11 g4T3z". Please respect the proper "3l33t" spelling. Thank you.

Another public-service message from your friendly spelling nazi. Or N4zi.

Re:MD5 by itself it useless

[tomstdenis]

Quick patent this idea! Put the words "over the internet" in it somewhere and you're set.

Tom

Re:hmmm... USA Assholes?

[Anonymous Coward]

The backdoor attempt on the linux-kernel was NSA-levels of sophistication.

If the NSA decides to puts a backdoor in linux or anything for that matter, you won't ever know it. And if you find it, you won't live to tell anyone.

Not that they need a backdoor anyway...

Re:...not the archive.

[TrentC]

The server that pushes .debs to archive is running debian/sparc (donated by sun btw), so probably the cracker didn't know how to port his leet exploit to sparc (all the comprimised machines were 1386).

You mean there's some value in those "unnecessary" non-i386 arches that Debian supports? Gee, maybe they have a good idea after all...

Jay (=

that really sucks...

[mediaisthemassage]

I just based my home cluster on debian because is so sexy...save the soul of your sun boxen and load linux....is fun....

But security holes exist, there is no getting around this, no matter how paranoid you are...

trust me..

I am a sitting in a faraday cage right now...I built it in my apartment to keep those pesky NSA spooks from uplinking with the nano-chips they implanted in my brain....

most of us are now implanted...you can't dig them out...i've tried....

No, I heard Apple is claiming the rights...

[ErnstKompressor]

to this compromise as it occured on a wednesday of an odd month, and was devised by a malicious user who never even worked at Apple, in the hopes that this would prod Debian users to cross-grade to 10.3...and then buy the PDA that Apple are developing with the help of a homeless guy who has been dumpster diving...and they are not even going to support the 'compromise' on anything before 10.4...CONSPIRACY!!!

or so says CNet ;)

Sorry...