More Info on Debian.org Security Breach

mbanck writes "James Troup (part of the Debian System administration team) has published more information on the recent compromise of four debian.org machines. The attack vector seemed to be a sniffed password of an unprivileged account, from which the attacker somehow managed to gain root and install the suckit rootkit and crack the other machines. As the machines were fairly uptodate with respect to security, an as-of-yet unknown local root exploit might be in the wild, so keep an eye on your boxen.Note that the main ftp archive running on a sparc machine was not compromised, so the exploit might not yet be ported to non-i386 architectures."

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Boxen..

[Chuck Chunder]

Someone needs their ears boxen.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Human Error

[Tyler Eaves]

Random passphrase?

Repeat after me: The best password is the one that isn't stikie'd to the monitor and/or keyboard.

Re:Boxen..

[Stormie]

If you call your computers "boxen", I hope they get cracked and rootkitted.

Re:Human Error

[SugoiMonkey]

I say we cut out the user.

Re:Boxen..

[Anonymous Coward]

Yeah, the correct plural is "Debia".

Re:Boxen..

[Anonymous Coward]

no, that would be Debii

Re:Diebold, take note

[Anonymous Coward]

So you'll get rooted by someone you trust..what's the difference?

Re:Boxen..

[AndroidCat]

It's a perfectly good middle-english plural. Perhaps they just have rather olde boxen to develop on?

Re:Boxen..

[inode_buddha]

Damn... I was just recovering from all those 20-year-old "virii"...

Easy solution

[therufus]

Install windows. You'll never have to wonder if your system is being compromised, you'll know it is.

Oh, and "password" is not really a "password".

Re: Human Error

[Black Parrot]

> This incident reminds us of the importance of password security. It is sad to see one weak password responsible for such a breach.

I'm apologize - I never imagined that they would guess 'mydebian'.

Ammended for the rest of us:

[Anonymous Coward]

Law #1: If Bill can persuade you to run his program on your computer, it's not your computer anymore.

Re:Human Error

[buffer-overflowed]

Yea, if it weren't for those users, my network would be perfect. No complaints = no problems. That's how I know my network is perfect, during vacations, no one complains about anything, so it must be perfect.

Re:#1 on Ten Immutable Laws of Security

[prockcore]

Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore.

That's why I've been saying for years that all my computers are owned by Bill Gates.

Unknown Debian exploit?

[t0ny]

Im sure glad my network runs on Windows!

Re:Boxen..

[nyctopterus]

It's a perfectly cromulent word. A noble linux emboxens the smallest geek.

Re:This attack has obviosly shocked the comunity.

[Anonymous Coward]

even for those smart ones out there using slackware, like i do

omg u r a smarty man d00d ^__^
asl??

Re:Human Error

[jkrise]

Will you cut off your head if you got a headache?

-

Re:Boxen..

[Frymaster]

while we're at it... it's a little known fact that "suse" is a german anagram for "sue us" - a direct jab at sco.

and now that i'm on a "roll" - why the hell aren't the santa cruz organization and stanford university networks actually in santa cruz or stanford university? at least ibm is international...

Re:Unknown Debian exploit?

[flacco]

Im sure glad my network runs on Windows!

hey it is pretty nice - i'm having a look around right now!

Re:Boxen..

[Mattcelt]

No kidding? I had just assumed that someone had taken up on Brian Regan's [brianregan.com] pluralizations, like boxen and moosen.

Another of my favorites:
"I before E except after C
and when sounding like A as in neighbor and weigh
or on weekends or holidays or all throughout May
and you'll always be wrong no matter what you say!"

He's a very funny comic. There's a fan site that's worth checking out too. [brian-regan.com]

Re: Human Error

[Copid]

My God! That's the combination to the lock on my luggage...

Re:Human Error

[BJH]

Dunno, but I might cut off your head if I had a headache.

Brian Regan

[Anonymous Coward]

Teacher: "Erwin, what is the plural for Ox?"
Erwin: "Oxen. The farmer used his oxen."
Teacher: "Brian!"
Brian: "Whaaaat?"
Teacher: "What's the plural for Box?"
Brian: "Boxen. I bought two boxen of doughnuts."
Teacher: "No, Brian, you're an idiot."

Teacher: "Let's try another one. Erwin, what's the plural for goose?"
Erwin: "Geese. I saw a flock of geese."
Teacher: "Brian!"
Brian: "Whaaaat?
Teacher: "Brian, what's the plural for Moose?"

Brian: "Moosen! I saw a flock of moosen! There... there were many of them. Many much of them. Many much moosen. They were out in the woods... in the woodsen! They were eating grass... greese! The meese were eating greese in the woodsen! They were looking for the foodis to eatinisit! out in the woodingenis... in the woodenis... in the woodingenisenisen!

Teacher: "Brian, you're an imbecile."
Brian: "Imbecilen!"

Re:One recommendation

[Celvin]

To make sure my logs are secure, they are automaticly:

• posted to several usenetgroups
• posted as random comments to /.-stories (Along with some random anti-SCO/Microsoft propaganda so I don't get modded down and don't lose karma :)
• uploaded to the linux kernel CVS
• sent as email to all my friends

This way they are mirrored as many places as possible and hopefully cached by Google. Wipe that out!

Re:Human Error

[Anonymous Coward]

Man, shoving SDRAM into you brain is BAD FOR YOU! ;-)

Re:So much for unbiased Slashdot

[Alioth]

Slashdot is NOT supposed to be unbiased. It's called /. for heaven's sake - if it was a Microsoft oriented site it would be \. (backslashdot.org)

Re:Diebold, take note

[holy zarquon's singi]

Root (noun): Australian vernacular for "to have sex". So yes, getting rooted by someone you trust /is/ important.

Re:Brian Regan

[Mattcelt]

...and thus we have "spice is the variety of wife"! I get it now!

Defeat binary evil!

[DrHyde]

Note that the main ftp archive running on a sparc machine was not compromised, so the exploit might not yet be ported to non-i386 architectures.

So if we run Linux on Sparc, and Solaris on x86, we're safe!