backtop


Print 13 comment(s) - last by S3anister.. on Jul 16 at 9:31 PM

It's happened more than once for Debian

Early yesterday morning, Debian developer James Troup wrote an email to members of the Debian community notifying them that a Debian GNU/Linux server was compromised. According to the email, a server located at the gluck.debian.org domain was broken into. According to Troup, an investigation is being conducted as to what allowed the break-in to occur and exactly what was damaged in the process.

Several Debian servers went on security lock-down during the rest of the day and the gluck.debian.org machine was taken off line. Troup said "we've taken the machine offline and a are preparing to reinstall it." According to Troup's email:

Early this morning we discovered that someone had managed to compromise gluck.debian.org.  We've taken the machine offline and are preparing to reinstall it.  This means the following debian.org services are currently offline:

 cvs, ddtp, lintian, people, popcon, planet, ports, release

Based on the results of our initial investigation we've locked down most other debian.org machines, limiting access to DSA only, until they can be fixed for what we suspect is the exploit used to compromise gluck.


This incident is not the only hacking incident that Debian has been in. In November 2003, several of Debian's servers were compromised in a similar fashion. Attackers had compromised four of Debian's servers that included web services, mailing lists, security downloads and common versioning system (CVS).


Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Hacked?
By msftman19 on 7/14/2006 10:01:37 AM , Rating: 2
I'll post it before anyone else does, to save the Microsoft trolls the trouble.

"Who would have thought that Debian is running Windows Server? Because everyone knows that Windows is the only OS that can be hacked or attacked by a virus\worm."




RE: Hacked?
By TomZ on 7/14/06, Rating: 0
RE: Hacked?
By Burning Bridges on 7/14/2006 11:06:59 AM , Rating: 2
It's totallz true that any widely used OS will be hacked and exploited more. However, I have to say, that, as both a windows and linux user, I think linux is more secure than windows, and if both had the same amount of exposure to hackers, I reckon that there would be more problems for windows than linux.

That's just my personal opinion though,


RE: Hacked?
By msftman19 on 7/14/2006 12:00:25 PM , Rating: 2
The interesting aspect of the security debate is whether it is inherently more secure to have closed source and a small number of developers, or an open source (as in, open to all, benevolent or malevolent coders) and more 'hands in the cookie jar'.


Hacking linux
By S3anister on 7/16/2006 9:31:47 PM , Rating: 2
I just think that hacking a Linux server is nonsense. Either the person/people who hacked the server were OSX or Windows lovers or they are Linux users who are just a**holes. I mean really - does hacking do anyone any good?


Details of what happened
By Hoser McMoose on 7/14/2006 1:32:31 PM , Rating: 2
Here's a link to the details of what happened:

http://www.debian.org/News/2006/20060713

As others have said, ANY server can be hacked, regardless of what OS it's running on. Debian's servers are VERY vulnerable because they offer access to a LOT of functionality for thousands of independant developers around the world. The fact that they've only been hacked twice in ~6 years, and both times the compromise was discovered within hours, means that they actual have a pretty darn good track records.

Remember, the most dangerous hack is the one you don't know about yet!




RE: Details of what happened
By masher2 (blog) on 7/14/06, Rating: 0
RE: Details of what happened
By oTAL on 7/14/2006 7:24:17 PM , Rating: 2
Dude... your maths suck. If it happened 6 years ago and again recently, then you don't jast divide 6/2 and get 3... I mean... take a little time to think before posting...


RE: Details of what happened
By TomZ on 7/14/2006 10:09:48 PM , Rating: 2
Your math is only correct if there are zero attacks in the next six years. So your calculation of the rate of attacks is no better or worse that masher2's, it only makes a different assumption.


RE: Details of what happened
By masher2 (blog) on 7/14/06, Rating: 0
By bersl2 on 7/14/2006 5:46:40 PM , Rating: 3
Kids, don't be stupid with passwords.




whoa
By Burning Bridges on 7/14/2006 9:51:12 AM , Rating: 2
quote:
during the rests of the day


should be = during the rest of the day

I wonder what caused the break-in and if there is a flaw in the server?




How in the hell is this news?
By Nekrik on 7/15/2006 3:46:13 PM , Rating: 2
Is it because they actually noticed they were compromised?




"My sex life is pretty good" -- Steve Jobs' random musings during the 2010 D8 conference











botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki