FSF FTP Site Cracked, Looking for MD5 Sums

landley writes "The Free Software Foundation's FTP site at ftp.gnu.org has been "compromised", and they don't seem to have full backups. They've yanked a bunch of recent packages (and their whole alpha.gnu.org ftp site), and when I asked about it they responded 'Our FTP server was compromised, yes. We are beginning to find good MD5sums for files which have not yet been restored, and they will be available again Real Soon Now. If you can provide MD5sums for any of the files listed in MISSING-FILES, it would be very much appreciated.' " Update the FSF has a statement on the FTP site explaining the matter.

Correct MD5s

[Henry+V+.009]

Sure, I've got the "correct" MD5s right here. You trust me, don't you?

Re:Correct MD5s

[schulte]

Hmmm....

# grep -i ircflood *.c
gcc.c:#include "ircflood.h"

What's going on here?@!?@!?

the $64,000 question:

[BobTheLawyer]

was the server running NT?

Re:the $64,000 question:

[hawkestein]

Or maybe, JUST FUCKING MAYBE , Linux isn't some sort of magical bug free OS where every buffer is checked, every race condition averted, and every service that runs on it is guaranteed bug free.

That would be OpenBSD. ;)

Re:the $64,000 question:

[Wuffle]

and patched August 31, 2003

I knew the open source community worked fast but that's just scary.

Re:the $64,000 question:

[DunbarTheInept]

leaving out the profanities, this isn't flamebait

Duhhh. "If it wasn't for the flames, this wouldn't be a flame."

Re:the $64,000 question:

[DGtlRift]

You mean the $65,536...

Re:the $64,000 question:

[sulli]

It's more than a $64,000 question. It's more like a $64M question. Many thousands or even millions of users depend on these tools, and they don't have reliable backups?! No wonder people refuse to say GNU before everything and think RMS is a nutjob.

If I were a Microsoft or Sun PR guy, I would be using this for anti-free software FUD immediately. "Sure you can get the source .. if it's not compromised on the server. Can your ENTERPRISE stake its MISSION CRITICAL BUSINESS on such a weak base?"

Finnishing move

[palad1]

After getting their FTP server rammed in the sockets, I bet the maintainers of ftp.gnu.org will be just more than happy to go through a good ol' slashdotting because someone _has_ to convert urls into hyperlinks for his /. submission.

I know, I clicked on the link :)

SCO

[Amon+Re]

Hmm odd...one day they speak of taking sco support out of gcc, the next their ftp server gets comprised, interesting.

Obg.

[Rosonowski]

"Real men don't use backups, they post their stuff on a public ftp server and let the rest of the world make copies." - Linus Torvalds

Re:Obg.

[nolife]

My thoughts exactly, recently I've been using P2P to backup my music files.

Another CLE?

[NetNinja]

Career Limiting Event?

I have the files

[Zabu]

But do to some sort of wierd computer problem my machine keeps on restarting...


I will get around to fixing it sometime next week.

Oops!

[TypoNAM]

Hate it when that happends...

Who wants to sell off some MD5 checksums off ebay? Let's make a few dallors! :D

This is a conspiracy

[palad1]

When looking at the missing files: gnu/windows/emacs/21.2/leim-21.2-src.tar.gz gnu/windows/emacs/21.2/emacs-21.2-barebin-i386.tar .gz gnu/windows/emacs/21.2/emacs-21.2-bin-i386.tar.gz gnu/windows/emacs/21.2/emacs-21.2-fullbin-i386.tar .gz gnu/windows/emacs/21.2/emacs-21.2-leim.tar.gz gnu/windows/emacs/21.2/emacs-21.2-lisp.tar.gz gnu/windows/emacs/21.2/emacs-21.2-src.tar.gz gnu/windows/emacs/21.2/emacs-21.2-undumped-i386.ta r.gz

the list goes on abd on and...
now, grep for 'vi' : nothing, nada, null.

Of course, what do you think? This is a conspiracy orchestrated by VI lovers, to wipe out EMACS from the face of earth!

Re:This is a conspiracy

[PetoskeyGuy]

This is a conspiracy orchestrated by VI lovers, to wipe out EMACS from the face of earth!

EMACS probably has it's own built in function to wipe itself from the face of the earth. Don't worry though, there is probably another command to dump the source for itself directly from the binary.

Re:Any word on how the crackers got in?

how did the crackers break into the ftp site? anyone know?

someone guessed the root password "itsGNUlinux!!!"

headline

[Lxy]

if you understand the headline

FSF FTP Site Cracked, Looking for MD5 Sums

You just might be a geek.

Re:headline

[wfberg]

if you understand the headline

FSF FTP Site Cracked, Looking for MD5 Sums

You just might be a geek.

The headline should have been simply

FSF ftp 0wn3d IM RMS teh md5sum's

Then the mainstream media would be all "OMFG WTF?! STFU /. I'm writing another MS Blaster story, bi0tch!"

Re:headline

[landley]

What does it mean if you wrote it, then?

Rob

obvious conclusion

/puts on tinfoil hat/

BUSH/ASHCROFT/CIA haxored it and put trojans in all GNU software. They are using it to track peopled down and send them to Gitmo!!!

Re:ouch, saw this yesterday

[gearheadsmp]

Look no further than across the pond, my friend! Faster downloads than iBiblio, and it's run by this guy. So dig in!

If this had been an open source ftp server

[Stalemate]

We would already be flooded with posts about how if this were a Microsoft server we would already be flooded with posts bashing Microsoft and talking about....oh, right, my bad.

Put your glove on

[Zabu]

Then next time you will catch the joke...

Re:Put your glove on

Great come back.

NOT!!!

Complete md5sum

[Penguin]

$ md5sum complete-gnu.tgz
deadbeefdeadbeefdeadbeefdeadbeef complete-gnu.tgz

Re:So apache no invulnerable then...

[ceejayoz]

I guess this blows the "slashdotters know what they are talking about" myth. Oh wait......

That myth existed? Seems fairly unlikely to me... ;-)

Re:And in other news...

[iapetus]

Well, it will be as soon as they can remember the key combination for 'hack into VI web site' is. Now I know it's in here somewhere - is it M-~ h C-V...?

Re:You're Kidding?

you looking for porn in the basement ia not an enterprise

Re:That is awful...

[sdriver]

Don't you need to take a dump to backup? :)

man dump ;)

Re:In Soviet Russia

[Delphix]

Actually that's:

In Democratic America, GNU Mirrors you.

DARL! DARL!!

[pair-a-noyd]

Turn that pee-cee thing off and go to bed RIGHT NOW!

Yes mom.... /pull covers over head and laptop/

Re:You're Kidding?

[Niles_Stonne]

That's why I liked Picard.

Re:Any word on how the crackers got in?

[Jhan]

Wouldn't that be "GNPisNotthePassword"?

GNUBlaster

[root@localhost src]# cat md5sum
Dickie Stallman why do you make this possible? Start making money and fix your software!!

Re:This pisses me off more than it should.

[RTMFD]

In other news... St. Ignucius escaped from the fire at his church unscathed :)

*Rim Shot*

SCO did it! SCO did it!

[aggieben]

I'll sick my cat on them....

Troll/Flamebait... please mod me down

[felis_panthera]

and proud of it... this has nothing to do with your post, it has to do with your sig. I can't stand misquotes, especially not from The Simpsons. You cannot simply say that the quote was from "The Simpsons", there have been 14 seasons of episodes to choose from. The quote in question was delievered by Superintendant Chalmers in Season 5, episode 19 "Sweet Seymour Skinner's Baadasssss Song" upon hearing Ned Flanders (the interim principle of Springfield elementary) thanking God for another glorious day.

Now that I have proven that my geek is bigger than yours, please for the love of the gods mod me down so no one else will ever be able to read this.

Re:This pisses me off more than it should.

[DaveAtFraud]

If they catch the perp, the punishment should be something really heinous like locking them up with a computer that has Microsoft "Bob" installed and have continuous "Barney" tunes piped into their cell. That'll teach 'em.