Slashdot Mirror

← Back to Stories (view on slashdot.org)

Debian Project Servers Compromised

Posted by jamie on from the batten-down-hatches dept.

Sean was one of many to pass along the bad news from the debian-announce mailing list: "Some Debian Project machines have been compromised. This is a very unfortunate incident to report about. Some Debian servers were found to have been compromised in the last 24 hours. The archive is not affected by this compromise! In particular the following machines have been affected: 'master' (Bug Tracking System), 'murphy' (mailing lists), 'gluck' (web, cvs), 'klecker' (security, non-us, web search, www-master). Some of these services are currently not available as the machines undergo close inspection. Some services have been moved to other machines (www.debian.org for example). The security archive will be verified from trusted sources before it will become available again." They were going to announce 3.0r2 this morning; they've checked it and it's unaffected but obviously they're still postponing that release.

21 of 666 comments (clear)

  1. SCO Again!... by isoga · · Score: 5, Funny
    Obviously SCO are trying to break in and steal the source to prove once and for all that Linux has stolen their patents!

    ;)

    dave

    Tech stuff

    1. Re:SCO Again!... by Urkki · · Score: 5, Funny

      No no. They are trying to break in to *insert* patented code into Linux code, so they'd have a leg to stand on in the court ;)

  2. Re:...not the archive. by Anonymous Coward · · Score: 1, Funny

    You're assuming here that the average script kiddie actually has a reason other than mindless vandalism.

  3. Re:That explains by Anonymous Coward · · Score: 4, Funny

    Thanks for that insightful interpretation of events, Captain Obvious.

  4. Has a Microsoft release ever been compromised? by Anonymous Coward · · Score: 2, Funny

    Sorry, but I had to say it.... a Microsoft release has never been delayed because one of their servers were compromised.

    Let's just remember that before we extoll the virtues of how great open source is.

    1. Re:Has a Microsoft release ever been compromised? by Travoltus · · Score: 1, Funny

      No, they just release it, virus or hacks and all. :)
      (just kidding)

      --
      --- Grow a pair, liberals... stop letting the Republicans bully you!
  5. Hearing the news, by KoolDude · · Score: 4, Funny


    ...thousands of slashdotters flocked to Netcraft website to check whether debian.org was running on IIS.

    --
    getSexySig(); /* returns sexy signature */
    1. Re:Hearing the news, by cgranade · · Score: 2, Funny

      Better than to debian.org to check to see the news... server comes back up, crippled, sees /. and runs again...

      --

      #define DRM chmod 000

  6. Re:Not on debian-announce archive by Tri · · Score: 3, Funny

    But when the three other random posters are debian devels... ;-)

    Except that anonymous coward person. I've never seen *him* in the keyring...

  7. Re:It's good to see that they are holding everythi by xscarecrowx · · Score: 1, Funny

    because he did it, duh!

  8. OH NO!!!! by HungWeiLo · · Score: 5, Funny

    Was any code stolen? OH wait...

    --
    There are a huge number of yeast infections in this county. Probably because we're downriver from the bread factory.
  9. TRACED back to MSFT .de by Anonymous Coward · · Score: 0, Funny

    Cracked from M$

  10. Terrorist attack against Debian by S.+Baldrick · · Score: 4, Funny

    In response to the dastardly assault against the twin (mini-)towers, the President of Debian drew a line in the sand and immediately announced the invasion of Slackware.

  11. What the hell? by O.M.A.C. · · Score: 4, Funny

    I ran apt-get and my machine was converted to Windows 2003!

    --
    /* It's amazing the damage someone with a stunted sense of humor and mod points can do to your karma. */
  12. You should be using... by gosand · · Score: 3, Funny
    Why my apt-get was failing from people.debian.org last nite. Not to mention why debian.org was down. :(

    Funny, my apt-get using h4x0r3d.debian.org was working perfectly....

    --

    My beliefs do not require that you agree with them.

  13. Re:whoa - better switch to NT ! by Noryungi · · Score: 2, Funny

    bill g4t3z takes credit!

    This should read "Bi11 g4T3z". Please respect the proper "3l33t" spelling. Thank you.

    Another public-service message from your friendly spelling nazi. Or N4zi.

    --
    The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
  14. Re:MD5 by itself it useless by tomstdenis · · Score: 2, Funny

    Quick patent this idea! Put the words "over the internet" in it somewhere and you're set.

    Tom

    --
    Someday, I'll have a real sig.
  15. Re:hmmm... USA Assholes? by Anonymous Coward · · Score: 1, Funny

    The backdoor attempt on the linux-kernel was NSA-levels of sophistication.

    If the NSA decides to puts a backdoor in linux or anything for that matter, you won't ever know it. And if you find it, you won't live to tell anyone.

    Not that they need a backdoor anyway...

  16. Re:...not the archive. by TrentC · · Score: 2, Funny

    The server that pushes .debs to archive is running debian/sparc (donated by sun btw), so probably the cracker didn't know how to port his leet exploit to sparc (all the comprimised machines were 1386).

    You mean there's some value in those "unnecessary" non-i386 arches that Debian supports? Gee, maybe they have a good idea after all...

    Jay (=

  17. that really sucks... by mediaisthemassage · · Score: 3, Funny
    I just based my home cluster on debian because is so sexy...save the soul of your sun boxen and load linux....is fun....

    But security holes exist, there is no getting around this, no matter how paranoid you are...

    trust me..

    I am a sitting in a faraday cage right now...I built it in my apartment to keep those pesky NSA spooks from uplinking with the nano-chips they implanted in my brain....

    most of us are now implanted...you can't dig them out...i've tried....

  18. No, I heard Apple is claiming the rights... by ErnstKompressor · · Score: 2, Funny

    to this compromise as it occured on a wednesday of an odd month, and was devised by a malicious user who never even worked at Apple, in the hopes that this would prod Debian users to cross-grade to 10.3...and then buy the PDA that Apple are developing with the help of a homeless guy who has been dumpster diving...and they are not even going to support the 'compromise' on anything before 10.4...CONSPIRACY!!!

    or so says CNet ;)

    Sorry...

    --
    We apologise for the fault in this post. Those responsible have been sacked. -- Signed RICHARD M. NIXON