Slashdot Mirror
Debian Project Servers Compromised
Sean was one of many to pass along
the bad news
from the debian-announce mailing list: "Some Debian Project machines have been compromised. This is a very unfortunate incident to report about. Some Debian servers were found to have been compromised in the last 24 hours. The archive is not affected by this compromise! In particular the following machines have been affected: 'master' (Bug Tracking System), 'murphy' (mailing lists), 'gluck' (web, cvs), 'klecker' (security, non-us, web search, www-master). Some of these services are currently not available as the machines undergo close inspection. Some services have been moved to other machines (www.debian.org for example). The security archive will be verified from trusted sources before it
will become available again." They were going to announce 3.0r2 this morning; they've checked it and it's unaffected but obviously they're still postponing that release.
Quick! Blame Microsoft!
Oh yeah! They're not secure! Good thing we have those air-tight Debian servers, eh Slashdotters?
"Ask not what your country can do for you." --John F. Kennedy
Debian takes forever to upgrade their distro and fix bugs, which is why Redhat or Suse are better for servers. The fact that all these servers were hacked and were running Debian might shut up some of the Debian elitist types who want everyone to use Debian for everything from server to desktop and inbetween. Debian is not good at everything, its really no better than slackware or gentoo.
People don't exist to serve systems, systems exist to serve people.
If Debian ran OpenBSD, this wouldn't have happened! Theo runs a tight ship over there.
I also think that Gentoo would have prevented this tragedy.
Conformity is the jailer of freedom and enemy of growth. -JFK
Linux is dying. Everyday proves that it is being cracked open more than any other operating system. This headline is just another evidence to that effect.
Here we have yet another example of how Microsoft's shoddy programming is causing no end of trouble. Microsoft's products are well known throughout the world to have poor security and they get hacked all the time. We should all boycott Microsoft products and sue Bill Gates for false advertising! If Debian were using open source software, this would not have happened!
Huh? What's that you say? Debian was using open source? Linux, you say? Their own product, you say?
Oh, well...then that's all different now, isn't it? This is now an example of why open source is so much BETTER than Microsoft's stuff! Yeah, that's it! Yeah, there's a silver lining to this cloud somewhere...yeah, just give me a minute and I'll come up with a dandy excuse that totally absolves any open source code bug from fault while at the same time finding a way to slam Microsoft.
After all, isn't that the Slashdot way?
In the end they will lay their freedom at our feet and say to us, Make us your slaves, but feed us. - Fyodor Dostoyevsky
How does this change the fact that Debian is just not good enough, and has compromised thousands of machines across the globe? Sheesh, the denial... This is just like the Mandrake frying standard PC hardware story. Yes, the LG drives weren't compliant to the de jure standards, but in the real world, standards are de facto, not de jure.
Open Source has gone a long way and produced a lot of software that's up there with its commercial counterparts (Latex, The GIMP, Audacity, Firebird, Miranda/GAIM/SIM, Gretl, Python) but the Linux distros available are still not industrial-strength. And denial isn't really gonna help making it work.
Screaming denial, hissy fits or throwing protocols and RFC's across the room aren't gonna convince the nonhacker world. Walk a mile in their shoes, and then rethink the way you deal with events.
You summed up all the posts I've read so far in this article. Nice job.
"Wow, Debian is so great because they're openly saying that the compromise happened! I'm so proud of Debian for its honesty, as other companies wouldn't have done the same. Wait, we were discussing the compromise itself? No, I don't want to think about it..."
With the upcoming FUDstorm, this is just what M$ needs, I am willing to bet that either a overzealous M$ employee, or a purpose paid consultant did this.
Get a free ipod.
Which means the hacker either didn't care of covering his tracks or needed constant access or just wasn't qualified enough to clean up the mess. Good hackers don't work like that. They get in, deploy a bunch of crap, take what they need, clean up and get out. Maybe a month later they announce a "newly discovered" vulnerability. So a couple of five thousand packets in debian _may_ contain unintended code which uses not yet announced vulnerabilities in linux kernel (or in the upcoming 2.6.x). Will anybody do a full code reivew on the entire codebase now?
The point is, just because it's Linux doesn't mean it's any more secure than Windows. In both cases a decent admin is necessary to fend off the attacks. Not many Linux servers are attacked (except for script kiddies) because attacking them is not (yet) in vogue. Guess what, this is changing. And remove those cron jobs which update your systems. They may be downloading trojans from the compromised distribution servers. Test before you deploy in other words. Or SIGN THE FUCKING CODE like Microsoft does.
Lets see, could be the RIAA, or the MPAA,
or SCO! Maybe even M$!
No cracked server can compare to that beautiful little crack under mare's tail!
that the OpenBSD servers were compromised and I'll start to worry. :)
RandomAndInteresting.comdefending the world from stupidity since 1979
And to be honest, your post so too lacking in any substantive thought to be worth much of a response, but I'll try anyway.
Slashdot, being somewhat overrun by liberals and left-leaning "thinkers" are often champions of diversity -- so long as the diversity goes along with what the crowd wants. Quite often it's posted that we should accept the racial, sexual, and national diversity without question, but when it comes to ideological differences, no diversity is to be tolerated. Toe the line. Say the right things. Nod like everyone else. Linux good, Microsoft Bad. Open source good, anything else bad. Naysayers are trolls who pollute the purity of our collective brilliance. What a bunch of hypocritical hogwash, and I'm not the only one who notices it here.
You don't feel the need to go anywhere near things you disagree with? So, how is it, living in a conflict-free world? Kind of nice, isn't it? No worries, no challenges, no need to really exercise your debating or rational thinking skills. Your brain can enjoy a nice, peaceful, vegetative state where nothing bad ever happens and all thought agree with whatever preconceived notions you've already arrived at. Oh, and the world is flat, the Sun revolves around the Earth, and there's absolutely no way that man can ever fly or travel faster than the speed of sound.
Lots of great things came from people who did not participate in groupthink. You shy away from adversity? Fine, enjoy yourself. You're doing very little to advance yourself if all you do is surround yourself with an agreeable environment, and you're doing nothing to advance the state of the human species. It's too bad you're taking up space and consuming resources, though, because it appears you're more or less a waste of genetic material.
Oops! Sorry! I exposed you to a disagreeable thought! I know that must be traumatizing you right about now, so I'll leave you to meditate, or burn incense, or whatever else it is you do when the abrasive world called reality bumps uncomfortably up against that delicate cranium of yours. Now run on and play. No need to read more boring posts anymore. I'm sure there's a nice post elsewhere that only says nice things that you already agree with. Now run on and play and don't splash in the puddles.
In the end they will lay their freedom at our feet and say to us, Make us your slaves, but feed us. - Fyodor Dostoyevsky
Doesn't Microsoft own a copy that makes industrial-strength rectum lube? Could this be a way to increase sales of rectum lube so Bill Gates will have even more money? And pay even more people to conspire against us true-believers?
A-HA! I've discovered the conspiracy in the Reverse-reverse-reverse psychology! You can't deny the conspiracy now!
Unless I'm a conspirator also... I think.
/* It's amazing the damage someone with a stunted sense of humor and mod points can do to your karma. */
I mean a "company that makes industrial-strength rectum lube".
My damn spellchecker is in on it too!!!!!!!!
/* It's amazing the damage someone with a stunted sense of humor and mod points can do to your karma. */
whoever modded me down YOU lick my balls.....just cuz i said "lick his balls" doesnt make my comment any less valif.
/. who think they are superior
fuck all hoes on
I KUT J00 M4NG!!!
Sha na na na, sha na na na na,
Sha na na na, sha na na na na,
Sha na na na, sha na na na na,
Sha na na na, sha na na na na,
Yip yip yip yip yip yip yip yip
Mum mum mum mum mum mum
Get a job
Sha na na na, sha na na na na
Every morning about this time
she get me out of my bed
a-crying get a job.
After breakfast, everyday,
she throws the want ads right my way
And never fails to say,
Get a job
Sha na na na, sha na na na na
Sha na na na, sha na na na na,
Sha na na na, sha na na na na,
Sha na na na, sha na na na na,
Yip yip yip yip yip yip yip yip
Mum mum mum mum mum mum
Get a job
Sha na na na, sha na na na na
And when I get the paper
I read it through and through
And my girl never fails to say
If there is any work for me,
And when I go back to the house
I hear the woman's mouth
Preaching and a crying,
Tell me that I'm lying 'bout a job
That I never could find.
Sha na na na, sha na na na na,
Sha na na na, sha na na na na,
Sha na na na, sha na na na na,
Sha na na na, sha na na na na,
Yip yip yip yip yip yip yip yip
Mum mum mum mum mum mum
Get a job
Sha na na na, sha na na na na