Slashdot Mirror

← Back to Stories (view on slashdot.org)

Debian Project Servers Compromised

Posted by jamie on from the batten-down-hatches dept.

Sean was one of many to pass along the bad news from the debian-announce mailing list: "Some Debian Project machines have been compromised. This is a very unfortunate incident to report about. Some Debian servers were found to have been compromised in the last 24 hours. The archive is not affected by this compromise! In particular the following machines have been affected: 'master' (Bug Tracking System), 'murphy' (mailing lists), 'gluck' (web, cvs), 'klecker' (security, non-us, web search, www-master). Some of these services are currently not available as the machines undergo close inspection. Some services have been moved to other machines (www.debian.org for example). The security archive will be verified from trusted sources before it will become available again." They were going to announce 3.0r2 this morning; they've checked it and it's unaffected but obviously they're still postponing that release.

3 of 666 comments (clear)

  1. Those slackers! by prisoner-of-enigma · · Score: 1, Troll

    Here we have yet another example of how Microsoft's shoddy programming is causing no end of trouble. Microsoft's products are well known throughout the world to have poor security and they get hacked all the time. We should all boycott Microsoft products and sue Bill Gates for false advertising! If Debian were using open source software, this would not have happened!

    Huh? What's that you say? Debian was using open source? Linux, you say? Their own product, you say?

    Oh, well...then that's all different now, isn't it? This is now an example of why open source is so much BETTER than Microsoft's stuff! Yeah, that's it! Yeah, there's a silver lining to this cloud somewhere...yeah, just give me a minute and I'll come up with a dandy excuse that totally absolves any open source code bug from fault while at the same time finding a way to slam Microsoft.

    After all, isn't that the Slashdot way?

    --
    In the end they will lay their freedom at our feet and say to us, Make us your slaves, but feed us. - Fyodor Dostoyevsky
  2. Re:...not the archive. by Knights+who+say+'INT · · Score: 1, Troll
    Let's hypothetically assume that this compromise is the result of a malicious attack by either an immature script-kiddie/cracker or an evil conspiracy from the corporate software world.

    How does this change the fact that Debian is just not good enough, and has compromised thousands of machines across the globe? Sheesh, the denial... This is just like the Mandrake frying standard PC hardware story. Yes, the LG drives weren't compliant to the de jure standards, but in the real world, standards are de facto, not de jure.

    Open Source has gone a long way and produced a lot of software that's up there with its commercial counterparts (Latex, The GIMP, Audacity, Firebird, Miranda/GAIM/SIM, Gretl, Python) but the Linux distros available are still not industrial-strength. And denial isn't really gonna help making it work.

    Screaming denial, hissy fits or throwing protocols and RFC's across the room aren't gonna convince the nonhacker world. Walk a mile in their shoes, and then rethink the way you deal with events.

  3. Tell me... by np_bernstein · · Score: 1, Troll

    that the OpenBSD servers were compromised and I'll start to worry. :)

    --
    RandomAndInteresting.comdefending the world from stupidity since 1979