More Info on Debian.org Security Breach

mbanck writes "James Troup (part of the Debian System administration team) has published more information on the recent compromise of four debian.org machines. The attack vector seemed to be a sniffed password of an unprivileged account, from which the attacker somehow managed to gain root and install the suckit rootkit and crack the other machines. As the machines were fairly uptodate with respect to security, an as-of-yet unknown local root exploit might be in the wild, so keep an eye on your boxen.Note that the main ftp archive running on a sparc machine was not compromised, so the exploit might not yet be ported to non-i386 architectures."

Openness is good

[iamdrscience]

I like how when debian's servers are cracked they tell you about it and furthermore, remind you again later with the details. If a similar thing happened with Microsoft it would be hushed down and certainly no details about it would be publicized later. Come to think of it, even a commercial Linux company like Red Hat might be weary in dealing with a similar issue as well -- I think they'd be likely to be open about it, but you never know what's going to happen when money and stock prices are involved.

Re:One recommendation

[Tyler+Eaves]

Uh, as soon as you're r00ted any sort of local access controls are null and void.

Re:#1 on Ten Immutable Laws of Security

[autopr0n]

Law #1 doesn't apply here. The intruder sniffed a password, and ran his own software. As far as I know, nobody was tricked into running malicious software. Law #1 should read, for real OS's "Law #1: If a bad guy can persuade you to run his program on your account, its not your account anymore."

So linux isn't a real OS now?