Slashdot Mirror

← Back to Stories (view on slashdot.org)

More Info on Debian.org Security Breach

Posted by michael on from the inspector-clouseau dept.

mbanck writes "James Troup (part of the Debian System administration team) has published more information on the recent compromise of four debian.org machines. The attack vector seemed to be a sniffed password of an unprivileged account, from which the attacker somehow managed to gain root and install the suckit rootkit and crack the other machines. As the machines were fairly uptodate with respect to security, an as-of-yet unknown local root exploit might be in the wild, so keep an eye on your boxen.Note that the main ftp archive running on a sparc machine was not compromised, so the exploit might not yet be ported to non-i386 architectures."

15 of 545 comments (clear)

  1. Boxen.. by WeblionX · · Score: 3, Funny

    Here come the comments about the word "boxen..."

    --
    (\(\
    (=_=) Bani!
    (")")
    1. Re:Boxen.. by Chuck+Chunder · · Score: 3, Funny

      Someone needs their ears boxen.

      --
      Boffoonery - downloadable Comedy Benefit for Bletchley Park
    2. Re:Boxen.. by Stormie · · Score: 5, Funny

      If you call your computers "boxen", I hope they get cracked and rootkitted.

    3. Re:Boxen.. by AndroidCat · · Score: 5, Funny

      It's a perfectly good middle-english plural. Perhaps they just have rather olde boxen to develop on?

      --
      One line blog. I hear that they're called Twitters now.
    4. Re:Boxen.. by nyctopterus · · Score: 3, Funny

      It's a perfectly cromulent word. A noble linux emboxens the smallest geek.

  2. Re:Human Error by Tyler+Eaves · · Score: 5, Funny

    Random passphrase?

    Repeat after me: The best password is the one that isn't stikie'd to the monitor and/or keyboard.

    --
    TODO: Something witty here...
  3. Re:Human Error by SugoiMonkey · · Score: 5, Funny

    I say we cut out the user.

  4. Easy solution by therufus · · Score: 4, Funny

    Install windows. You'll never have to wonder if your system is being compromised, you'll know it is.

    Oh, and "password" is not really a "password".

    --
    You moved your mouse. Please restart Windows for changes to take effect.
  5. Ammended for the rest of us: by Anonymous Coward · · Score: 5, Funny

    Law #1: If Bill can persuade you to run his program on your computer, it's not your computer anymore.

  6. Re:#1 on Ten Immutable Laws of Security by prockcore · · Score: 5, Funny

    Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore.

    That's why I've been saying for years that all my computers are owned by Bill Gates.

  7. Unknown Debian exploit? by t0ny · · Score: 5, Funny

    Im sure glad my network runs on Windows!

    --

    Manipulate the moderator system! Mod someone as "overrated" today.

    1. Re:Unknown Debian exploit? by flacco · · Score: 5, Funny
      Im sure glad my network runs on Windows!

      hey it is pretty nice - i'm having a look around right now!

      --
      pr0n - keeping monitor glass spotless since 1981.
  8. Re:Human Error by BJH · · Score: 3, Funny

    Dunno, but I might cut off your head if I had a headache.

  9. Re:One recommendation by Celvin · · Score: 4, Funny
    To make sure my logs are secure, they are automaticly:
    • posted to several usenetgroups
    • posted as random comments to /.-stories (Along with some random anti-SCO/Microsoft propaganda so I don't get modded down and don't lose karma :)
    • uploaded to the linux kernel CVS
    • sent as email to all my friends
    This way they are mirrored as many places as possible and hopefully cached by Google. Wipe that out!
    --
    -- If ignorance is bliss, why aren't there more happy people?
  10. Re:So much for unbiased Slashdot by Alioth · · Score: 4, Funny

    Slashdot is NOT supposed to be unbiased. It's called /. for heaven's sake - if it was a Microsoft oriented site it would be \. (backslashdot.org)

    --
    Oolite: Elite-like game. For Mac, Linux and Windows