More Info on Debian.org Security Breach

mbanck writes "James Troup (part of the Debian System administration team) has published more information on the recent compromise of four debian.org machines. The attack vector seemed to be a sniffed password of an unprivileged account, from which the attacker somehow managed to gain root and install the suckit rootkit and crack the other machines. As the machines were fairly uptodate with respect to security, an as-of-yet unknown local root exploit might be in the wild, so keep an eye on your boxen.Note that the main ftp archive running on a sparc machine was not compromised, so the exploit might not yet be ported to non-i386 architectures."

Re:Human Error

[Tyler+Eaves]

Random passphrase?

Repeat after me: The best password is the one that isn't stikie'd to the monitor and/or keyboard.

Re:Boxen..

[Stormie]

If you call your computers "boxen", I hope they get cracked and rootkitted.

Re:Human Error

[SugoiMonkey]

I say we cut out the user.

Re:Boxen..

[AndroidCat]

It's a perfectly good middle-english plural. Perhaps they just have rather olde boxen to develop on?

Ammended for the rest of us:

Law #1: If Bill can persuade you to run his program on your computer, it's not your computer anymore.

Re:#1 on Ten Immutable Laws of Security

[prockcore]

Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore.

That's why I've been saying for years that all my computers are owned by Bill Gates.

Unknown Debian exploit?

[t0ny]

Im sure glad my network runs on Windows!

Re:Unknown Debian exploit?

[flacco]

Im sure glad my network runs on Windows!

hey it is pretty nice - i'm having a look around right now!