Slashdot Mirror

← Back to Stories (view on slashdot.org)

Gentoo rsync Server Compromised [updated]

Posted by timothy on from the debian-parallel dept.

costela writes "LWN points out that the Gentoo project fired out an alert about one compromised rsync server." From the message itself: "However, the compromised system had both an IDS and a file integrity checker installed and we have a very detailed forensic trail of what happened once the box was breached, so we are reasonably confident that the portage tree stored on that box was unaffected." Update: 12/03 22:54 GMT by T : One more damage report: gibson writes "The Free Software Foundation recently discovered that its software host site was compromised a month ago. The compromise appears to be the same as the recent attacks on the Debian servers. The site is shut down until Friday while they install replacement hardware and verify the authenticity of the hosted source code."

3 of 600 comments (clear)

  1. Re:The only reason this is news... by An0maly · · Score: 0, Flamebait

    Well excuse me Mr. Prissy-pants. Forgive me for insulting you with my comments. I'll FTP you a dollar for your troubles of showing me the error of my ways. =P

    --
    "...if you don't like your job, you don't strike. You just go in every day and do it really half-assed..." -Homer
  2. RMS-like statement in all it's glory by theolein · · Score: 0, Flamebait

    In the interest of continuing cooperation and in helping to improve security for all essential Free Software infrastructure, and despite important philosophical differences, we are working closely with Debian project members to find the perpetrators and to secure essential Free Software infrastructure for the future.

    This just had to have RMS invloved, managing to get his bigoted statements in, even when the system has been compromised.

    Damn man, you've been rooted and you can think of nothing better to say than that you have "important philosophical differences" with the rest of the OSS world, but that you will be OH SO GENEROUS and actually bother to talk to some people who don't get all hyped up when they say Linux and not GNU/Linux.

    That is why your fuckshit GNU/Hurd is still where it is you pompous clown.

  3. Re:well... by You're+All+Wrong · · Score: 0, Flamebait

    "it just downloads a list of packages and how to build each one."

    Oh, OK, that method guarantees that compromised binaries won't get onto your system. No chance that the list of packages would be altered to point to compromised ones, and no chance that the instructions how to build them might involve underhand actions. Sure, sure, all's rosy.

    NOT!

    YAW.

    --
    Your head of state is a corrupt weasel, I hope you're happy.