Slashdot Mirror


Gentoo rsync Server Compromised [updated]

costela writes "LWN points out that the Gentoo project fired out an alert about one compromised rsync server." From the message itself: "However, the compromised system had both an IDS and a file integrity checker installed and we have a very detailed forensic trail of what happened once the box was breached, so we are reasonably confident that the portage tree stored on that box was unaffected." Update: 12/03 22:54 GMT by T : One more damage report: gibson writes "The Free Software Foundation recently discovered that its software host site was compromised a month ago. The compromise appears to be the same as the recent attacks on the Debian servers. The site is shut down until Friday while they install replacement hardware and verify the authenticity of the hosted source code."

12 of 600 comments (clear)

  1. On behalf of all Debian users everywhere by Anonymous Coward · · Score: -1, Flamebait

    I just wanted to say, "HA HA! You got yours, you zealot bastards!" Suck my wang, motherfuckers!

  2. Re:"Reasonably Confident"? by Anonymous Coward · · Score: -1, Flamebait

    I'm reasonably confident you smoke cock too.

  3. huh? by Anonymous Coward · · Score: -1, Flamebait


    "Only one remote hole in the default install, in more than 7 years!"

    Oh wait, sorry, that's OpenBSD not Linux.

  4. Re:"Reasonably Confident"? by Anonymous Coward · · Score: -1, Flamebait

    So you don't deny the part about smoking cock?

  5. Re:RSYNC by Anonymous Coward · · Score: -1, Flamebait

    Idiot.

  6. Thats right, go ahead and try to deflect the blame by Anonymous Coward · · Score: -1, Flamebait

    ..onto Microsoft again, like you always do. Thats right. Good dog.

    So whats the Linux root compromise looking like for next week? They're coming so fast now, soon it won't even be news.

  7. Re:The only reason this is news... by An0maly · · Score: 0, Flamebait

    Well excuse me Mr. Prissy-pants. Forgive me for insulting you with my comments. I'll FTP you a dollar for your troubles of showing me the error of my ways. =P

    --
    "...if you don't like your job, you don't strike. You just go in every day and do it really half-assed..." -Homer
  8. Re:GNAA WUZ HERE by Anonymous Coward · · Score: -1, Flamebait

    GNAA? Goatse Needs Another Asshole?

  9. GNAASTEE is coming soon by Anonymous Coward · · Score: -1, Flamebait

    GNAASTEE is coming soon...

  10. RMS-like statement in all it's glory by theolein · · Score: 0, Flamebait

    In the interest of continuing cooperation and in helping to improve security for all essential Free Software infrastructure, and despite important philosophical differences, we are working closely with Debian project members to find the perpetrators and to secure essential Free Software infrastructure for the future.

    This just had to have RMS invloved, managing to get his bigoted statements in, even when the system has been compromised.

    Damn man, you've been rooted and you can think of nothing better to say than that you have "important philosophical differences" with the rest of the OSS world, but that you will be OH SO GENEROUS and actually bother to talk to some people who don't get all hyped up when they say Linux and not GNU/Linux.

    That is why your fuckshit GNU/Hurd is still where it is you pompous clown.

  11. Re:well... by Anonymous Coward · · Score: -1, Flamebait

    Is that because it's a distribution for elitist tossers who are doing more to harm Linux's cause than Microsoft ever could?

  12. Re:well... by You're+All+Wrong · · Score: 0, Flamebait

    "it just downloads a list of packages and how to build each one."

    Oh, OK, that method guarantees that compromised binaries won't get onto your system. No chance that the list of packages would be altered to point to compromised ones, and no chance that the instructions how to build them might involve underhand actions. Sure, sure, all's rosy.

    NOT!

    YAW.

    --
    Your head of state is a corrupt weasel, I hope you're happy.