Slashdot Mirror

← Back to Stories (view on slashdot.org)

Gentoo rsync Server Compromised [updated]

Posted by timothy on from the debian-parallel dept.

costela writes "LWN points out that the Gentoo project fired out an alert about one compromised rsync server." From the message itself: "However, the compromised system had both an IDS and a file integrity checker installed and we have a very detailed forensic trail of what happened once the box was breached, so we are reasonably confident that the portage tree stored on that box was unaffected." Update: 12/03 22:54 GMT by T : One more damage report: gibson writes "The Free Software Foundation recently discovered that its software host site was compromised a month ago. The compromise appears to be the same as the recent attacks on the Debian servers. The site is shut down until Friday while they install replacement hardware and verify the authenticity of the hosted source code."

20 of 600 comments (clear)

  1. Time to Switch to Debian by Anonymous Coward · · Score: 5, Funny

    They haven't had a break in two weeks!

  2. GAAAAH!!!! by Enahs · · Score: 1, Funny
    I decided to switch away from using Gentoo (after I accidentally nuked my system for the 12th time, my fault) to Debian. The day afterward, they were compromised, and they still haven't gotten back to normal.

    Today, I decided that I wasn't entirely happy with Debian, and so I have Gentoo stage3 LiveCDs sitting on my desk, ready for an install when I get home...

    Maybe someone should start working on Desktop OpenBSD. :-P

    --
    Stating on Slashdot that I like cheese since 1997.
  3. Re:windowsupdate.microsoft.com Breakins? by TWX · · Score: 4, Funny

    "How come we never hear about breakins [at windowsupdate.microsoft.com]..."

    Because we wouldn't have time for all of the other news.

    --
    Do not look into laser with remaining eye.
  4. Exactly. by twoslice · · Score: 5, Funny
    I am however glad to see that they took precautions.

    Now consider what would happen if the Windows update service was compromized and hackers managed to get past Microsoft's tight security. These update servers could be used for WMD's (Windows Massive Disruptions)...

    --

    From excellent karma to terible karma with a single +5 funny post...
  5. This reminded me that.... by Anonymous Coward · · Score: 2, Funny

    I needed to upgrade my kernel and I'm guessing that by the now deathly slow speed of kernel.org, I wasn't the only one that remembered its time to get the latest stable. There should be a new name for this effect.

  6. DARL! Turn that computer off and go to bed! by pair-a-noyd · · Score: 3, Funny

    "I told you before to stop playing and go to sleep!
    You just wait until your father gets home!"

  7. Re:All this bad news. by penguin+king · · Score: 5, Funny

    Yeah... it was probably SCO: "ooops.... I think I hacked someone" "shit.. what now?" "new lawsuit.. they're runing our rootkit!"

  8. Re:All this bad news. by cgenman · · Score: 5, Funny

    Is it sad the first thing that crossed my mind was "lots of well-timed security breaches... Microsoft may be behind them all"?

    Come on. Do you really think Microsoft knows that much about security?

    --
    The ______ Agenda
  9. Doesn't surprise me... by Anonymous Coward · · Score: 0, Funny

    ...nsync gets compromised up the backdoor all the time. It was only a matter of time before rsync got a peice of the funky butt lovin'.

  10. Re:Linux vs M$ breakins. by Anonymous+Chicken · · Score: 5, Funny

    Break in to SCO... priceless...

    --
    This signature is intentionally left blank.
  11. Re:So... by Bombcar · · Score: 4, Funny

    I though the Gentoo Zealot response would be:

    "Ah, but Gentoo's root exploit was compiled from source, so Gentoo got rooted 0.000000124% faster than Debian!"
    :D

    Ah well, I like Gentoo myself. It is quite fun.

    --
    Fellowship 9/11
  12. Gentoo! by PatrickThomson · · Score: 5, Funny

    rooted 1% faster than a binary install!

    With apologies to Torne, from whom I stole this quote.

    --
    I am one of many. My idea is not unique, nor do I expect my voice alone to sway you. I speak in a chorus of opinion.
  13. Re:What OS was the compromised box running? by Anonymous Coward · · Score: 1, Funny

    It ran Longhorn, bought at Malaysia for $1.75

  14. The real question is... by beattie · · Score: 5, Funny

    ... did whoever did this steal any of our source code?

  15. Re:How do they know? by Anonymous Coward · · Score: 1, Funny

    ***
    12:15 - Entry - Werner Brandis...*****
    ***

  16. Re:How about a logging trail by Anonymous Coward · · Score: 2, Funny

    Oh sweet, so now IPTABLES can mangle, drop, and reject SYSTEM CALLS?

  17. Re:Deliberate attacks? by caluml · · Score: 2, Funny

    I think the moral of the story is not to have a .org top level domain.

    --
    Get your own free personal location tracker
  18. Re:well... by yosemite · · Score: 2, Funny

    Well what if they comprimised the file integrity checker *checker*? or the backup file integrity checker checker *checker*. Or what if they hacked the matrix and made you stupid.

  19. That does it by Anonymous Coward · · Score: 2, Funny

    First it was Debian, now it's gentoo.
    I'm switching to my own home brewed OS
    You vulnerable Linux people don't deserve my support

    Asta la vista, I won't be back!

  20. Re:The only reason this is news... by Anonymous Coward · · Score: 1, Funny

    That's good product endorsement. "Our product is great! No, we don't actually use it."