Gentoo rsync Server Compromised [updated]
costela writes "LWN points out that the Gentoo project
fired out an alert about one compromised rsync server." From the message itself: "However, the compromised system had both an IDS and a file integrity checker installed and we have a very detailed forensic trail of what happened once the box was breached, so we are reasonably confident that the portage tree stored on that box was unaffected." Update: 12/03 22:54 GMT by T : One more damage report: gibson writes "The Free Software Foundation recently discovered that its software host site was compromised a month ago. The compromise appears to be the same as the recent attacks on the Debian servers. The site is shut down until Friday while they install replacement hardware and verify the authenticity of the hosted source code."
They haven't had a break in two weeks!
"How come we never hear about breakins [at windowsupdate.microsoft.com]..."
Because we wouldn't have time for all of the other news.
Do not look into laser with remaining eye.
Now consider what would happen if the Windows update service was compromized and hackers managed to get past Microsoft's tight security. These update servers could be used for WMD's (Windows Massive Disruptions)...
From excellent karma to terible karma with a single +5 funny post...
I needed to upgrade my kernel and I'm guessing that by the now deathly slow speed of kernel.org, I wasn't the only one that remembered its time to get the latest stable. There should be a new name for this effect.
"I told you before to stop playing and go to sleep!
You just wait until your father gets home!"
Yeah... it was probably SCO: "ooops.... I think I hacked someone" "shit.. what now?" "new lawsuit.. they're runing our rootkit!"
Is it sad the first thing that crossed my mind was "lots of well-timed security breaches... Microsoft may be behind them all"?
Come on. Do you really think Microsoft knows that much about security?
The ______ Agenda
Break in to SCO... priceless...
This signature is intentionally left blank.
I though the Gentoo Zealot response would be:
:D
"Ah, but Gentoo's root exploit was compiled from source, so Gentoo got rooted 0.000000124% faster than Debian!"
Ah well, I like Gentoo myself. It is quite fun.
Fellowship 9/11
rooted 1% faster than a binary install!
With apologies to Torne, from whom I stole this quote.
I am one of many. My idea is not unique, nor do I expect my voice alone to sway you. I speak in a chorus of opinion.
... did whoever did this steal any of our source code?
Oh sweet, so now IPTABLES can mangle, drop, and reject SYSTEM CALLS?
I think the moral of the story is not to have a .org top level domain.
Get your own free personal location tracker
Well what if they comprimised the file integrity checker *checker*? or the backup file integrity checker checker *checker*. Or what if they hacked the matrix and made you stupid.
First it was Debian, now it's gentoo.
I'm switching to my own home brewed OS
You vulnerable Linux people don't deserve my support
Asta la vista, I won't be back!