Slashdot Mirror


Gentoo rsync Server Compromised [updated]

costela writes "LWN points out that the Gentoo project fired out an alert about one compromised rsync server." From the message itself: "However, the compromised system had both an IDS and a file integrity checker installed and we have a very detailed forensic trail of what happened once the box was breached, so we are reasonably confident that the portage tree stored on that box was unaffected." Update: 12/03 22:54 GMT by T : One more damage report: gibson writes "The Free Software Foundation recently discovered that its software host site was compromised a month ago. The compromise appears to be the same as the recent attacks on the Debian servers. The site is shut down until Friday while they install replacement hardware and verify the authenticity of the hosted source code."

15 of 600 comments (clear)

  1. Time to Switch to Debian by Anonymous Coward · · Score: 5, Funny

    They haven't had a break in two weeks!

  2. Re:windowsupdate.microsoft.com Breakins? by TWX · · Score: 4, Funny

    "How come we never hear about breakins [at windowsupdate.microsoft.com]..."

    Because we wouldn't have time for all of the other news.

    --
    Do not look into laser with remaining eye.
  3. Exactly. by twoslice · · Score: 5, Funny
    I am however glad to see that they took precautions.

    Now consider what would happen if the Windows update service was compromized and hackers managed to get past Microsoft's tight security. These update servers could be used for WMD's (Windows Massive Disruptions)...

    --

    From excellent karma to terible karma with a single +5 funny post...
  4. This reminded me that.... by Anonymous Coward · · Score: 2, Funny

    I needed to upgrade my kernel and I'm guessing that by the now deathly slow speed of kernel.org, I wasn't the only one that remembered its time to get the latest stable. There should be a new name for this effect.

  5. DARL! Turn that computer off and go to bed! by pair-a-noyd · · Score: 3, Funny

    "I told you before to stop playing and go to sleep!
    You just wait until your father gets home!"

  6. Re:All this bad news. by penguin+king · · Score: 5, Funny

    Yeah... it was probably SCO: "ooops.... I think I hacked someone" "shit.. what now?" "new lawsuit.. they're runing our rootkit!"

  7. Re:All this bad news. by cgenman · · Score: 5, Funny

    Is it sad the first thing that crossed my mind was "lots of well-timed security breaches... Microsoft may be behind them all"?

    Come on. Do you really think Microsoft knows that much about security?

  8. Re:Linux vs M$ breakins. by Anonymous+Chicken · · Score: 5, Funny

    Break in to SCO... priceless...

    --
    This signature is intentionally left blank.
  9. Re:So... by Bombcar · · Score: 4, Funny

    I though the Gentoo Zealot response would be:

    "Ah, but Gentoo's root exploit was compiled from source, so Gentoo got rooted 0.000000124% faster than Debian!"
    :D

    Ah well, I like Gentoo myself. It is quite fun.

  10. Gentoo! by PatrickThomson · · Score: 5, Funny

    rooted 1% faster than a binary install!

    With apologies to Torne, from whom I stole this quote.

    --
    I am one of many. My idea is not unique, nor do I expect my voice alone to sway you. I speak in a chorus of opinion.
  11. The real question is... by beattie · · Score: 5, Funny

    ... did whoever did this steal any of our source code?

  12. Re:How about a logging trail by Anonymous Coward · · Score: 2, Funny

    Oh sweet, so now IPTABLES can mangle, drop, and reject SYSTEM CALLS?

  13. Re:Deliberate attacks? by caluml · · Score: 2, Funny

    I think the moral of the story is not to have a .org top level domain.

  14. Re:well... by yosemite · · Score: 2, Funny

    Well what if they comprimised the file integrity checker *checker*? or the backup file integrity checker checker *checker*. Or what if they hacked the matrix and made you stupid.

  15. That does it by Anonymous Coward · · Score: 2, Funny

    First it was Debian, now it's gentoo.
    I'm switching to my own home brewed OS
    You vulnerable Linux people don't deserve my support

    Asta la vista, I won't be back!