Slashdot Mirror


Gentoo rsync Server Compromised [updated]

costela writes "LWN points out that the Gentoo project fired out an alert about one compromised rsync server." From the message itself: "However, the compromised system had both an IDS and a file integrity checker installed and we have a very detailed forensic trail of what happened once the box was breached, so we are reasonably confident that the portage tree stored on that box was unaffected." Update: 12/03 22:54 GMT by T : One more damage report: gibson writes "The Free Software Foundation recently discovered that its software host site was compromised a month ago. The compromise appears to be the same as the recent attacks on the Debian servers. The site is shut down until Friday while they install replacement hardware and verify the authenticity of the hosted source code."

9 of 600 comments (clear)

  1. Time to Switch to Debian by Anonymous Coward · · Score: 5, Funny

    They haven't had a break in two weeks!

  2. Re:windowsupdate.microsoft.com Breakins? by TWX · · Score: 4, Funny

    "How come we never hear about breakins [at windowsupdate.microsoft.com]..."

    Because we wouldn't have time for all of the other news.

    --
    Do not look into laser with remaining eye.
  3. Exactly. by twoslice · · Score: 5, Funny
    I am however glad to see that they took precautions.

    Now consider what would happen if the Windows update service was compromized and hackers managed to get past Microsoft's tight security. These update servers could be used for WMD's (Windows Massive Disruptions)...

    --

    From excellent karma to terible karma with a single +5 funny post...
  4. Re:All this bad news. by penguin+king · · Score: 5, Funny

    Yeah... it was probably SCO: "ooops.... I think I hacked someone" "shit.. what now?" "new lawsuit.. they're runing our rootkit!"

  5. Re:All this bad news. by cgenman · · Score: 5, Funny

    Is it sad the first thing that crossed my mind was "lots of well-timed security breaches... Microsoft may be behind them all"?

    Come on. Do you really think Microsoft knows that much about security?

  6. Re:Linux vs M$ breakins. by Anonymous+Chicken · · Score: 5, Funny

    Break in to SCO... priceless...

    --
    This signature is intentionally left blank.
  7. Re:So... by Bombcar · · Score: 4, Funny

    I though the Gentoo Zealot response would be:

    "Ah, but Gentoo's root exploit was compiled from source, so Gentoo got rooted 0.000000124% faster than Debian!"
    :D

    Ah well, I like Gentoo myself. It is quite fun.

  8. Gentoo! by PatrickThomson · · Score: 5, Funny

    rooted 1% faster than a binary install!

    With apologies to Torne, from whom I stole this quote.

    --
    I am one of many. My idea is not unique, nor do I expect my voice alone to sway you. I speak in a chorus of opinion.
  9. The real question is... by beattie · · Score: 5, Funny

    ... did whoever did this steal any of our source code?