Slashdot Mirror

← Back to Stories (view on slashdot.org)

Gentoo rsync Server Compromised [updated]

Posted by timothy on from the debian-parallel dept.

costela writes "LWN points out that the Gentoo project fired out an alert about one compromised rsync server." From the message itself: "However, the compromised system had both an IDS and a file integrity checker installed and we have a very detailed forensic trail of what happened once the box was breached, so we are reasonably confident that the portage tree stored on that box was unaffected." Update: 12/03 22:54 GMT by T : One more damage report: gibson writes "The Free Software Foundation recently discovered that its software host site was compromised a month ago. The compromise appears to be the same as the recent attacks on the Debian servers. The site is shut down until Friday while they install replacement hardware and verify the authenticity of the hosted source code."

6 of 600 comments (clear)

  1. Wanna bet... by Howard+Beale · · Score: 0, Troll

    they hadn't patched to 2.4.23 yet?

  2. So... by Coryoth · · Score: 0, Troll

    What do all those Gentoo fanboys who were saying "this would never happen with Gentoo" when Debian had problems have to say now? What can you do about zealots?

    And sorry to all the many, many, perfectly sensible Gentoo users out there. An unfortunate incident, but, as with the Debian incident, it looks as if it is being well handled. I'll be interested to see the details on how the compromise occurred.

    Jedidiah

    --
    Craft Beer Programming T-shirts
  3. Just one of many. by zeroclip · · Score: 0, Troll

    Just one server of the many resync servers was compromised. It's not the end of the gentoo zealots, MUHAHAHA.Gentoo pwnz j00 :P

  4. Re:All this bad news. by Spl0it · · Score: 0, Troll

    Actually besides SCO's over-all trashing of linux I would have to say the stories about Debian Server and Gentoo's One Server are good news. Its shows that security measures work, and that being honest works too. If every time a companies Windows 200# server box was broken into we would have plenty of stories every single day. I think one reason we don't see that from big companies is alot don't disclose it, and the other half don't even know their systems have been comprimised.

    --

    No, this is
  5. Re:"Reasonably Confident"? by ivanmarsh · · Score: 0, Troll
    Microsoft Windows is the best desktop OS money can buy.

    That's true... you don't have to buy Linux.

  6. I still say we have to adopt UNTRUSTED COMPUTING by pair-a-noyd · · Score: 0, Troll

    In that no computer trusts any other computer, ever for any reason.

    You're guarding an armored car. Another man approaches you wearing all the correct uniform and regalia, he evens looks familiar to you, you've seen his face at the armored car company. He has the password of the day.
    Can you REALLY trust him? How do you know that he's really who he says he is? And even if Bob the guard really is Bob the guard, how do you know that Bob the guard hasn't just all of a sudden decided to slip a few $$ in his pocket when you aren't looking or just knock you out from behind and take off with a sack of money?

    Traitors ALWAYS work from within.
    Who do you trust?
    Do you trust people you've never met with your computer security or do you take it upon yourself to handle your own security.

    If one computer gets comprimised in a "trusted computing" system, the game is over. Don't trust anyone or anything.
    Machines are easy to fool, they can't think.

    The only SECURE computer is one that is melted down into an ingot of pot metal. THAT computer can't be comprimised.