Gnome.org Compromised?
Garden GNOME writes "The GNOME sysadmin team has just announced that the main GNOME web server has probably been intruded into, leading to the shutdown of the GNOME website, (including bugzilla.gnome.org, art.gnome.org and developer.gnome.org). The GNOME mailing lists, and CVS servers seem to be up, though the FTP server was immediately taken down as a precautionary measure (released sources are believed to be intact). This is bad, because GNOME 2.6 was supposed to be released tomorrow. Let's hope it is a false alarm."
At least they caught it now, instead of after the release. Now the code can be checked before it goes out, instead of everyone worrying about whether they downloaded compromised code
But, just like in previous break-ins to other systems (Gentoo, Debian, Savannah), they're taking the correct actions by shutting everything down and BEING CAREFUL. I often wonder if commercial companies are always this fastidious.
:)
You can't beat all the crackers, but handling a bad situation correctly should be commended. Good job, GNOME team!
I'm eagerly awaiting 2.6, too, I may add!
-Erwos
Plausible conjecture should not be misrepresented as proof positive.
You know...honestly...
There have been serveral major, high profile compromises of numerous FOSS servers in the past twelve months. Including a compromise of the GNU source repository.
Microsoft has not made a big deal out of these (at least as far as I've seen). Whereas every security flaw at Microsoft is treated by Slashdot as if someone got access to the crown jewels (well, admittedly the Windows source is running around all over the place...)
Microsoft has really been acting a lot nicer towards FOSS folks about security lapses.
That being said, I'm just *waiting* for a sourceforge compromise. That would be a *huge* hit, and it just plain has to happen sooner or later.
It would be nice if a couple of distributions put out basic *up-to-date* HOWTOs of best practices on how to set up minimal, secure servers using their distribution.
May we never see th
You can't compare a Linux distribution with hundreds of packages to Windows, which is basically a kernel/GUI/browser combo.
Try using (for Linux) the number of kernel/X11/Mozilla vulnerabilities instead and at least you'll start making sense.
I fully expect a bunch of lame Microsoft jokes.
But let's be real, here. Last year in the span of six months, Debian, Gentoo, and GNU (twice!) were compromised. Now GNOME.
Can you honestly rail on Microsoft? When was the last time their servers were compromised? I only vaguely recall something in 2000 about alleged stolen source code, and a real good that has turned out all these years later. As for this year's stolen source code, Slashdot never reported this but it was taken from a Linux computer at MainSoft.
Just funny how things are viewed around here, with a certain bias some people don't even realize they have.
So, when is the FBI going to accounce their special task force to track down these dangerous hackers? After all, isn't that what they did when the Microsoft code was leaked? Something tells me this won't even make the FBI's radar, though...
"Save the whales, feed the hungry, free the mallocs" -- author unknown