Slashdot Mirror

← Back to Stories (view on slashdot.org)

Debian Server Compromised

Posted by ryuzaki0 on from the fox-in-the-henhouse dept.

Security News writes "According to a post on the debian-devel-announce mailing list "Early this morning we discovered that someone had managed to compromise gluck.debian.org. We've taken the machine offline and are preparing to reinstall it. " gluck is a core development machine."

23 of 349 comments (clear)

  1. Oh no by Anonymous Coward · · Score: 5, Funny

    Oh no, now they have access to all the Debian source!

    1. Re:Oh no by NadNad · · Score: 5, Funny

      Maybe it's SCO, trying to find their code buried in linux...

    2. Re:Oh no by Anonymous Coward · · Score: 5, Funny

      Forget running Debian Unstable. Debian Compromised is where it's at.

    3. Re:Oh no by Aranth+Brainfire · · Score: 4, Funny

      It doesn't matter, just email them to whoever you like and the maintainer will get them anyway.

      --
      "Quoting yourself is stupid." -Me
    4. Re:Oh no by kdemetter · · Score: 2, Funny

      no need . if the backdoor was installed , your machine can be patched remotely.

      Now that's easy :-)

      --
      Slipping shoelaces ?
    5. Re:Oh no by rolfwind · · Score: 3, Funny

      They should look under /dev/null, it happens to be the same place their case is headed soon:)

    6. Re:Oh no by DMNT · · Score: 2, Funny

      No, it was SCO trying to bury their code in linux...

      --
      ?SYNTAX ERROR
    7. Re:Oh no by creepynut · · Score: 2, Funny

      "They got into our machine sir, but all they did was run apt-get update and apt-get upgrade. Phew, that was close!"

  2. No fear... by gravyface · · Score: 5, Funny

    It's Debian... they found an old DAT tape from three years ago, restored it, and realised that nothing's changed in the source tree. *ducks*

    --
    body massage!
    1. Re:No fear... by the_humeister · · Score: 5, Funny

      And after recovering the DAT tape from the safe-deposit box at the bank, they went to the ATM machine and entered their PIN numbers to get some money.

    2. Re:No fear... by identity0 · · Score: 2, Funny

      See, if they'd kept the source code on an Microsoft MS Windows machine with NT Technology and NTFS Filesystem, they would have been completely safe. Heck, they could have even placed it on a IBM Machine on a Wireless Wi-Fi hotspot at a Starbucks, with all the code on a USB Bus memory stick, and no one would have been able to touch it!

      I know people around here swear by the GPL Licenced Linux Unix or the BSD Distribution, but we must admit we have been defeated. I, for one, welcome our Debian-cracking overlords.

    3. Re:No fear... by Aneurysm · · Score: 2, Funny

      The poster was referring to redundant acronyms. DAT stands for Digital Audio Tape, so saying that they backed up from a DAT tape is really saying Digital Audio Tape Tape. The poster also lists common redundant acronyms that people use, Personal Identification Number Number and Automated Teller Machine Machine. PIN is the worst, I often hear people talking about their Personal PIN Numbers.

  3. You have my sympathies by Anonymous Coward · · Score: 3, Funny

    Aw man, that's too bad. I think we should all wish the Debian team g'luck.

  4. Things are chaning... by ModernGeek · · Score: 5, Funny

    ...they aren't as grim as you may think. Soon enough, universities will be obsolete, and corporations will judge one based on open source contributions. If we all move aggressively toward this stance, the MCSEs will hit the road, and open source pioneers will rule the world of research, development, and jobs all funded by large corporations. All the source will be open, and the developers will work for companies like Verizon and the government as researchers. The same way that students pay universities to do the same thing for them, the difference is that the companies will pay you and you won't be paying a university. A large company that does not employ open source developers will be seen as bad in morale the same way a company is seen as bad for outsourcing manufacturing jobs to Mexico. If we take open source and ourselves seriously, all of this can happen. The old attitude of "don't use it if you don't like it" is going away, and things will be set straight if we push things forward.

    --
    Sig: I stole this sig.
  5. Re:Good thing... by Simon+Simian · · Score: 1, Funny

    Have they? Fuck! I always miss these mass exoduses. I'm still running Gentoo and Slackware.

  6. Maybe Debian devs will finally come around by b3x · · Score: 5, Funny

    and move that source repository to a more secure Windows 2003 Server platform.

  7. obligatory: by Anonymous Coward · · Score: 5, Funny

    I felt a great disturbance in the Force, as if millions of nerds suddenly cried out in terror and were suddenly silenced.

  8. Re:Once is ok, but twice is too much... by B3ryllium · · Score: 3, Funny

    Mwuahahahha! Perfect place to ply the first-ever Carrier Pigeon Protocol hack!

  9. Re:This has been said before... by kashani · · Score: 4, Funny

    Ahem.

    As a Gentoo user over the age of 30 I'd like to apologize for the under 20 Gentoo user's previous post. I'll slap him around on IRC later. ;-)

    kashani

    --
    - Why is the ninja... so deadly?
  10. Re:Once is ok, but twice is too much... by The+Bungi · · Score: 2, Funny

    So? The last time GNU.org was rooted they didn't get wind of the break-in until a month after it happened.

  11. Re:Once is ok, but twice is too much... by rawtatoor · · Score: 2, Funny

    Moderation.... gone... awry

  12. I have a physical airgap by kliese · · Score: 2, Funny
    Last time I checked, code was taken to be signed by sneakernet, so that there would be a physical airgap between the network and the signing system.

    I have a physical airgap between my wireless router and laptop. Does that mean I'm safe?

  13. WikiDebian? by femto · · Score: 4, Funny

    Maybe we need WikiDebian? "The free operating system that anyone can edit."

    I'm not joking. If it works for Wikipedia, why not Debian??