Slashdot Mirror

← Back to Stories (view on slashdot.org)

Debian Server Compromised

Posted by ryuzaki0 on from the fox-in-the-henhouse dept.

Security News writes "According to a post on the debian-devel-announce mailing list "Early this morning we discovered that someone had managed to compromise gluck.debian.org. We've taken the machine offline and are preparing to reinstall it. " gluck is a core development machine."

5 of 349 comments (clear)

  1. Re:Once is ok, but twice is too much... by lawpoop · · Score: 5, Insightful

    You know, the difference between open source and closed source software is that with open source, *we know what's going on*. Debian admins are being very bold and forthright in stating that the machine was hacked.

    How many times has windowsupdate.microsoft.com been hacked? Zero? How would you know? What incentives ( and disincentives ) does Microsoft have to tell us if such a thing were to happen?

    So if corporate America wants to trust a black box, let 'em. There's no convincing them anyway.

    --
    Computers are useless. They can only give you answers.
    -- Pablo Picasso
  2. Re:Oh no by eeg3 · · Score: 5, Insightful

    More like, now they have to verify that no backdoors or other malicious code were inserted.

  3. Why all the flak? by Dryanta · · Score: 5, Insightful

    Hey I'm sure that everyone working on Debian's dev servers have lower uids than most of us, and I find the flak to really be undeserved. It's Linux not OpenBSD; the focus of the operating system favors usability over security. If you don't like it, move to a bsd or commercial *nix platform. Also, any machine that maintains services will eventually obtain some sort of vulnerability even with heavy-handed administration and monitoring. I think the speed at which the compromise was detected in addition to the service being taken offline immediately is cause for thanks to the security team!

  4. Re:Once is ok, but twice is too much... by _Sprocket_ · · Score: 5, Insightful

    The point being that digitally signed binaries aren't a guarantee. They're darned nice. Makes things more difficult to slip in a rogue binary. But they're not the end-all, be-all in assuring some rogue code isn't slipped in there somewhere.

    And yes - that goes for closed, proprietary software houses as well as the public, open groups.

  5. Re:Once is ok, but twice is too much... by asuffield · · Score: 5, Insightful
    If the debian team cannot keep their own products secure in their own environments, how can we expect to take them seriously in the enterprise?


    The previous attack was one that can be applied against any platform: somebody used their password over an unencrypted channel (presumably a non-Debian channel, since all the project ones should be encrypted), and somebody else sniffed it and used it to gain access. You can't really do anything about that.

    The secondary attack was a local kernel exploit that was first discovered when it was used to attack the debian.org hosts. The attacker(s) came up with something genuinely new (the brk() exploit), there's not a great deal to be done about that either. While the Debian team did make a few mistakes that were cleaned up at that time, none of them were involved in the attack - it wasn't admin error, like you imply.

    Goodness knows what this one was.