Debian Server Compromised

Security News writes "According to a post on the debian-devel-announce mailing list "Early this morning we discovered that someone had managed to compromise gluck.debian.org. We've taken the machine offline and are preparing to reinstall it. " gluck is a core development machine."

First post

Finally got it this time.

Re:Why?

[jt2377]

why do U.S. soliders rape a 15yrs old Iraq girl and gun down her entire family included a her 4 yrs old sister and try to cover it up and how many unreported rape/kill/murder are there? kinda retarded question, no?

RSA auth to blame?

[twistah]

They said:
"...we've locked down
most other debian.org machines, limiting access to DSA only, until
they can be fixed for what we suspect is the exploit used to
compromise gluck."

Are they saying they think the exploit is in the RSA functionality of SSH? If so, it might be prudent to turn it off for now, but this could be a knee-jerk reaction. (To turn it off, change RSAAuthentication to "no" in /etc/ssh/sshd_config and restart SSHD, though I don't know if it's worth it.)

Re:Question

[merreborn]

The current debian stable version of mysql 4.1 is a year and about 6 releases behind, having received only security patches. That means it's still got all the functionality bugs.

It can be a real bitch.

well after all...

[jackstack]

it is called 'open source'... bass drum - cymbal drum - *duck*

Wait for it...

[TheQuantumShift]

Aaaannnnnndddddd.......?

HEY! Fuck you and the bus you came in on

HEY! Fuck you and the bus you came in on now get the hell out of here, you, you - mofo.