Slashdot Mirror
Ubuntu Servers Hacked
An anonymous reader noted that "Ubuntu had to shutdown 5 of 8 production servers that are sponsored by Canonical, when they started attacking other systems. Canonical blames the community, saying they were community hosted, and were poorly maintained. However, kernel upgrades couldn't be done because of poor backwards compatibility with the very hardware that Canonical had sponsored! While people point fingers at each other it is pretty clear that both sides are equally to blame, the community administrators for practicing bad security practices, such as using unencrypted FTP transfers with accounts, not properly maintaining the system. However Canonical should have been well aware of what they are hosting. The question remains, if any of the files distributed to users have been compromised. A major blow for Canonical though who are attempting to enter the business market with Ubuntu Server."
had these been windows servers we would have heard cries of a flaky operating system being the problem. in this case, since they're linux servers, we hear that the fault lays on the administrators of the boxen for not hardening the systems?
Oh, from the sounds of it, all that you say is well-warranted. They were running a version of Ubuntu from October of 2005, which was obsoleted in April of this year, and they weren't using encryption. This is security 101, and they didn't do it. This does sound a lot more like an administration problem than a software problem.
Ultimately, I'd say that if this does wind up being an admin problem, then Ubuntu Server will not suffer. The bottom line is that a poorly administered server is a hacker target regardless of the OS.
Isn't that part of the Linux/Microsoft Double Standard? Now, if Microsoft this type of issue and had been less than totally open about the cause and methods, you know as well as I do that there would be a high-pitched wailing from the Slashdot World.
If you want news from today, you have to come back tomorrow.
rsync works great for many use cases when transfers really need to be resumed.
MRSH-Recording device, corned beef sandwich with kraut, seafaring bird, and the foamy top of a beverage.
Language changes with time. This particular word has changed meanings (or at least got a new meaning) in the English language. You don't have to like that fact, but bitching on slashdot isn't going to change that fact.
People in the industry are aware that "hack" used to mean "cleverly manipulate a device into doing something its designers did not intend." People also know that "wherefor" used to mean "why." In both cases, the original definitions no longer apply.
Language changes. You'll get over it. There are more important battles to fight.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
I've never seen a paid individual make a stupid mistake like this. The captain of the Exxon Valdez was a volunteer with the Red Cross on a humanitarian mission. The Challenger and Columbia were piloted by kids from space camp. The original Tacoma Narrows bridge was designed by volunteers with Habitat for Humanity.
On the other hand, we all know that segregation & apartheid were both ended by paid professionals. If you want something big done right, only paid professionals can do it.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
"The funniest one is still one where one of my coworkers nuked /lib on a fairly important machine unintentionally"
"He never got a root password for an important server after that incident. In hindsight, that was a funny incident, and a valuable lesson to us all (we all became paranoid of rereading what we just typed)."
I hope the decision to deny him root access was based on more than that one unintentional incident. It could have happened to any of you. After all, why else would it be a "valuable lesson" to you ? Isn't the person who made that mistake the least likely to make it again ? And you did also say you "could fill about a 100 pages on my own from stupid things I've done".