minstrel
12-04-2003, 11:52 AM
I know this may be inviting flames but please resist that temptation. I post this not to claim that Linux is evil but solely to provide additional evidence that no OS is ever completely secure:
Thursday, December 4
Hacked Gentoo Linux server taken offline
Globe and Mail
Patrick Gray
CNET
Hackers have forced the Gentoo Linux project to take a server offline.
The attack and subsequent compromise comes after several machines belonging to the Debian Linux project were breached by attackers last month. A forensic analysis of the Debian machines revealed no software packages or source code offered for download were affected — a claim now being made by Gentoo.
The maintainers of the Gentoo Linux distribution have released a statement which describes the incident: "One of the servers that makes up the rsync.gentoo.org rotation was compromised via a remote exploit," it reads. "The compromised system had both an IDS and a file integrity checker installed and ... we are reasonably confident that the portage tree stored on that box was unaffected."
The Gentoo team claim the breach was detected within approximately one hour.
"During this time, approximately 20 users synchronized against the portage mirror stored on this box. The method used to gain access to the box remotely is still under investigation. We will release more details once we have ascertained the cause of the remote exploit," the statement said.
The machine didn't actually belong to the project. It was donated by a sponsor, whose identity so far undisclosed.
The Debian project servers were compromised by a previously unknown local vulnerability in the Linux kernel which has since been identified and rectified by a patch.
Globe and Mail-Sympatico story (http://sympatico.globeandmail.com/servlet/story/RTGAM.20031204.gtlinuxdec4/tech/Technology/techBN/sympatico-technology)
Thursday, December 4
Hacked Gentoo Linux server taken offline
Globe and Mail
Patrick Gray
CNET
Hackers have forced the Gentoo Linux project to take a server offline.
The attack and subsequent compromise comes after several machines belonging to the Debian Linux project were breached by attackers last month. A forensic analysis of the Debian machines revealed no software packages or source code offered for download were affected — a claim now being made by Gentoo.
The maintainers of the Gentoo Linux distribution have released a statement which describes the incident: "One of the servers that makes up the rsync.gentoo.org rotation was compromised via a remote exploit," it reads. "The compromised system had both an IDS and a file integrity checker installed and ... we are reasonably confident that the portage tree stored on that box was unaffected."
The Gentoo team claim the breach was detected within approximately one hour.
"During this time, approximately 20 users synchronized against the portage mirror stored on this box. The method used to gain access to the box remotely is still under investigation. We will release more details once we have ascertained the cause of the remote exploit," the statement said.
The machine didn't actually belong to the project. It was donated by a sponsor, whose identity so far undisclosed.
The Debian project servers were compromised by a previously unknown local vulnerability in the Linux kernel which has since been identified and rectified by a patch.
Globe and Mail-Sympatico story (http://sympatico.globeandmail.com/servlet/story/RTGAM.20031204.gtlinuxdec4/tech/Technology/techBN/sympatico-technology)