!Some Debian Project machines compromised

Discussion in 'NZ Computing' started by Max Burke, Nov 21, 2003.

  1. Max Burke

    Max Burke Guest

    ------------------------------------------------------------------------
    The Debian Project http://www.debian.org/
    Some Debian Project machines compromised

    November 21st, 2003
    ------------------------------------------------------------------------
    Some Debian Project machines have been compromised This is a very
    unfortunate incident to report about. Some Debian servers were found to
    have been compromised in the last 24 hours.

    The archive is not affected by this compromise!
    In particular the following machines have been affected:

    master (Bug Tracking System)
    murphy (mailing lists)
    gluck (web, cvs)
    klecker (security, non-us, web search, www-master)

    Some of these services are currently not available as the machines undergo
    close inspection. Some services have been moved to other machines
    (www.debian.org for example). The security archive will be verified from
    trusted sources before it will become available again.

    Please note that we have recently prepared a new point release for Debian
    GNU/Linux 3.0 (woody), release 3.0r2. While it has not been announced yet,
    it has been pushed to our mirrors already. The announcement was scheduled
    for this morning but had to be postponed. This update has now been checked
    and it is not affected by the compromise.

    We apologise for the disruptions of some services over the next few days.
    We are working on restoring the services and verifying the content of our
    archives.
    http://cert.uni-stuttgart.de/files/fw/debian-security-20031121.txt
    --
    mlvburke@#%&*.net.nz
    Replace the obvious with paradise to email me.
    See Found Images at:
    http://homepages.paradise.net.nz/~mlvburke/
     
    Max Burke, Nov 21, 2003
    #1
    1. Advertising

  2. Max Burke

    T.N.O. Guest

    Max Burke wrote:
    > ------------------------------------------------------------------------
    > The Debian Project http://www.debian.org/
    > Some Debian Project machines compromised
    >
    > November 21st, 2003
    > ------------------------------------------------------------------------
    > Some Debian Project machines have been compromised This is a very
    > unfortunate incident to report about. Some Debian servers were found to
    > have been compromised in the last 24 hours.


    heh, bugger... I wonder how that happened.
     
    T.N.O., Nov 21, 2003
    #2
    1. Advertising

  3. Max Burke

    Max Burke Guest

    > T.N.O. scribbled:

    >> Max Burke wrote:
    >> ------------------------------------------------------------------------
    >> The Debian Project http://www.debian.org/
    >> Some Debian Project machines compromised
    >>
    >> November 21st, 2003
    >> ------------------------------------------------------------------------
    >> Some Debian Project machines have been compromised This is a very
    >> unfortunate incident to report about. Some Debian servers were
    >> found to have been compromised in the last 24 hours.


    > heh, bugger... I wonder how that happened.


    Perhaps there was a vulnerability that compromised their security???? ;-)
    Na that cant be true..... ;-)

    --
    mlvburke@#%&*.net.nz
    Replace the obvious with paradise to email me.
    See Found Images at:
    http://homepages.paradise.net.nz/~mlvburke/
     
    Max Burke, Nov 21, 2003
    #3
  4. Max Burke

    T.N.O. Guest

    Max Burke wrote:
    > Perhaps there was a vulnerability that compromised their security???? ;-)
    > Na that cant be true..... ;-)


    the biggest vunerability to any computer system is the user... ring
    somewhere(big corporate) and say "Hi there, it's Dave here from IT,
    we're just trying to sort out a problem we found with your computer
    account, could you just give me your username and password please?" and
    9 times out of ten, they'll give it... truly strange, and no
    vunerability needed.

    True, this only gives you limited access, but get the right person, and
    you can soon get a long way.
     
    T.N.O., Nov 21, 2003
    #4
  5. Max Burke

    techie Guest

    On Fri, 21 Nov 2003 15:13:02 -0600, T.N.O. wrote:

    > Max Burke wrote:
    >> Perhaps there was a vulnerability that compromised their security????
    >> ;-) Na that cant be true..... ;-)

    >
    > the biggest vunerability to any computer system is the user... ring
    > somewhere(big corporate) and say "Hi there, it's Dave here from IT,
    > we're just trying to sort out a problem we found with your computer
    > account, could you just give me your username and password please?" and
    > 9 times out of ten, they'll give it... truly strange, and no
    > vunerability needed.


    Heck, just get their username and try their username, "password", and
    then the company name as the password. One of 'em usually works.
     
    techie, Nov 21, 2003
    #5
  6. Max Burke

    T.N.O. Guest

    techie wrote:
    >>the biggest vunerability to any computer system is the user... ring
    >>somewhere(big corporate) and say "Hi there, it's Dave here from IT,
    >>we're just trying to sort out a problem we found with your computer
    >>account, could you just give me your username and password please?" and
    >>9 times out of ten, they'll give it... truly strange, and no
    >>vunerability needed.


    > Heck, just get their username and try their username, "password", and
    > then the company name as the password. One of 'em usually works.


    Or a day of the week...
     
    T.N.O., Nov 21, 2003
    #6
  7. Max Burke

    Roger_Nickel Guest

    Max Burke wrote:
    >>T.N.O. scribbled:

    >
    >
    >>>Max Burke wrote:
    >>>------------------------------------------------------------------------
    >>>The Debian Project http://www.debian.org/
    >>>Some Debian Project machines compromised
    >>>
    >>>November 21st, 2003
    >>>------------------------------------------------------------------------
    >>>Some Debian Project machines have been compromised This is a very
    >>>unfortunate incident to report about. Some Debian servers were
    >>>found to have been compromised in the last 24 hours.

    >
    >
    >
    >>heh, bugger... I wonder how that happened.

    >
    >
    > Perhaps there was a vulnerability that compromised their security???? ;-)
    > Na that cant be true..... ;-)
    >

    A password crack, I guess these Debian folk are humans just like the
    rest of us. Interesting to contrast the attitude of the Debian project
    to a server compromise to that of Microsoft to a similar event.
     
    Roger_Nickel, Nov 21, 2003
    #7
  8. Max Burke

    Max Burke Guest

    > Roger_Nickel scribbled:

    >> Max Burke wrote:
    >> ------------------------------------------------------------------------
    >> The Debian Project http://www.debian.org/
    >> Some Debian Project machines compromised
    >>
    >> November 21st, 2003
    >> ------------------------------------------------------------------------
    >> Some Debian Project machines have been compromised This is a very
    >> unfortunate incident to report about. Some Debian servers were
    >> found to have been compromised in the last 24 hours.


    >>> heh, bugger... I wonder how that happened.


    >> Perhaps there was a vulnerability that compromised their
    >> security???? ;-) Na that cant be true..... ;-)


    > A password crack, I guess these Debian folk are humans just like the
    > rest of us.


    All of us?

    > Interesting to contrast the attitude of the Debian project
    > to a server compromise to that of Microsoft to a similar event.


    Not really; In fact a pointless waste of time (IMO).....

    --
    mlvburke@#%&*.net.nz
    Replace the obvious with paradise to email me.
    See Found Images at:
    http://homepages.paradise.net.nz/~mlvburke/
     
    Max Burke, Nov 21, 2003
    #8
  9. Max Burke

    harry Guest

    "Max Burke" <mlvburke@%$%#@.nz> wrote in message
    news:Cxuvb.8895$...
    > ------------------------------------------------------------------------
    > The Debian Project http://www.debian.org/
    > Some Debian Project machines compromised
    >
    > November 21st, 2003
    > ------------------------------------------------------------------------
    > Some Debian Project machines have been compromised This is a very
    > unfortunate incident to report about. Some Debian servers were found to
    > have been compromised in the last 24 hours.
    >
    > The archive is not affected by this compromise!
    > In particular the following machines have been affected:
    >
    > master (Bug Tracking System)
    > murphy (mailing lists)
    > gluck (web, cvs)
    > klecker (security, non-us, web search, www-master)
    >
    > Some of these services are currently not available as the machines undergo
    > close inspection. Some services have been moved to other machines
    > (www.debian.org for example). The security archive will be verified from
    > trusted sources before it will become available again.
    >
    > Please note that we have recently prepared a new point release for Debian
    > GNU/Linux 3.0 (woody), release 3.0r2. While it has not been announced

    yet,
    > it has been pushed to our mirrors already. The announcement was scheduled
    > for this morning but had to be postponed. This update has now been checked
    > and it is not affected by the compromise.
    >
    > We apologise for the disruptions of some services over the next few days.
    > We are working on restoring the services and verifying the content of our
    > archives.
    > http://cert.uni-stuttgart.de/files/fw/debian-security-20031121.txt
    > --
    > mlvburke@#%&*.net.nz
    > Replace the obvious with paradise to email me.
    > See Found Images at:
    > http://homepages.paradise.net.nz/~mlvburke/
    >


    Its quite candid isn't it ?
    They have had a password compromised and they follow their commitment to
    disclosure and then fixed it.
    The Debian Project depends on transparency of testing and verification.
    Packages have to meet strict criteria and bug testing targets before they
    progress from "unstable" to "testing" and finally to the current "stable"
    release.
    They have no big stake in bogus PR construction of a "reputation", just
    total disclosure for the benefit of users.
    Thats their motivation for publishing this news as widely as possible.
    Whats yours Max ?
     
    harry, Nov 22, 2003
    #9
  10. Max Burke

    Evil Bastard Guest

    On Sat, 22 Nov 2003 09:26:01 +1300, Max Burke wrote:

    > The archive is not affected by this compromise!


    Phew!

    Had me worried for a moment there - have downloaded a shitload of stuff
    over the last 2 days.
     
    Evil Bastard, Nov 22, 2003
    #10
  11. Max Burke

    T.N.O. Guest

    harry wrote:
    > They have no big stake in bogus PR construction of a "reputation", just
    > total disclosure for the benefit of users.
    > Thats their motivation for publishing this news as widely as possible.
    > Whats yours Max ?


    He is only trying to help :)
     
    T.N.O., Nov 22, 2003
    #11
  12. Max Burke

    Max Burke Guest

    > harry scribbled:

    >> "Max Burke" wrote in message
    >> ------------------------------------------------------------------------
    >> The Debian Project http://www.debian.org/
    >> Some Debian Project machines compromised
    >>
    >> November 21st, 2003
    >> ------------------------------------------------------------------------
    >> Some Debian Project machines have been compromised This is a very
    >> unfortunate incident to report about. Some Debian servers were
    >> found to have been compromised in the last 24 hours.


    > Its quite candid isn't it ?
    > They have had a password compromised and they follow their commitment
    > to disclosure and then fixed it.
    > The Debian Project depends on transparency of testing and
    > verification. Packages have to meet strict criteria and bug testing
    > targets before they progress from "unstable" to "testing" and finally
    > to the current "stable" release.


    Who *exactly* is claiming they dont do all of the above Harry?

    > They have no big stake in bogus PR construction of a "reputation",
    > just total disclosure for the benefit of users.


    WTF??????

    > Thats their motivation for publishing this news as widely as possible.
    > Whats yours Max ?



    Lets discuss why you believe I need to have some sort of 'motivation' for
    posting this information/news item......
    I'm not 'motivated' WRT to computer OS'es like you are Harry; Do try to
    remember that......

    Anyone who tells you, or tries to convince you that their favorite operating
    system is somehow immune to market forces, human error, and plain malice, is
    doing both you and the operating system they espouse a disservice.
    http://www.informationweek.com/story/IWK20030124S0013/5



    --
    mlvburke@#%&*.net.nz
    Replace the obvious with paradise to email me.
    See Found Images at:
    http://homepages.paradise.net.nz/~mlvburke/
     
    Max Burke, Nov 22, 2003
    #12
  13. Max Burke

    harry Guest

    Max Burke wrote:
    >> harry scribbled:

    >
    >>> "Max Burke" wrote in message
    >>> ------------------------------------------------------------------------
    >>> The Debian Project http://www.debian.org/
    >>> Some Debian Project machines compromised
    >>>
    >>> November 21st, 2003
    >>> ------------------------------------------------------------------------
    >>> Some Debian Project machines have been compromised This is a very
    >>> unfortunate incident to report about. Some Debian servers were
    >>> found to have been compromised in the last 24 hours.

    >
    >> Its quite candid isn't it ?
    >> They have had a password compromised and they follow their commitment
    >> to disclosure and then fixed it.
    >> The Debian Project depends on transparency of testing and
    >> verification. Packages have to meet strict criteria and bug testing
    >> targets before they progress from "unstable" to "testing" and finally
    >> to the current "stable" release.

    >
    > Who *exactly* is claiming they dont do all of the above Harry?
    >
    >> They have no big stake in bogus PR construction of a "reputation",
    >> just total disclosure for the benefit of users.

    >
    > WTF??????
    >
    >> Thats their motivation for publishing this news as widely as
    >> possible. Whats yours Max ?

    >
    >
    > Lets discuss why you believe I need to have some sort of 'motivation'
    > for posting this information/news item......
    > I'm not 'motivated' WRT to computer OS'es like you are Harry; Do try
    > to remember that......



    Who me ? I'm posting from Outlook Express on XP (fixed up with OE-Quotefix)
    next to my equally acceptable Debian Gnome 2.4 xfree86 4.3.0 box.
    What is your experience with Debian Max ? :p
     
    harry, Nov 22, 2003
    #13
  14. Max Burke

    Max Burke Guest

    > harry scribbled:

    >> Max Burke wrote:
    >>>> -----------------------------------------------------------------------

    -
    >>>> The Debian Project http://www.debian.org/
    >>>> Some Debian Project machines compromised
    >>>>
    >>>> November 21st, 2003
    >>>> -----------------------------------------------------------------------

    -
    >>>> Some Debian Project machines have been compromised This is a very
    >>>> unfortunate incident to report about. Some Debian servers were
    >>>> found to have been compromised in the last 24 hours.


    > They have no big stake in bogus PR construction of a "reputation",
    > just total disclosure for the benefit of users.


    >> WTF??????


    > Thats their motivation for publishing this news as widely as
    > possible. Whats yours Max ?



    >> Lets discuss why you believe I need to have some sort of 'motivation'
    >> for posting this information/news item......
    >> I'm not 'motivated' WRT to computer OS'es like you are Harry; Do try
    >> to remember that......


    > Who me ? I'm posting from Outlook Express on XP (fixed up with
    > OE-Quotefix) next to my equally acceptable Debian Gnome 2.4 xfree86
    > 4.3.0 box.


    Again WTF????

    > What is your experience with Debian Max ? :p



    Personal experience?
    Nil.

    But then, I have have never had any problem with the idea that having an
    interested in something doesn't [always] require participation in that
    'something' to justify the interest....

    You, on the other hand......

    Anyone who tells you, or tries to convince you that their favorite operating
    system is somehow immune to market forces, human error, and plain malice, is
    doing both you and the operating system they espouse a disservice.
    http://www.informationweek.com/story/IWK20030124S0013/5

    --
    mlvburke@#%&*.net.nz
    Replace the obvious with paradise to email me.
    See Found Images at:
    http://homepages.paradise.net.nz/~mlvburke/
     
    Max Burke, Nov 22, 2003
    #14
  15. Max Burke

    Mainlander Guest

    In article <UPyvb.8954$>, says...
    >
    > "Max Burke" <mlvburke@%$%#@.nz> wrote in message
    > news:Cxuvb.8895$...
    > > ------------------------------------------------------------------------
    > > The Debian Project http://www.debian.org/
    > > Some Debian Project machines compromised
    > >
    > > November 21st, 2003
    > > ------------------------------------------------------------------------
    > > Some Debian Project machines have been compromised This is a very
    > > unfortunate incident to report about. Some Debian servers were found to
    > > have been compromised in the last 24 hours.
    > >
    > > The archive is not affected by this compromise!
    > > In particular the following machines have been affected:
    > >
    > > master (Bug Tracking System)
    > > murphy (mailing lists)
    > > gluck (web, cvs)
    > > klecker (security, non-us, web search, www-master)
    > >
    > > Some of these services are currently not available as the machines undergo
    > > close inspection. Some services have been moved to other machines
    > > (www.debian.org for example). The security archive will be verified from
    > > trusted sources before it will become available again.
    > >
    > > Please note that we have recently prepared a new point release for Debian
    > > GNU/Linux 3.0 (woody), release 3.0r2. While it has not been announced

    > yet,
    > > it has been pushed to our mirrors already. The announcement was scheduled
    > > for this morning but had to be postponed. This update has now been checked
    > > and it is not affected by the compromise.
    > >
    > > We apologise for the disruptions of some services over the next few days.
    > > We are working on restoring the services and verifying the content of our
    > > archives.
    > > http://cert.uni-stuttgart.de/files/fw/debian-security-20031121.txt
    > > --
    > > mlvburke@#%&*.net.nz
    > > Replace the obvious with paradise to email me.
    > > See Found Images at:
    > > http://homepages.paradise.net.nz/~mlvburke/
    > >

    >
    > Its quite candid isn't it ?
    > They have had a password compromised and they follow their commitment to
    > disclosure and then fixed it.
    > The Debian Project depends on transparency of testing and verification.
    > Packages have to meet strict criteria and bug testing targets before they
    > progress from "unstable" to "testing" and finally to the current "stable"
    > release.
    > They have no big stake in bogus PR construction of a "reputation", just
    > total disclosure for the benefit of users.
    > Thats their motivation for publishing this news as widely as possible.
    > Whats yours Max ?


    It's pretty obvious, he is the pro MS troll, just as there are pro Mac
    and Pro linux trolls, all equally obnoxious political types
     
    Mainlander, Nov 23, 2003
    #15
  16. Max Burke

    Mainlander Guest

    In article <YBAvb.8970$>, mlvburke@%$%# says...
    > > harry scribbled:

    >
    > >> "Max Burke" wrote in message
    > >> ------------------------------------------------------------------------
    > >> The Debian Project http://www.debian.org/
    > >> Some Debian Project machines compromised
    > >>
    > >> November 21st, 2003
    > >> ------------------------------------------------------------------------
    > >> Some Debian Project machines have been compromised This is a very
    > >> unfortunate incident to report about. Some Debian servers were
    > >> found to have been compromised in the last 24 hours.

    >
    > > Its quite candid isn't it ?
    > > They have had a password compromised and they follow their commitment
    > > to disclosure and then fixed it.
    > > The Debian Project depends on transparency of testing and
    > > verification. Packages have to meet strict criteria and bug testing
    > > targets before they progress from "unstable" to "testing" and finally
    > > to the current "stable" release.

    >
    > Who *exactly* is claiming they dont do all of the above Harry?
    >
    > > They have no big stake in bogus PR construction of a "reputation",
    > > just total disclosure for the benefit of users.

    >
    > WTF??????
    >
    > > Thats their motivation for publishing this news as widely as possible.
    > > Whats yours Max ?

    >
    >
    > Lets discuss why you believe I need to have some sort of 'motivation' for
    > posting this information/news item......
    > I'm not 'motivated' WRT to computer OS'es like you are Harry; Do try to
    > remember that......
    >
    > Anyone who tells you, or tries to convince you that their favorite operating
    > system is somehow immune to market forces, human error, and plain malice, is
    > doing both you and the operating system they espouse a disservice.
    > http://www.informationweek.com/story/IWK20030124S0013/5


    And let me guess, your favourite OS is Windows, yet you never post
    anything at all about Windows' deficiencies
     
    Mainlander, Nov 23, 2003
    #16
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Wards

    Can't see some machines

    Wards, May 21, 2005, in forum: Wireless Networking
    Replies:
    2
    Views:
    458
    Wards
    May 22, 2005
  2. shahidsheikh....com
    Replies:
    5
    Views:
    3,682
    farmerc
    Sep 21, 2007
  3. Au79
    Replies:
    0
    Views:
    404
  4. DUser
    Replies:
    0
    Views:
    400
    DUser
    Jan 11, 2004
  5. NZed
    Replies:
    0
    Views:
    418
Loading...

Share This Page