Debian Server Compromised

Security News writes "According to a post on the debian-devel-announce mailing list "Early this morning we discovered that someone had managed to compromise gluck.debian.org. We've taken the machine offline and are preparing to reinstall it. " gluck is a core development machine."

Oh no

[Anonymous Coward]

Oh no, now they have access to all the Debian source!

No fear...

[gravyface]

It's Debian... they found an old DAT tape from three years ago, restored it, and realised that nothing's changed in the source tree. *ducks*

You have my sympathies

[Anonymous Coward]

Aw man, that's too bad. I think we should all wish the Debian team g'luck.

Re:Oh no

[NadNad]

Maybe it's SCO, trying to find their code buried in linux...

Things are chaning...

[ModernGeek]

...they aren't as grim as you may think. Soon enough, universities will be obsolete, and corporations will judge one based on open source contributions. If we all move aggressively toward this stance, the MCSEs will hit the road, and open source pioneers will rule the world of research, development, and jobs all funded by large corporations. All the source will be open, and the developers will work for companies like Verizon and the government as researchers. The same way that students pay universities to do the same thing for them, the difference is that the companies will pay you and you won't be paying a university. A large company that does not employ open source developers will be seen as bad in morale the same way a company is seen as bad for outsourcing manufacturing jobs to Mexico. If we take open source and ourselves seriously, all of this can happen. The old attitude of "don't use it if you don't like it" is going away, and things will be set straight if we push things forward.

Re:Good thing...

[Simon Simian]

Have they? Fuck! I always miss these mass exoduses. I'm still running Gentoo and Slackware.

Maybe Debian devs will finally come around

[b3x]

and move that source repository to a more secure Windows 2003 Server platform.

obligatory:

[Anonymous Coward]

I felt a great disturbance in the Force, as if millions of nerds suddenly cried out in terror and were suddenly silenced.

Re:Once is ok, but twice is too much...

[B3ryllium]

Mwuahahahha! Perfect place to ply the first-ever Carrier Pigeon Protocol hack!

Re:No fear...

[the_humeister]

And after recovering the DAT tape from the safe-deposit box at the bank, they went to the ATM machine and entered their PIN numbers to get some money.

Re:Oh no

[Anonymous Coward]

Forget running Debian Unstable. Debian Compromised is where it's at.

Re:This has been said before...

[kashani]

Ahem.

As a Gentoo user over the age of 30 I'd like to apologize for the under 20 Gentoo user's previous post. I'll slap him around on IRC later. ;-)

kashani

Re:Oh no

[Aranth Brainfire]

It doesn't matter, just email them to whoever you like and the maintainer will get them anyway.

Re:Once is ok, but twice is too much...

[The Bungi]

So? The last time GNU.org was rooted they didn't get wind of the break-in until a month after it happened.

Re:Once is ok, but twice is too much...

[rawtatoor]

Moderation.... gone... awry

I have a physical airgap

[kliese]

Last time I checked, code was taken to be signed by sneakernet, so that there would be a physical airgap between the network and the signing system.

I have a physical airgap between my wireless router and laptop. Does that mean I'm safe?

Re:Oh no

[kdemetter]

no need . if the backdoor was installed , your machine can be patched remotely.

Now that's easy :-)

WikiDebian?

[femto]

Maybe we need WikiDebian? "The free operating system that anyone can edit."

I'm not joking. If it works for Wikipedia, why not Debian??

Re:Oh no

[rolfwind]

They should look under /dev/null, it happens to be the same place their case is headed soon:)

Re:Oh no

[DMNT]

No, it was SCO trying to bury their code in linux...

Re:Oh no

[creepynut]

"They got into our machine sir, but all they did was run apt-get update and apt-get upgrade. Phew, that was close!"

Re:No fear...

[identity0]

See, if they'd kept the source code on an Microsoft MS Windows machine with NT Technology and NTFS Filesystem, they would have been completely safe. Heck, they could have even placed it on a IBM Machine on a Wireless Wi-Fi hotspot at a Starbucks, with all the code on a USB Bus memory stick, and no one would have been able to touch it!

I know people around here swear by the GPL Licenced Linux Unix or the BSD Distribution, but we must admit we have been defeated. I, for one, welcome our Debian-cracking overlords.

Re:No fear...

[Aneurysm]

The poster was referring to redundant acronyms. DAT stands for Digital Audio Tape, so saying that they backed up from a DAT tape is really saying Digital Audio Tape Tape. The poster also lists common redundant acronyms that people use, Personal Identification Number Number and Automated Teller Machine Machine. PIN is the worst, I often hear people talking about their Personal PIN Numbers.