LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian
User Name
Password
Debian This forum is for the discussion of Debian Linux.

Notices



Reply
 
Search this Thread
Old 11-24-2003, 05:39 PM   #1
TheIrish
Member
 
Registered: Oct 2003
Location: ITALY
Distribution: Debian, Ubuntu, Fedora
Posts: 137

Rep: Reputation: 15
Debian project under attack


Did you know that...
On November 21st, 2003, Debian Project staff annunced some of their servers have been compromised by a group of hackers.
Because "klecker" security servers are now under serious investigations, I suggest all the debian fans to keep away from possible risks.
Also, if you haven't already, upgrade your system as soon as possible.
If you already knew, sorry for being boring.
My reguards,
debian rulez
 
Old 11-25-2003, 11:13 AM   #2
penguin_warrior
Member
 
Registered: Aug 2003
Location: canada
Distribution: debian based distros
Posts: 52

Rep: Reputation: 15
probably Bill and pals.

sad. so sad.
 
Old 11-25-2003, 01:28 PM   #3
TheIrish
Member
 
Registered: Oct 2003
Location: ITALY
Distribution: Debian, Ubuntu, Fedora
Posts: 137

Original Poster
Rep: Reputation: 15
I can say for sure they were professionals.
Even though debian project is running many internet services (think when you're doing apt-get...) and this can increase vulnerabilty, I hardly believe that debian guru are unable to protect themselves properly.

Quote:
probably Bill and pals.
Well, I'd like to think this way (he'd get in troubles this time...), but I don't think he did, mainly because he's too busy thinking of gaining money then thinking of what makes him losing money.
 
Old 11-27-2003, 06:46 AM   #4
White R4bbit
Member
 
Registered: Aug 2003
Location: Italy
Distribution: Debian sid 2.6.1
Posts: 54

Rep: Reputation: 15
I wonder if it could be dangerous using apt-get in these days, to get software or to dist-upgrade
 
Old 11-27-2003, 09:32 AM   #5
TheIrish
Member
 
Registered: Oct 2003
Location: ITALY
Distribution: Debian, Ubuntu, Fedora
Posts: 137

Original Poster
Rep: Reputation: 15
No it shouldn't be anymore.
It has been dangerous in the night among 22 and 23, then the servers have been shut down for investigation. Right now apt-get is working properly and I encourage everybody to do some upgrade.
At least, now I feel a little bit less silly when I think when I had been hacked... it happens to our gurus too.
 
Old 11-27-2003, 10:13 AM   #6
joesbox
Member
 
Registered: Feb 2003
Location: hampton va
Distribution: ubuntu
Posts: 502

Rep: Reputation: 30
that would explaing why i have been unable to access the site. i like to go and read the list of packages everyonce and a while and see what everything is. or i will read about a package or look for an app and see what the apt-get name is to install it.

this is a bunch of sh*t when ppl have to crack into a great site and stop most of the traffic. it is a dissipointing day when this happens.
 
Old 11-28-2003, 08:48 AM   #7
TheIrish
Member
 
Registered: Oct 2003
Location: ITALY
Distribution: Debian, Ubuntu, Fedora
Posts: 137

Original Poster
Rep: Reputation: 15
Still, packages.debian.org is down.
Quote:
this is a bunch of sh*t when ppl have to crack into a great site and stop most of the traffic. it is a dissipointing day when this happens.
I agree. Reguardless of who's behind the attack, this is an act of aggression to the freedom debian rapresents.
 
Old 11-28-2003, 04:16 PM   #8
taivu
LQ Newbie
 
Registered: Oct 2002
Location: Spain
Distribution: Ubuntu, Debian Sarge, FreeBSD
Posts: 19

Rep: Reputation: 0
More details on the recent compromise of debian.org machines:

http://lists.debian.org/debian-devel.../msg00012.html
 
Old 11-29-2003, 10:24 PM   #9
rehab junkie
Member
 
Registered: Nov 2003
Location: /var/local/pub/bar
Distribution: OSX 10.4.9
Posts: 259

Rep: Reputation: 30
It is truly sad that a bunch of spotted geeks decided that one of the great bastions of the GNU effort deserved to have this done to them - but everything happens for a reason, and looking into the future, this attack will only make the Debian project stronger.
 
Old 11-29-2003, 11:00 PM   #10
dekket
Member
 
Registered: Oct 2003
Location: sweden
Distribution: debian
Posts: 47

Rep: Reputation: 15
Some cracker once said "We crack windows to prove that it is faulty". I guess that would apply to all systems, but when it comes to a great linux project such as Debian, all you have to do is send an email, which I seriously doubt is any more effort than actually cracking a system. So my conclusion is that it wasn't to make a point, merely to sabotage and piss me the fuck off.
 
Old 11-30-2003, 05:42 AM   #11
markus1982
Senior Member
 
Registered: Aug 2002
Location: Stuttgart (Germany)
Distribution: Debian/GNU Linux
Posts: 1,467

Rep: Reputation: 46
Well as Wichert Akkerman states on the Security Conscious Linux presentation: "no system is completely secure"
 
Old 03-23-2004, 09:28 PM   #12
dekket
Member
 
Registered: Oct 2003
Location: sweden
Distribution: debian
Posts: 47

Rep: Reputation: 15
Quote:
Originally posted by markus1982
Well as Wichert Akkerman states on the Security Conscious Linux presentation: "no system is completely secure"
I dont think anyone said, nor thought, that it was.
 
Old 03-24-2004, 10:53 PM   #13
Pr1musr3x
Member
 
Registered: Feb 2004
Location: /dev/null
Distribution: Debian Sid, Mepis, Slackware 9.1
Posts: 41

Rep: Reputation: 15
Quote:
Originally posted by dekket
I dont think anyone said, nor thought, that it was.
Like the previous poster has said there are NO HACK/CRACK-proof systems in this world. The minute you go ONLINE, you are EXPOSED. Services are running, do not forget. HOWEVER, what distinguishes GNU/Linux and Debian in particular over certain proprietary OSes is the SWIFTNESS in RESPONSE i.e. in taking DECISIVE action and constructing an appropriate SOLUTION.

And the experience of having to re-patch, re-re-patch and re-re-re-patch (you get the idea ) security patches is literally NON-existent in Debian. And NEITHER does debian DENY an incident of security breach or DENY public knowledge of exploits (both REAL or Theoretical). It is the OPENNESS, TRANSPARENCY, DECISIVENESS and RAPIDNESS in RESPONSE that counts.

Last edited by Pr1musr3x; 03-24-2004 at 10:57 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Installing mono-project on debian tsiMental Debian 5 04-06-2005 12:31 AM
What to do during an attack? revenant Linux - Security 9 04-02-2004 01:18 AM
Beginning a big project - Need an Good Project Manager gamehack Programming 3 01-15-2004 12:49 PM
New Debian project - Volunteers needed fancypiper Debian 3 09-25-2003 11:25 AM
Cannot see Open GL project in KDevelop project wizard SparceMatrix Programming 2 08-08-2002 12:14 AM


All times are GMT -5. The time now is 02:36 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration