security.debian.org and other compromised

[Nothinman]

http://cert.uni-stuttgart.de/files/fw/debian-security-20031121.txt

Guess it had to happen sooner or later.

For the lazy who won't read the above link:

The archive is not affected by this compromise!

In particular the following machines have been affected:

. master (Bug Tracking System)
. murphy (mailing lists)
. gluck (web, cvs)
. klecker (security, non-us, web search, www-master)

The security archive will be verified from trusted sources before it
will become available again.

 

[Barnaby W. Füi]

Yeah, pretty crazy. I wish they would hurry up and make an official announcement.

 

[n0cmonkey]

Out of curiosity, I wonder what was exploited. Oh well, it happens.

 

[CTho9305]

According to what I read on /. (i.e. this is third-hand information or worse), it was a password that was guessed/cracked/stolen.

 

[Spyro]

Originally posted by: CTho9305
According to what I read on /. (i.e. this is third-hand information or worse), it was a password that was guessed/cracked/stolen.

Which is not the fault of the OS used, a fact that seems to be lost on the /. crowd.

 

[n0cmonkey]

Originally posted by: Spyro

Originally posted by: CTho9305
According to what I read on /. (i.e. this is third-hand information or worse), it was a password that was guessed/cracked/stolen.

Which is not the fault of the OS used, a fact that seems to be lost on the /. crowd.

The /. crowd are like salesmen. Don't expect much int he way of common sense.

 

[sciencewhiz]

Well, I couldn't access non-us or security last night, and thought something was fishy. I just figured that 3.0r2 was released and the servers were overloaded. Checked both the debian main page, and my e-mail (am subscribed to debian-security) and didn't see anything. Then I checked /. and didn't see anything either.

Now it all makes sense.

 

[Magic Carpet]

Which is not the fault of the OS used, a fact that seems to be lost on the /. crowd.

I bet $10 it wasn't brute forced.

As Nothinman has already noted, we do not approve of unlicensed necromancy.
-ViRGE

 

[Nothinman]

I bet $10 it wasn't brute forced.

Please check the dates on threads before resurrecting them...

 

[Bubbaleone]

What you said ^