| |||||||||||||
|
| |||||||||||||
So who is targeting the Linux distributions?So who is targeting the Linux distributions?Posted Dec 3, 2003 18:50 UTC (Wed) by sphealey (guest, #1028)Parent article: Gentoo rsync server compromised First Debian, now Gentoo. Who is targeting the Linux distributions for attack, and why? Assuming one has found a juicy attack vector, the distribution orgs would have to be one of the least profitable targets. Unless the attacker either has an ulterior motive, or a very long-range plan. So what's going on? sPh
(Log in to post comments)
So who is targeting the Linux distributions? Posted Dec 3, 2003 18:57 UTC (Wed) by lolando (subscriber, #7139) [Link] > First Debian, now Gentoo.I suppose you mean "First GNU, then Linux, then Debian, then Gentoo." Or should we include SCO in there too? ;-)
So who is targeting the Linux distributions? Posted Dec 3, 2003 19:00 UTC (Wed) by miah (guest, #639) [Link] I've been wondering about this for a little while too.. It seems strange that all this happenedso close together. I'd say somebody is definately targeting linux. ftp.gnu.org got owned
So who is targeting the Linux distributions? Posted Dec 3, 2003 19:12 UTC (Wed) by amtota (guest, #4012) [Link] conspiracy theory #1: microsoft has just announced that they would counterattack linux on security ... see headlines from last week.
So who is targeting the Linux distributions? Posted Dec 4, 2003 13:32 UTC (Thu) by davidl (guest, #12156) [Link] Well it wouldn't surprise me. Microsoft see free software and the free software projects as the real threat.
So who is targeting the Linux distributions? Posted Dec 3, 2003 20:55 UTC (Wed) by freethinker (guest, #4397) [Link] > What's next?Why, LWN, of course, so people won't get these warnings :)
So who is targeting the Linux distributions? Posted Dec 3, 2003 22:03 UTC (Wed) by sdoyon (subscriber, #4221) [Link] Erm well, http://savannah.gnu.org says"On December 1st, 2003, we discovered that the "Savannah" system, which is maintained by the Free Software Foundation and provides CVS and development services to the GNU project and other Free Software projects, was compromised at circa November 2nd, 2003. The compromise seems to be of the same nature as the recent attacks on
So who is targeting the Linux distributions? Posted Dec 17, 2003 14:55 UTC (Wed) by wookey (subscriber, #5501) [Link] One thing that may well contribute to a lot of attacks close together is that once you've sniffed a Debian Developer's password you have a good chance of using it to get into more than one machine. A lot of people use the same password in multiple places, even knowing it's poor practice, because there's a limit to how many you can remember.Quite a few passwords and keys could have become compromised in the Debian attack, and whilst we are all supposed to change all our affected passwords and keys on all the machines we use it's easy to forget one on some obscure box you haven't used for ages or otherwise leave a crack in a door somewhere, especially when multiplied by 1000 people, even if they are all essentially reasonably competent. I wouldn't be surprised if there are more break-ins using the info gleaned from this one (and maybe gentoo's). This would be a factor in the apparent clustering of attacks.
So who is targeting the Linux distributions? Posted Dec 3, 2003 19:34 UTC (Wed) by marduk (subscriber, #3831) [Link] Could this be that they all share the same vulnerability (in Linux) and crackers are just going after that vulnerability. In other words, maybe there's no conspiracy it's just that those are easy and obvious targets.
So who is targeting the Linux distributions? Posted Dec 3, 2003 19:48 UTC (Wed) by ken_i_m (guest, #4938) [Link] First the kernel cvs, then Debian, then Gentoo.
"I cracked debian.org, and for $10,000, I'll crack the Linux 2.4 server of your choice." Posted Dec 3, 2003 19:53 UTC (Wed) by sethg (guest, #14970) [Link] I know a number of laid-off hackers who have invested time in open-source development or other community-service programming projects, hoping that these projects will make them more likely to catch the attention of potential employers. Maybe the slow economy has made the computer-crime business harder, and driven some of the brighter crooks to make similar demonstrations of their skills.(Note that in all of these cases, unlike the recent spate of Windows worms, the author of the exploit was using it against a high-profile server and tried to remain undetected, rather than distributing the exploit widely in a way that would make the news by bringing down a large number of machines.) Or maybe it's a pure ego thing. If I were the sort of person who liked to break into other people's computers, and I figured out how to break into a server for a major Linux distribution, I would feel extremely 31337. Either of these things is more likely, I think, than a shadowy anti-Linux campaign by Microsoft.
"I cracked debian.org, and for $10,000, I'll crack the Linux 2.4 server of your choice." Posted Dec 3, 2003 21:31 UTC (Wed) by bex (guest, #16960) [Link] Does it have to be a shadowy MicroSoft campaign? I'm pretty sure there's more than one company or even group of people out there who'd like to see the end of OSS (or maybe just linux).At least they don't seem to be smart enough to entirely evade detection :)
So who is targeting the Free software community? Posted Dec 4, 2003 5:12 UTC (Thu) by Tashlan (guest, #17277) [Link] Didn't Microsoft go around pointing at the accessibility of GNU/Linux code as part of their FUD campaign?If I remember correctly, they were asserting that businesses couldn't risk switching to Linux because it would be too easy for someone to backdoor the code. Also, add to the list- SCO FUD, Microsoft to counter Security "attack", GNU, kernel, Debian, Gentoo... An interesting convergence of events to say the least!
So who is targeting the Linux distributions? Posted Dec 5, 2003 11:54 UTC (Fri) by psharboneaux (guest, #12543) [Link] Let's face it. Now that Linux is on the rise in popularity, it is going to be the target of exploit attacks just for fun, the same way exploiting vulnerabilies is done for fun in Windows. It was bound to happen anytime now...
|
|
||||||||||||