LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

A tempest in a toybox

LWN.net Weekly Edition for January 26, 2012

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

So who is targeting the Linux distributions?

So who is targeting the Linux distributions?

Posted Dec 17, 2003 14:55 UTC (Wed) by wookey (subscriber, #5501)
In reply to: So who is targeting the Linux distributions? by miah
Parent article: Gentoo rsync server compromised

One thing that may well contribute to a lot of attacks close together is that once you've sniffed a Debian Developer's password you have a good chance of using it to get into more than one machine. A lot of people use the same password in multiple places, even knowing it's poor practice, because there's a limit to how many you can remember.

Quite a few passwords and keys could have become compromised in the Debian attack, and whilst we are all supposed to change all our affected passwords and keys on all the machines we use it's easy to forget one on some obscure box you haven't used for ages or otherwise leave a crack in a door somewhere, especially when multiplied by 1000 people, even if they are all essentially reasonably competent.

I wouldn't be surprised if there are more break-ins using the info gleaned from this one (and maybe gentoo's). This would be a factor in the apparent clustering of attacks.

(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds