Debian development server compromise



Sans also brings this story about the Debian development server being compromised. Investigation is ongoing. The machine was gluck.debian.org and hosted CVS among other things (ddtp, lintian, people, popcon, planet, ports, release). It has been taken offline currently for a reinstall, other systems have been locked down until they can patch the vulnerability that they suspect was exploited. More details will be announced.


An update that I’ve seen today is that apparently a developer account with a weak password was compromised. Then the attacker used a LOCAL vulnerability to escalate privileges. The lesson to be learned here is that no matter how secure your network services are, the soft underbelly is the list of users that can log in to the machine (if that’s allowed.) I mean…. if you have a tight ssh config and let bob@yourmachine.com use “bob” for his password…. good luck.

Network facing services deserve HARD passwords. One of the best suggestions I’ve heard for creating hard passwords that can be more easily remembered….. Think of a sentence, use the first letter of each word, substituting numbers in where possible. For instance…. “Look Before you Leap” would become… Lb4YL this is fairly short, but better than “look” It’s also suggested to vary the case (upper/lower).

Related Posts

Blog Traffic Exchange Related Posts
  • Network Security guide for the home or small business network - Part 6 - Secure your services This one is going to be tougher. Of what we've looked at so far this will probably take more work and learning than any of the others. The good news is, depending on your situation you may need to do less here. IF you have decided that your pc (or......
  • Hamachi p2p vpn A few days back I was at grc to run a "shields up" scan on a clients machine and found reference to their Security Now podcast (Leo Laporte and Steve Gibson.) The cast was about a VPN tool called Hamachi... so I revisited and gave a read to the Security......
  • Pretty, shiny usb drive is all it takes to compromise security.... Sometimes you just want to cry... This writeup is an example of the "soft underbelly" of every network's security plan... the users. Basically, you have a group that was hired to do a computer security audit of a credit union. They were told that some of the main concerns were......
Blog Traffic Exchange Related Websites
  • How to use Twitter, the right way~ Twitter has become so saturated with spammers and scammers over the past year or so that really learning how to use Twitter with the intention of converting some of the traffic it sends has become a false hope. Enter the #internetmarketing hastag into search.twitter.com for instance, and you'll immediately......
  • Wireless Broadband Internet-whether It Is LAN Or WAN Service-is Associated Having A Wireless broadband Internet-whether it is LAN or WAN service-is associated having a number of diverse myths. These typically center on security and need to do with anxiety about how info is transmitted over a wireless connection and, furthermore, need to do with concerns about eavesdropping, in several cases. You will......
  • Umm.. Who Said PPC Is Evil? - Internet Marketing Strategies   Everywhere you look these days, anyone and everyone in Internet Marketing is flocking to "free", "free" and only "free" traffic generation strategies. Article Marketing, Blog Commenting, Forum Participation, Trackbacks, you name it; Somehow almost everyone is under the mistaken impression that "free" is the way to go. So......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site