Debian development server compromise



Sans also brings this story about the Debian development server being compromised. Investigation is ongoing. The machine was gluck.debian.org and hosted CVS among other things (ddtp, lintian, people, popcon, planet, ports, release). It has been taken offline currently for a reinstall, other systems have been locked down until they can patch the vulnerability that they suspect was exploited. More details will be announced.


An update that I’ve seen today is that apparently a developer account with a weak password was compromised. Then the attacker used a LOCAL vulnerability to escalate privileges. The lesson to be learned here is that no matter how secure your network services are, the soft underbelly is the list of users that can log in to the machine (if that’s allowed.) I mean…. if you have a tight ssh config and let bob@yourmachine.com use “bob” for his password…. good luck.

Network facing services deserve HARD passwords. One of the best suggestions I’ve heard for creating hard passwords that can be more easily remembered….. Think of a sentence, use the first letter of each word, substituting numbers in where possible. For instance…. “Look Before you Leap” would become… Lb4YL this is fairly short, but better than “look” It’s also suggested to vary the case (upper/lower).

Related Posts

Blog Traffic Exchange Related Posts
  • Diebold Voting machine vulnerabilities Freedom to tinker brings us this BIG problem. I guess what concerns me most about this, is the way I see it, voter fraud has pretty much gone on since there have been elections. Let's face it, there is always someone, acting officially or not that will jockey for the......
  • Exploit for Unpatched Internet Explorer vulnerability Well.... buckle your seatbelts it's going to be a bumpy start to the week. the securityfix as well as incidents.org are reporting on exploit code that has been released that takes advantage of an unpatched Internet Explorer vulnerability. According to the Sans institute diary entry... they have tested the exploit......
  • Another Debian server security breach According to this story, there has been another compromise of a debian project server. (Is this the third in the last year?)... the Alioth webserver was offline most of the 5th of September... It was simply stopped because we discovered that some script kiddies were running an IRC proxy. After......
Blog Traffic Exchange Related Websites
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site