Debian development server compromise
Sans also brings this story about the Debian development server being compromised. Investigation is ongoing. The machine was gluck.debian.org and hosted CVS among other things (ddtp, lintian, people, popcon, planet, ports, release). It has been taken offline currently for a reinstall, other systems have been locked down until they can patch the vulnerability that they suspect was exploited. More details will be announced.
An update that I’ve seen today is that apparently a developer account with a weak password was compromised. Then the attacker used a LOCAL vulnerability to escalate privileges. The lesson to be learned here is that no matter how secure your network services are, the soft underbelly is the list of users that can log in to the machine (if that’s allowed.) I mean…. if you have a tight ssh config and let bob@yourmachine.com use “bob” for his password…. good luck.
Network facing services deserve HARD passwords. One of the best suggestions I’ve heard for creating hard passwords that can be more easily remembered….. Think of a sentence, use the first letter of each word, substituting numbers in where possible. For instance…. “Look Before you Leap” would become… Lb4YL this is fairly short, but better than “look” It’s also suggested to vary the case (upper/lower).
Popularity: 1% [?]
Related Posts - Another Debian server security breach According to this story, there has been another compromise of a debian project server. (Is this the third in the last year?)... the Alioth webserver was offline most of the 5th of September... It was simply stopped because we discovered that some script kiddies were running an IRC proxy. After......
- 5198 Security Vulnerabilities tracked by US-CERT in 2005 The headline probably says most all... 5198 vulnerabilities tracked by US-Cert in 2005. This comes from The SecurityFix. It's probably not every vulernability that was out in 2005, just those that US-CERT issued advisories for. The breakdown is 812 in Windows 2,328 in various Unix/Linux/Mac/BSD systems and 2,058 affecting multiple......
- Hamachi p2p vpn A few days back I was at grc to run a "shields up" scan on a clients machine and found reference to their Security Now podcast (Leo Laporte and Steve Gibson.) The cast was about a VPN tool called Hamachi... so I revisited and gave a read to the Security......
Related Websites - Wireless Broadband Internet-whether It Is LAN Or WAN Service-is Associated Having A Wireless broadband Internet-whether it is LAN or WAN service-is associated having a number of diverse myths. These typically center on security and need to do with anxiety about how info is transmitted over a wireless connection and, furthermore, need to do with concerns about eavesdropping, in several cases. You will......
- Want To Succeed In Internet Marketing? Pay Attention To “Executionâ€, Particularly When It Comes To Facebook. Facebook, is the hottest new marketing platform to hit the Internet Marketing industry since its very inception. People thought the “internet bubble†had burst and that there was no way in hell that anyone who had joined the race too late for their own good (i.e. recently) was ever......
- 1 Reason Why You Aren't Investing In PPC Advertising - Internet Marketing Strategies [/caption] Sometimes I think the whole world is oblivious to real, actionable internet marketing strategies.. Why does everyone consider PPC Advertising a plague of sorts? ;) I thought I'd take some time out today to propose at least 5 reasons why Internet Marketing has become such a stagnated industry......
Similar Posts
- Network Security guide for the home or small business network – Part 10 – use good passwords
- Varying Degrees of Password Security
- Pretty, shiny usb drive is all it takes to compromise security….
- Network Security guide for the home or small business network – Part 9 – Know your network
- Network Security guide for the home or small business network – Part 6 – Secure your services