Maker tech hub — AI · 3D print · Pi · ESP32 · plus the classic tech archive.

Free ESP32 kit · Books · Network Ninja · Archive

Classic tech archive. From the original averyjparker.com tech blog — historical context; pair with modern guides where noted. Full archive · Maker projects · Network Ninja

Classic tip · Linux

Debian development server compromise

Sans also brings this story about the Debian development server being compromised. Investigation is ongoing. The machine was gluck.debian.org and hosted CVS among other things (ddtp, lintian, people,…

Written by

Avery J. Parker

IT veteran, maker educator, and author of Network Ninja, 3D Printing Mastery, and AI Workflow Mastery. Business IT: Diversified Tech Solutions.

Sans also brings this story about the Debian development server being compromised. Investigation is ongoing. The machine was gluck.debian.org and hosted CVS among other things (ddtp, lintian, people, popcon, planet, ports, release). It has been taken offline currently for a reinstall, other systems have been locked down until they can patch the vulnerability that they suspect was exploited. More details will be announced.


An update that I've seen today is that apparently a developer account with a weak password was compromised. Then the attacker used a LOCAL vulnerability to escalate privileges. The lesson to be learned here is that no matter how secure your network services are, the soft underbelly is the list of users that can log in to the machine (if that's allowed.) I mean.... if you have a tight ssh config and let bob@yourmachine.com use "bob" for his password.... good luck.

Network facing services deserve HARD passwords. One of the best suggestions I've heard for creating hard passwords that can be more easily remembered..... Think of a sentence, use the first letter of each word, substituting numbers in where possible. For instance.... "Look Before you Leap" would become... Lb4YL this is fairly short, but better than "look" It's also suggested to vary the case (upper/lower).