| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
GNU Servers Hacked, Linux Software May Be Compromised | |
|
||
| Time: 01:02 EST/06:02 GMT | News Source: CRN | Posted By: Jonathan Tigner | ||
|
In mid-March, someone hacked the primary file servers hosted by the GNU Project, the group which supports the development of many of the components in the Linux operating system, the group acknowledged Wednesday. It warned that the attacker may have inserted malicious code into the free software available for download, including Linux, and posted a set of hashes that users can check against to determine if what they retrieved is clean. The attack took place in March, but was only discovered in late July. It used an exploit that was revealed on March 17, for which a patch wasn't immediately available. It was during a week's span of vulnerability that the servers were compromised, the FSF said in a statement. A trojan horse was placed on the system at that time, possibly for password collection and to use the machine for additional attacks, according to the FSF. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 160 Last | Next |
The time now is
11:33:40 AM
ET.
Any comment problems? E-mail us |
| #1 By 931 (66.156.6.175) at 8/15/2003 2:28:23 AM |
| It's interesting how little press this gets too.. not that I really care though. |
| #2 By 7754 (24.245.76.135) at 8/15/2003 5:07:35 AM |
| Perhaps they should have run Windows on their servers.... :) |
| #3 By 1295 (216.84.210.100) at 8/15/2003 10:17:07 AM |
|
6 - regardless... 4 months to find out that it was jacked is pretty bad.
Sure the dropped some checksums to verify files... is that good enough for you? "For the rest of you shouting stupidities, wasn't the whole Microsoft thing based on a ridiculously stupid little vulnerability? Yeah." So this wasn't some "stupid little vulnerability." You mean it was super hard to find if you were looking? Just because some lameass didn't build a cute little executable that procreated itself across the net with it doesn't mean it isn't still a "vulnerability". Look at this as if it was from MS... MS server gets hacked by a vulnerability which though they knew about it, it took them 2 weeks to come up with a patch, so they were open for that timeframe. Then it takes them 4 months to notice it. Plus they wait 2 weeks to tell people about it. But wait... the have some binary files to which normal internet users could verify something they downloaded 4 months ago to make sure it isn't crapped. Boy would the *nix crowd be having a field day with this... but instead you get crap like #6 |
| #4 By 135 (209.180.28.6) at 8/15/2003 11:11:49 AM |
|
gg - "I'm not excusing the *nix crowd for jumping all over MS over certain things, but on the other hand, it seems the windows crowd is just as eager to diss anyone and anything. Yer all one and the same. "
This security breach is more egregious and more damaging to their credibility than anything Microsoft has ever done. And yet you defend them... Amazing! And yes, I am eager to diss them because of the years I have had to put up with their false claims. They're unwilling to behave reasonable, whereas I am. However when they continue to behave in an unreasonable manner, and I see chinks in their armor you can bet I'm going to ram a dagger in there until they learn to behave like adults. This post was edited by sodablue on Friday, August 15, 2003 at 11:53. |
| #5 By 3339 (66.219.95.6) at 8/15/2003 12:49:12 PM |
|
"This security breach is more egregious and more damaging to their credibility than anything Microsoft has ever done. "
Huh? MS has had its networked hacked and accessed. Multiple times. So how is it in anyway more damaging? |
| #6 By 3339 (66.219.95.6) at 8/15/2003 1:04:35 PM |
|
"Because the gnu site is the sole repository for hundreds of applications that are now suspect."
Are you suggesting they don't have a backup of the data from the day before the infection? That no user in the world has source for "non-infected" (which it isn't)? So how is it the sole repository? "Which makes all of Linux suspect." Not at all. The checksums are sufficient and these are the CVS repositories which are viewed and verified by the active developers. Check sums, source review and daily backups, and things are fine. "therefore has a list of the userids and passwords of hundreds of open source developers." This isn't known for sure. And what's the impact? Your pathetic suggestion that some of these passwords may be the same uids and passwords at other sites is laughable. This has happened how many times to hotmail? To how many sites with CC data? So couldn't any uid grab lead to access to a MS id? Are you suggesting that Linux developers won't change their passwords so now the hacker has a permananet backdoor? Don't make me laugh? Microsoft never said what was viewed when they've been penetrated... for all we know they've had their internal network passwords harvested as well. And let's remember, MS has been penetrated because they FAILED to apply THEIR OWN patches, failed to follow THEIR OWN advisories. This post was edited by sodajerk on Friday, August 15, 2003 at 13:06. |
| #7 By 3339 (66.219.95.6) at 8/15/2003 2:50:38 PM |
|
"Most sites do not keep daily backups for 4 months. It is unlikey they even had a weekly backup, since most sites only keep a weekly for a month. They may have had monthlies. Their announcment makes no such claims."
Don't know what you think are best practices but I would disagree. And by issuing the checksums it is implicit that they do have backups of uncompromised source which they can verify against. "All files modified and added since March are suspect." And this is why they're being checked. "Even they admit they have files that cannot be checked." Where do they say this? They provided a complete list of checksum values so how is it that some can't be checked? "They said: "The modus operandi of the cracker shows that (s)he was interested primarily in using gnuftp to collect passwords..."" And it is not known if it was successful. Presuming so is simply FUD. "Only an idiot would suggest that everyone uses a different uid and password at every different site they have accounts." That's not my suggestion. But to suggest that every developer uses the same uid and pword and that all of those passwords are now compromised and that the person responsible has now used those ids to determine every OS project that these dev'ers have ever contributed to and the hacker has since used those ids to compromise and add trojans to every OS project and hence Linux is compromised just because the GNU site was is stunningly pathetic. I thought SCO was good at the FUD. "The hacker could have compromised every other software repository by using the uid and passwords harvested." Simply, utterly retarded. "The most important lesson to learn is that Linux is compromised." No, it's not. A site was compromised. A site. A potential exists, and caution has been raised. The integrity of the GNU projects can be verified (and repaired if necessary but this hasn't been shown yet anyway), and this does not carry over to ALL of "Linux." This post was edited by sodajerk on Friday, August 15, 2003 at 14:58. |
| #8 By 3339 (66.219.95.6) at 8/15/2003 5:24:44 PM |
|
"4 or 6 dailies. The Friday Daily is the weekly. The 4th or 5th weekly is a monthly. Do a yearly once a year.
How many dailies do you think they had? 120? 200? 366? " Heh? Why the fsck would you need more than ONE backup if it preceded the penetration? Why the fck would you need 366 backups to restore the files? "The files that have not been checked are listed in the root directory as "MISSING-FILES". We are in the process of asking GNU maintainers for trusted secure checksums of those files before we put them in place." Exactly. They are creating the checksums from trusted secure backups, d1psh1t. This doesn't mean they have no way to check them. In fact, they ARE SAYING they are in the process of checking them. Which means they can and will be. "4 months with a trojan running with root access? And you question whether it was successful?" Yes, I am. By no means, can you make your ludicrous claim simply based on time span. They should be able to verify what was accessed and transferred over the net ultimately. "Where was that list? On the compromised server? Why trust that list!" I do believe the list was compiled post discovery, dumbass. How? Don't you think the core maintainers keep their own backups of source? Hell, I bet many of them perform checksums per contribution. Your FUD is pathetic. Most people wouldn't even claim that any conseuqences to GNU impacts Linux, but whatever dumbass. |
| #9 By 3339 (66.219.95.6) at 8/15/2003 6:25:08 PM |
|
No, parker, I'm not ignorant. We archive all of our monthlies. I would imagine many corps do this. In your own scenario, you have a tape for February 28th.
And besides, all you need is to determine the last build prior to the breach. From there all you need to do is contact contributors who archive builds of the app. Any contributor is likely to maintain their own backups of the particular apps they are contributing to. Sorry, parker, but there are a million ways of verifying and restoring any data that was compromised if compromised at all. |
| #10 By 3339 (66.219.95.6) at 8/15/2003 6:44:16 PM |
|
By the way, parker... I still think all of my points are valid (I note that you didn't respond to most of my rebuttals) but I just was informed that I have sincerely been wasting way too much time talking to you.
The files located on gnuftp are not even the primary codebase. It is simply an ftp location used as a common place to find GPL'ed apps. None of these files are THE only file, the originary file that contributors submit to... Most of the apps located here aren't even GNU projects. Some sites (but very few) mirror this location. But the only problem is if you have grabbed files from this location specifically in the last four months. That is why files are "missing." These files are primarily from apps coming from projects outside of GNU so they haven't been able to restore the secure backups. WHICH DO EXIST. Which is why they were able to verify the checksums and repost the secure, uncompromised files for most of the apps already. Idiot! |
| #11 By 3339 (66.219.95.6) at 8/15/2003 7:56:17 PM |
|
Look at the damn checksum file. Yes, they are comparing files to the 2001 and 2002 backup... because these are old, old version. Then note that most apps, the last two or three versions are checksummed against digitally-signed secure copies stored on other sites.
Jesus, parker, there is no compromise of code here. |
| #12 By 3653 (209.149.57.116) at 8/17/2003 12:51:42 AM |
|
Thats it. I'm dumping Linux from my company on Monday.
Oh, wait... I never let that communist OS in the door in the first place. |
|
Write Comment
Return to News |
Displaying 1 through 25 of 160 Last | Next |
The time now is
11:33:40 AM
ET.
Any comment problems? E-mail us |
