Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
GNOME GUI Security Software

Intrusion Cleanup Forces Delay For GNOME 2.6 170

Posted by timothy from the checked-for-stupidity-and-found-malice dept.
An anonymous reader writes "Looks like the GNOME site (both web and FTP) is back up and running again (from a replacement system). The restoration work is still going on, and dynamic content does not work yet. Bugzilla should be up by tomorrow (it is already in testing mode). More details are available in this announcement. Kudos to the GNOME sysadmin team for such a rapid recovery." However, blurzero writes "GNOME 2.6 was scheduled to be released sometime today, however after evidence of possible intrusion on the web server, the release has been delayed by one week, until March 31st." Update: 03/24 14:08 GMT by T : An anonymous reader points to this story on the delay at ZD Net Australia.
This discussion has been archived. No new comments can be posted.

Intrusion Cleanup Forces Delay For GNOME 2.6 More

Intrusion Cleanup Forces Delay For GNOME 2.6

Comments Filter:

  • Well, there is one difference I appreciate... (Score:5, Insightful)

    by Penguinisto ( 415985 ) on Wednesday March 24, 2004 @10:11AM (#8655466) Journal
    With GNOME and most other F/OSS projects, at least you get honest, up-front answers and timely announcements of intrusion attempts and such.

    If only MSFT (and more importantly, proprietary software companies that aren't so much in the spotlight) were as forthcoming about break-ins.

  • Ya know... (Score:2, Insightful)

    by oldosadmin ( 759103 ) on Wednesday March 24, 2004 @10:12AM (#8655473) Homepage
    It makes you nervous about the big megacorps -- when their website is compromised -- do they even know... or care? I've never seen M$ shut down for a day because of a website compromise, although it must have happened several times.

  • Re:Must've been a real bugger (Score:2, Insightful)

    by tobechar ( 678914 ) on Wednesday March 24, 2004 @10:14AM (#8655488)

    I am personally disappointed in having to wait another week, however I completely respect the Gnome team on their tireless efforts. :)

    I definatly agree with the idea of rolling back to a backed up copy of their site, but perhaps they do not know how long someone was able to access their systems?

    Gnome team, take all the time you need. :)

  • Re:Must've been a real bugger (Score:5, Insightful)

    by Penguinisto ( 415985 ) on Wednesday March 24, 2004 @10:24AM (#8655589) Journal
    It takes some work, but there is one way to insure a completely clean system: Re-installation of the OS from media, or a backup from a time known before the break-in.

    Either way, you only have to check the backup server data itself against (externally backed-up) MD5 checksums, and ask developers to re-commit any changes made during the suspect time.

    Now try and do that to a mail server, and the fecal matter hits the air-handler. But, with data that is relatively static by comparison, it takes work, but isn't too much of a trial.

    $0.98 in change, please :)

  • Dumb Cracker? (Score:4, Insightful)

    by gscott ( 187733 ) on Wednesday March 24, 2004 @10:25AM (#8655600)

    According to Waugh, the GNOME Web servers that are hosted by Red Hat were compromised by "a dumb cracker who probably didn't realise what they got into".

    Seems like he was smart enough to hack their system.

  • Kudos to the GNOME sysadmin team for getting owned (Score:0, Insightful)

    by Anonymous Coward on Wednesday March 24, 2004 @10:28AM (#8655622)
    Kudos to the GNOME sysadmin team for getting owned

  • Ack. Insightful? (Score:3, Insightful)

    by adamofgreyskull ( 640712 ) on Wednesday March 24, 2004 @10:28AM (#8655629)
    Something bad happens to someone we like. Bummer.
    Something bad happens to someone we don't like. Haw Haw.

    Why do people make such a big fucking deal out of double standards? Should I feel equally angry toward someone who kills a stranger as I would if they'd killed a relative? No.

  • Goes to show, Open Source != always secure (Score:1, Insightful)

    by Anonymous Coward on Wednesday March 24, 2004 @10:39AM (#8655747)
    With all these break-ins on open source servers, it should finally let people see that just having open source software on a server does not make it more secure. The apache.org site was hacked because of an insecure default install of a web application and MySQL. Even the docs said not to leave it that way. If 1 in 100,000 people make such mistakes, popularity created more places to get in.

  • MOD PARENT DOWN (Score:2, Insightful)

    by Anonymous Coward on Wednesday March 24, 2004 @10:46AM (#8655812)
    No post with "M$" in the body contains anything of value.

  • Re:Must've been a real bugger (Score:1, Insightful)

    by Anonymous Coward on Wednesday March 24, 2004 @10:46AM (#8655813)

    The caveat with that scenario is that you have to a) know exactly how the break-in occured in order to b) know that you can fix the system from the pre-break in state to remove the vulnrability before bringing the system back online.

    Just re-imaging the server and putting it back online will result in the server being comprimised again.

  • Could it be?? (Score:3, Insightful)

    by goldspider ( 445116 ) on Wednesday March 24, 2004 @10:51AM (#8655861) Homepage
    Could it be that having competant, diligent system admistrators is more important than using the "right" server platform?

  • Re:Confidence ? (Score:4, Insightful)

    by prisoner-of-enigma ( 535770 ) on Wednesday March 24, 2004 @11:11AM (#8656077) Homepage
    How do you know the MD5 wasn't made after the intruder got in? It wouldn't be very valuable then, would it?

    The point is, after a breakin you must determine when the breakin occured, because everything after that is suspect. The problem is it can sometimes be very difficult -- or impossible -- to determine when the breakin happened. Then you're really, really screwed.

  • Re:Must've been a real bugger (Score:3, Insightful)

    by ArsonSmith ( 13997 ) on Wednesday March 24, 2004 @11:16AM (#8656145) Journal
    Re-installation of the OS from media

    What if the OS has a vulnribility and the attacker can get back in without issues?

    a backup from a time known before the break-in

    What if the attacker had installed the back door months before hand? You may not have a valid backup.

  • Re:Must've been a real bugger (Score:3, Insightful)

    by ArsonSmith ( 13997 ) on Wednesday March 24, 2004 @11:19AM (#8656189) Journal
    Of course even a reinstall still leaves the original hole open that the attacker used in the first place.

  • Re:Ack. Insightful? (Score:3, Insightful)

    by dasmegabyte ( 267018 ) <das@OHNOWHATSTHISdasmegabyte.org> on Wednesday March 24, 2004 @11:36AM (#8656375) Homepage Journal
    Well, it depends. Do you purport to be a moral and logical person? Do you believe in the protection of personal freedoms?

    If so, then even if you don't KNOW or LIKE the victim, you should still support punishment of the criminal. Otherwise, you're encouraging elitism. Or do you want to live in a world where crimes against the unpopular are cheered and go unpunished?

    I lived in a similar world called "Middle School," and I wouldn't want to go back.

  • Re:Well, there is one difference I appreciate... (Score:3, Insightful)

    by Call Me Black Cloud ( 616282 ) on Wednesday March 24, 2004 @12:07PM (#8656794)
    It would be nice to know that P-shop and Acrobat (or worse, the free reader?) wasn't quietly trojaned-up and sleeping on my 'dows boxen.

    How does a public disclosure ensure the binaries are secure?

    How can a proprietary software company, let alone its customers, be sure that there aren't any nasty suprises hidden in their products?

    How? Probably the same way everyone else does it. The OS model does not have a monopoly on practices used to ensure code integrity.

  • Re:Linux on the desktop? Fair question, on topic. (Score:3, Insightful)

    by Theatetus ( 521747 ) * on Wednesday March 24, 2004 @12:37PM (#8657177) Journal

    No, dumbass, the difference is that closed-source companies keep it a secret (or doesn't know in the first place) when their servers are compromised while Gnome and Debian are very up-front about it.

    If you think this kind of thing hasn't happened to Microsoft, Oracle, etc., you're wrong. They just like to keep it quiet.

  • Re:Well, there is one difference I appreciate... (Score:1, Insightful)

    by Anonymous Coward on Wednesday March 24, 2004 @01:42PM (#8658067)
    I find it amusing that the Gnome site had a security issue and folks find a way to use that fact to blast Microsoft! Funny stuff.

    I'm guessing Gnome runs some type of Linux/Apache server combo... if they were running Windows IIS, folks would be talking about what a piece of garbage IIS is (regardless of if the security breach was a bug or an IT/config issue)... and Microsoft would be bashed on the 7:00 news for yet another "virus" (you need to dumb it down for the national news).

  • Re:Must've been a real bugger (Score:3, Insightful)

    by DarkOx ( 621550 ) on Wednesday March 24, 2004 @04:05PM (#8659823) Journal
    The proper responce (in the majority of cases) is, image the compromised file system. Reinstall the production system from source media and patches. Get the system back in production but change all the passwords, ssl keys etc, give it some other ip then where your dns points and only let the people who *absolutely* need it know how to get at it. Remember time is money and getting back in production fast is important, even if its more limited production. Now analyize that filesystem image and figureout what happend. Go to the porduction system and patch the hole. Move to full production. This is almost always my policy, thankfully I have only had to evoke it once.

Slashdot Top Deals

"The one charm of marriage is that it makes a life of deception a neccessity." - Oscar Wilde

Close