Intrusion Cleanup Forces Delay For GNOME 2.6 170
An anonymous reader writes "Looks like the GNOME site (both web and FTP) is back up and running again (from a replacement system). The restoration work is still going on, and dynamic content does not work yet. Bugzilla should be up by tomorrow (it is already in testing mode). More details are available in this announcement. Kudos to the GNOME sysadmin team for such a rapid recovery." However, blurzero writes "GNOME 2.6 was scheduled to be released sometime today, however after evidence of possible intrusion on the web server, the release has been delayed by one week, until March 31st." Update: 03/24 14:08 GMT by T : An anonymous reader points to this story on the delay at ZD Net Australia.
Must've been a real bugger (Score:4, Interesting)
I suppose (Score:3, Interesting)
Re:It's just a hoax (Score:2, Interesting)
Also, this attack reminds me of the one to the Debian servers, because it occurred just before a Woody release. Let's wait and see what the Gnome team has to say about it.
Re:Must've been a real bugger (Score:3, Interesting)
TripeWire never works.
I've seen TW failing and being exploited in several installations.
Since the release of wirecutter TripWire has become fucking useless.
Who's responsible (Score:0, Interesting)
Re:Awwww man! (Score:2, Interesting)
Intrusion Method Same Of Gnu.org Intrusion? (Score:4, Interesting)
Still, I am happy to see that this will not push the next version of Gnome back very much. It is really starting to look nice to me and I am a Mac OS X user.
Re:Dumb Cracker? (Score:3, Interesting)
It would be interesting to learn how the compromise had occurred.
I'm guessing that all the important services would have been up to date (ssh/rsync/apache/etc) - so that leaves a password/ssh keycompromise, or some scripting flaw..
I hope we find out once the cleanup has been completed.
Re:Well, there is one difference I appreciate... (Score:5, Interesting)
Well kiddo, it's not just MSFT truth be known (hence my mention of "more importantly, other proprietary companies..." )
Most proprietary companies are too worried about "customer confidence" to actually be honest with their customers. Back when a group of russians had 3 months' unlimited access to Windows' source code, it took outright proof in public before MSFT would admit to such a thing. ...and that's just MSFT; I wonder how many times Adobe's servers have been compromised? It would be nice to know that P-shop and Acrobat (or worse, the free reader?) wasn't quietly trojaned-up and sleeping on my 'dows boxen.
Now, what about the break-ins we don't know about? How were they handled? How can a proprietary software company, let alone its customers, be sure that there aren't any nasty suprises hidden in their products?
It's damned refreshing to be a customer who is treated like an adult, and not lied to, or kept in the dark about the products I use.
Does this answer your question?
Re:Dumb Cracker? (Score:3, Interesting)
the problem is, you can't trace the initial attack vector. It can be done by any script kiddie who compromises a machine that some developper uses. However, if it's not a mere script kiddie (and covers his tracks successfully), chances are that even a competent sysadmiin can fail to discover it. Yeah, I know about read-only/remote IDS databases, remote logs, backups and so on. It's a nice overhead when you're handling a large farm and you still have to make sure the data is on a secure machine. Do you do it for all your servers? (besides, at this level of complexity you need a full-time job - at least experienced hackers will see it coming and maybe leave you alone).
that said, whoever was the sysadmin for that box picked it up - kudos for that! And if the 'dumb cracker' line means what it says (from the logs, etc) then here's hoping that it was indeed just a lone incident.
Re:Dumb Cracker? (Score:1, Interesting)
When you are so exposed on the Internet as gnome.org, you also need good sysadmins, not only good programmers. GNU/Linux alone doesn't do the trick. I don't see why people are saying how wise of them to move everything off-line and delay the release. They were idiots in the first place because they obviously left severe vulnerabilities unpatched. I hope that lessons are learned.