> Anyway, I wanted to point out that hundreds of sites are broken into
> every day around the world, but very few are so scrupulously public
> about letting their customers know what happened, how it was cleaned
> up, and what's being done to keep it from happening again. Only a
> hardcore open source group would do it that way.
Indeed. It's a hard thing to air your dirty laundry in public, but on
the whole I now have more confidence in the Debian crew, rather than less.
The only thing that worries me about the write up is the fact that a
"sniffed password" was used to break into several machines. I have to
ask why they're not using SSH for all communications to/from these
boxes and why they're not using something better than re-usable passwords
for access control. It's not clear that these "vulnerabilities" that
led to the original compromise have been closed, although the kernel
bug that allowed the "break root" apparently has been.
Sloppy work on the attackers' part in leaving the exploit code behind
so that it could be analyzed, btw. All you can say is, "thanks very much."
--
Hal Pomeranz, Founder/CEO Deer Run Associates [EMAIL PROTECTED]
Network Connectivity and Security, Systems Management, Training
_______________________________________________
EuG-LUG mailing list
[EMAIL PROTECTED]
http://mailman.efn.org/cgi-bin/listinfo/eug-lug
