Re: Debian servers "hacked"?

2003-11-21 Thread Ricardo Kustner 
On Friday 21 November 2003 15:14, Thomas Sjögren wrote:
> On Fri, Nov 21, 2003 at 02:17:52PM +0200, Johann Spies wrote:
> > On Fri, Nov 21, 2003 at 12:38:50PM +0100, Thomas Sjögren wrote:
> > > Anyone to shed some light over this
> > There has been an announcement on the Debian-announce-list a few
> > minutes ago which clarifies the situation.  I have asked Martin to
> > publish the the announcement in this list also.
> Yes, I know. The last 5 replies i've got was with the url to that
> announcement.
> What i'm interested in was how it could happen.

If you're patient for a little while, I'm sure that'll be announced. The most 
imporant thing right now is that everything is secured and fixed IMHO. 

Regards,

Ricardo.

-- 


Ricardo Kustner
IC&S Linux Professionals
Stadhouderslaan 57
3583 JD UTRECHT
T: 030-6355730 
F: 030-6355731 

PGP-key:
http://www.ic-s.nl/keys/ricardo.txt

Re: Debian servers "hacked"?

2003-11-21 Thread Lukas Ruf 
-BEGIN PGP SIGNED MESSAGE-

> Thomas Sj?gren <[EMAIL PROTECTED]> [2003-11-21 16:43]:
>
> On Fri, Nov 21, 2003 at 02:17:52PM +0200, Johann Spies wrote:
> > On Fri, Nov 21, 2003 at 12:38:50PM +0100, Thomas Sjögren wrote:
> > > Anyone to shed some light over this?
> >
> > There has been an announcement on the Debian-announce-list a few
> > minutes ago which clarifies the situation.  I have asked Martin to
> > publish the the announcement in this list also.
> >
>
> Yes, I know. The last 5 replies i've got was with the url to that
> announcement.

I would be more than interested in seeing a digitally signed
email by one of the @debian persons that proves evidence.

wbr,
Lukas
- -- 
Lukas Ruf   | Wanna know anything about raw |
 | IP? ->  |
eMail Style Guide: |
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.3 (GNU/Linux)

iQCVAwUBP74zT2g5P0zSC6LtAQFV3wP/WB7E1PYy2zQqpVLiqZckwS386IrkoeAu
TpxzehXIr+wWKlamalNDrZujTn6WSX0kWtcbcKnLhkc//ttg0q3Cd3oBH8bEv5Sf
csGOA+3qsqN5qIkApk7p6pVBQIjcATuJMsUlFSfgICrq+f//lxJVJqU8qrV92AMx
WD2bO6XKB2o=
=XULl
-END PGP SIGNATURE-

Re: Debian servers "hacked"?

2003-11-21 Thread Bueno 

Sorry,
wrong copy/paste

http://cert.uni-stuttgart.de/files/fw/debian-security-20031121.txt
is the right

>>>> [Note: The original announcement didn't have a GnuPG
>>>> signature.]

On (21/11/03 14:15), Jan Wagner wrote:
> On Friday 21 November 2003 13:58, Bueno wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> > 
> > - 
> > The Debian Projecthttp://www.debian.org/
> > Some Debian Project machines compromised[EMAIL PROTECTED]
> > November 21st, 2003
> > - 
> > 
> > Some Debian Project machines have been compromised
> > 
> > This is a very unfortunate incident to report about.  Some Debian
> > servers were found to have been compromised in the last 24 hours.
> > 
> > The archive is not affected by this compromise!
> > 
> > In particular the following machines have been affected:
> > 
> >   . master (Bug Tracking System)
> > . murphy (mailing lists)
> >   . gluck (web, cvs)
> > . klecker (security, non-us, web search, www-master)
> > 
> > Some of these services are currently not available as the
> > machines
> > undergo close inspection.  Some services have been moved to
> > other
> > machines (www.debian.org for example).
> > 
> > The security archive will be verified from trusted sources
> > before it
> > will become available again.
> > 
> > Please note that we have recently prepared a new point release
> > for
> > Debian GNU/Linux 3.0 (woody), release 3.0r2.  While it has not
> > been
> > announced yet, it has been pushed to our mirrors already.  The
> > announcement was scheduled for this morning but had to be
> > postponed.
> > This update has now been checked and it is not affected by the
> > compromise.
> > 
> > We apologise for the disruptions of some services over the next
> > few
> > days.  We are working on restoring the services and verifying
> > the
> > content of our archives.
> > 
> > 
> > Contact Information
> > - ---
> > 
> > For further information, please visit the Debian web pages at
> > <http://www.debian.org/> or send mail to <[EMAIL PROTECTED]>.
> > -BEGIN PGP SIGNATURE-
> > Version: GnuPG v1.2.3 (GNU/Linux)
> > 
> > iD8DBQE/vfsJW5ql+IAeqTIRApjYAJ4v6QK07nyNNyBCvsosorej3cwMHACfZcLt
> > PwFJYJu8w1rU64Z82ddF6LY=
> > =If2b
> > -END PGP SIGNATURE-
> > 
> > 
> > 
> > On (21/11/03 13:13), Jan Wagner wrote:
> >
> > > On Friday 21 November 2003 12:38, Thomas Sjögren wrote:
> > >
> > > > Anyone to shed some light over this?
> > > >
> > > > "Someone has cracked all the servers of the Debian Project. There has
> > > > been a severe security mishap and guys should uninstall all stuff
> > > > downloaded and installed in the past 2 days. Please do not apt-get
> > > > anything right now! Please wait till an `official' release happens!"
> > > > http://article.gmane.org/gmane.linux.debian.user/117910
> > > >
> > > > Server security mishap - you think?!
> > >
> > > 
> > > http://luonnotar.infodrom.org/~joey/debian-announce.txt
> 
> Seems you didn´t read this.
> 
> Regard, Jan.

-- 
Bueno, Felippe
<[EMAIL PROTECTED]>
http://www.hal.vu


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Debian servers "hacked"?

2003-11-21 Thread Michael Stone 
On Fri, Nov 21, 2003 at 01:32:22PM +0100, Thomas Sjögren wrote:
Ok, so there's no manual auditing on services, processes, etc (on a daily
basis) while the servers are running?
Thank you for not starting wild unfounded rumors. If you don't have the
facts it is unproductive to speculate wildly, especially in a pejorative
fashion.
Mike Stone

--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Debian servers "hacked"?

2003-11-21 Thread Thomas Sjögren 
On Fri, Nov 21, 2003 at 02:17:52PM +0200, Johann Spies wrote:
> On Fri, Nov 21, 2003 at 12:38:50PM +0100, Thomas Sjögren wrote:
> > Anyone to shed some light over this?
> 
> There has been an announcement on the Debian-announce-list a few
> minutes ago which clarifies the situation.  I have asked Martin to
> publish the the announcement in this list also.
> 

Yes, I know. The last 5 replies i've got was with the url to that
announcement. 
What i'm interested in was how it could happen.

/Thomas
-- 
== [EMAIL PROTECTED] | [EMAIL PROTECTED]
== Encrypted e-mails preferred | GPG KeyID: 114AA85C
--


signature.asc
Description: Digital signature

Re: Debian servers "hacked"?

2003-11-21 Thread Bueno 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
The Debian Projecthttp://www.debian.org/
Some Debian Project machines compromised[EMAIL PROTECTED]
November 21st, 2003
- 

Some Debian Project machines have been compromised

This is a very unfortunate incident to report about.  Some Debian
servers were found to have been compromised in the last 24 hours.

The archive is not affected by this compromise!

In particular the following machines have been affected:

  . master (Bug Tracking System)
. murphy (mailing lists)
  . gluck (web, cvs)
. klecker (security, non-us, web search, www-master)

Some of these services are currently not available as the
machines
undergo close inspection.  Some services have been moved to
other
machines (www.debian.org for example).

The security archive will be verified from trusted sources
before it
will become available again.

Please note that we have recently prepared a new point release
for
Debian GNU/Linux 3.0 (woody), release 3.0r2.  While it has not
been
announced yet, it has been pushed to our mirrors already.  The
announcement was scheduled for this morning but had to be
postponed.
This update has now been checked and it is not affected by the
compromise.

We apologise for the disruptions of some services over the next
few
days.  We are working on restoring the services and verifying
the
content of our archives.


Contact Information
- ---

For further information, please visit the Debian web pages at
 or send mail to <[EMAIL PROTECTED]>.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/vfsJW5ql+IAeqTIRApjYAJ4v6QK07nyNNyBCvsosorej3cwMHACfZcLt
PwFJYJu8w1rU64Z82ddF6LY=
=If2b
-END PGP SIGNATURE-



On (21/11/03 13:13), Jan Wagner wrote:
> On Friday 21 November 2003 12:38, Thomas Sjögren wrote:
> > Anyone to shed some light over this?
> >
> > "Someone has cracked all the servers of the Debian Project. There has
> > been a severe security mishap and guys should uninstall all stuff
> > downloaded and installed in the past 2 days. Please do not apt-get
> > anything right now! Please wait till an `official' release happens!"
> > http://article.gmane.org/gmane.linux.debian.user/117910
> >
> > Server security mishap - you think?!
> 
> http://luonnotar.infodrom.org/~joey/debian-announce.txt
> 
> Regards, Jan.
> 
> 
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 

-- 
Bueno, Felippe
<[EMAIL PROTECTED]>
http://www.hal.vu


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Debian servers "hacked"?

2003-11-21 Thread Bueno 

Sorry,
wrong copy/paste

http://cert.uni-stuttgart.de/files/fw/debian-security-20031121.txt
is the right

>>>> [Note: The original announcement didn't have a GnuPG
>>>> signature.]

On (21/11/03 14:15), Jan Wagner wrote:
> On Friday 21 November 2003 13:58, Bueno wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> > 
> > - 
> > The Debian Projecthttp://www.debian.org/
> > Some Debian Project machines compromised[EMAIL PROTECTED]
> > November 21st, 2003
> > - 
> > 
> > Some Debian Project machines have been compromised
> > 
> > This is a very unfortunate incident to report about.  Some Debian
> > servers were found to have been compromised in the last 24 hours.
> > 
> > The archive is not affected by this compromise!
> > 
> > In particular the following machines have been affected:
> > 
> >   . master (Bug Tracking System)
> > . murphy (mailing lists)
> >   . gluck (web, cvs)
> > . klecker (security, non-us, web search, www-master)
> > 
> > Some of these services are currently not available as the
> > machines
> > undergo close inspection.  Some services have been moved to
> > other
> > machines (www.debian.org for example).
> > 
> > The security archive will be verified from trusted sources
> > before it
> > will become available again.
> > 
> > Please note that we have recently prepared a new point release
> > for
> > Debian GNU/Linux 3.0 (woody), release 3.0r2.  While it has not
> > been
> > announced yet, it has been pushed to our mirrors already.  The
> > announcement was scheduled for this morning but had to be
> > postponed.
> > This update has now been checked and it is not affected by the
> > compromise.
> > 
> > We apologise for the disruptions of some services over the next
> > few
> > days.  We are working on restoring the services and verifying
> > the
> > content of our archives.
> > 
> > 
> > Contact Information
> > - ---
> > 
> > For further information, please visit the Debian web pages at
> > <http://www.debian.org/> or send mail to <[EMAIL PROTECTED]>.
> > -BEGIN PGP SIGNATURE-
> > Version: GnuPG v1.2.3 (GNU/Linux)
> > 
> > iD8DBQE/vfsJW5ql+IAeqTIRApjYAJ4v6QK07nyNNyBCvsosorej3cwMHACfZcLt
> > PwFJYJu8w1rU64Z82ddF6LY=
> > =If2b
> > -END PGP SIGNATURE-
> > 
> > 
> > 
> > On (21/11/03 13:13), Jan Wagner wrote:
> >
> > > On Friday 21 November 2003 12:38, Thomas Sjögren wrote:
> > >
> > > > Anyone to shed some light over this?
> > > >
> > > > "Someone has cracked all the servers of the Debian Project. There has
> > > > been a severe security mishap and guys should uninstall all stuff
> > > > downloaded and installed in the past 2 days. Please do not apt-get
> > > > anything right now! Please wait till an `official' release happens!"
> > > > http://article.gmane.org/gmane.linux.debian.user/117910
> > > >
> > > > Server security mishap - you think?!
> > >
> > > 
> > > http://luonnotar.infodrom.org/~joey/debian-announce.txt
> 
> Seems you didn´t read this.
> 
> Regard, Jan.

-- 
Bueno, Felippe
<[EMAIL PROTECTED]>
http://www.hal.vu

Re: Debian servers "hacked"?

2003-11-21 Thread Michael Stone 

On Fri, Nov 21, 2003 at 01:32:22PM +0100, Thomas Sjögren wrote:

Ok, so there's no manual auditing on services, processes, etc (on a daily
basis) while the servers are running?


Thank you for not starting wild unfounded rumors. If you don't have the
facts it is unproductive to speculate wildly, especially in a pejorative
fashion.

Mike Stone

Re: Debian servers "hacked"?

2003-11-21 Thread Thomas Sjögren 
On Fri, Nov 21, 2003 at 02:17:52PM +0200, Johann Spies wrote:
> On Fri, Nov 21, 2003 at 12:38:50PM +0100, Thomas Sjögren wrote:
> > Anyone to shed some light over this?
> 
> There has been an announcement on the Debian-announce-list a few
> minutes ago which clarifies the situation.  I have asked Martin to
> publish the the announcement in this list also.
> 

Yes, I know. The last 5 replies i've got was with the url to that
announcement. 
What i'm interested in was how it could happen.

/Thomas
-- 
== [EMAIL PROTECTED] | [EMAIL PROTECTED]
== Encrypted e-mails preferred | GPG KeyID: 114AA85C
--


signature.asc
Description: Digital signature

Re: Debian servers "hacked"?

2003-11-21 Thread Jan Wagner 
On Friday 21 November 2003 13:58, Bueno wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> - 
> The Debian Projecthttp://www.debian.org/
> Some Debian Project machines compromised[EMAIL PROTECTED]
> November 21st, 2003
> - 
> 
> Some Debian Project machines have been compromised
> 
> This is a very unfortunate incident to report about.  Some Debian
> servers were found to have been compromised in the last 24 hours.
> 
> The archive is not affected by this compromise!
> 
> In particular the following machines have been affected:
> 
>   . master (Bug Tracking System)
> . murphy (mailing lists)
>   . gluck (web, cvs)
> . klecker (security, non-us, web search, www-master)
> 
>   Some of these services are currently not available as the
>   machines
>   undergo close inspection.  Some services have been moved to
>   other
>   machines (www.debian.org for example).
> 
>   The security archive will be verified from trusted sources
>   before it
>   will become available again.
> 
>   Please note that we have recently prepared a new point release
>   for
>   Debian GNU/Linux 3.0 (woody), release 3.0r2.  While it has not
>   been
>   announced yet, it has been pushed to our mirrors already.  The
>   announcement was scheduled for this morning but had to be
>   postponed.
>   This update has now been checked and it is not affected by the
>   compromise.
> 
>   We apologise for the disruptions of some services over the next
>   few
>   days.  We are working on restoring the services and verifying
>   the
>   content of our archives.
> 
> 
>   Contact Information
>   - ---
> 
>   For further information, please visit the Debian web pages at
>    or send mail to <[EMAIL PROTECTED]>.
>   -BEGIN PGP SIGNATURE-
>   Version: GnuPG v1.2.3 (GNU/Linux)
> 
>   iD8DBQE/vfsJW5ql+IAeqTIRApjYAJ4v6QK07nyNNyBCvsosorej3cwMHACfZcLt
>   PwFJYJu8w1rU64Z82ddF6LY=
>   =If2b
>   -END PGP SIGNATURE-
> 
> 
> 
> On (21/11/03 13:13), Jan Wagner wrote:
>
> > On Friday 21 November 2003 12:38, Thomas Sjögren wrote:
> >
> > > Anyone to shed some light over this?
> > >
> > > "Someone has cracked all the servers of the Debian Project. There has
> > > been a severe security mishap and guys should uninstall all stuff
> > > downloaded and installed in the past 2 days. Please do not apt-get
> > > anything right now! Please wait till an `official' release happens!"
> > > http://article.gmane.org/gmane.linux.debian.user/117910
> > >
> > > Server security mishap - you think?!
> >
> > 
> > http://luonnotar.infodrom.org/~joey/debian-announce.txt

Seems you didn´t read this.

Regard, Jan.


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Debian servers "hacked"?

2003-11-21 Thread Bueno 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
The Debian Projecthttp://www.debian.org/
Some Debian Project machines compromised[EMAIL PROTECTED]
November 21st, 2003
- 

Some Debian Project machines have been compromised

This is a very unfortunate incident to report about.  Some Debian
servers were found to have been compromised in the last 24 hours.

The archive is not affected by this compromise!

In particular the following machines have been affected:

  . master (Bug Tracking System)
. murphy (mailing lists)
  . gluck (web, cvs)
. klecker (security, non-us, web search, www-master)

Some of these services are currently not available as the
machines
undergo close inspection.  Some services have been moved to
other
machines (www.debian.org for example).

The security archive will be verified from trusted sources
before it
will become available again.

Please note that we have recently prepared a new point release
for
Debian GNU/Linux 3.0 (woody), release 3.0r2.  While it has not
been
announced yet, it has been pushed to our mirrors already.  The
announcement was scheduled for this morning but had to be
postponed.
This update has now been checked and it is not affected by the
compromise.

We apologise for the disruptions of some services over the next
few
days.  We are working on restoring the services and verifying
the
content of our archives.


Contact Information
- ---

For further information, please visit the Debian web pages at
 or send mail to <[EMAIL PROTECTED]>.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/vfsJW5ql+IAeqTIRApjYAJ4v6QK07nyNNyBCvsosorej3cwMHACfZcLt
PwFJYJu8w1rU64Z82ddF6LY=
=If2b
-END PGP SIGNATURE-



On (21/11/03 13:13), Jan Wagner wrote:
> On Friday 21 November 2003 12:38, Thomas Sjögren wrote:
> > Anyone to shed some light over this?
> >
> > "Someone has cracked all the servers of the Debian Project. There has
> > been a severe security mishap and guys should uninstall all stuff
> > downloaded and installed in the past 2 days. Please do not apt-get
> > anything right now! Please wait till an `official' release happens!"
> > http://article.gmane.org/gmane.linux.debian.user/117910
> >
> > Server security mishap - you think?!
> 
> http://luonnotar.infodrom.org/~joey/debian-announce.txt
> 
> Regards, Jan.
> 
> 
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 

-- 
Bueno, Felippe
<[EMAIL PROTECTED]>
http://www.hal.vu

Re: Debian servers "hacked"?

2003-11-21 Thread Michel Messerschmidt 
On Fri, Nov 21, 2003 at 12:38:50PM +0100, Thomas Sjögren wrote:
> Anyone to shed some light over this?

Seems like there has been a message to debian-announce:
http://cert.uni-stuttgart.de/ticker/article.php?mid=1167

I'm just wondering why I didn't received it ?

-- 
Michel Messerschmidt   [EMAIL PROTECTED]
antiVirusTestCenter, Computer Science, University of Hamburg


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Debian servers "hacked"?

2003-11-21 Thread Michele Baldessari 
* Thomas Sjögren ([EMAIL PROTECTED]) wrote:
> "Someone has cracked all the servers of the Debian Project. There has
> been a severe security mishap and guys should uninstall all stuff
> downloaded and installed in the past 2 days. Please do not apt-get
> anything right now! Please wait till an `official' release happens!"
> http://article.gmane.org/gmane.linux.debian.user/117910
 
http://cert.uni-stuttgart.de/files/fw/debian-security-20031121.txt

hth,
Michele
--
Poetry, the best of it, is lunar and is concerned with the essential insanities.
Journalism is solar (there are numerous newspapers named The Sun, none 
called The Moon) and is devoted to the inessential.


signature.asc
Description: Digital signature

Re: Debian servers "hacked"?

2003-11-21 Thread Jan Wagner 
On Friday 21 November 2003 13:58, Bueno wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> - 
> The Debian Projecthttp://www.debian.org/
> Some Debian Project machines compromised[EMAIL PROTECTED]
> November 21st, 2003
> - 
> 
> Some Debian Project machines have been compromised
> 
> This is a very unfortunate incident to report about.  Some Debian
> servers were found to have been compromised in the last 24 hours.
> 
> The archive is not affected by this compromise!
> 
> In particular the following machines have been affected:
> 
>   . master (Bug Tracking System)
> . murphy (mailing lists)
>   . gluck (web, cvs)
> . klecker (security, non-us, web search, www-master)
> 
>   Some of these services are currently not available as the
>   machines
>   undergo close inspection.  Some services have been moved to
>   other
>   machines (www.debian.org for example).
> 
>   The security archive will be verified from trusted sources
>   before it
>   will become available again.
> 
>   Please note that we have recently prepared a new point release
>   for
>   Debian GNU/Linux 3.0 (woody), release 3.0r2.  While it has not
>   been
>   announced yet, it has been pushed to our mirrors already.  The
>   announcement was scheduled for this morning but had to be
>   postponed.
>   This update has now been checked and it is not affected by the
>   compromise.
> 
>   We apologise for the disruptions of some services over the next
>   few
>   days.  We are working on restoring the services and verifying
>   the
>   content of our archives.
> 
> 
>   Contact Information
>   - ---
> 
>   For further information, please visit the Debian web pages at
>    or send mail to <[EMAIL PROTECTED]>.
>   -BEGIN PGP SIGNATURE-
>   Version: GnuPG v1.2.3 (GNU/Linux)
> 
>   iD8DBQE/vfsJW5ql+IAeqTIRApjYAJ4v6QK07nyNNyBCvsosorej3cwMHACfZcLt
>   PwFJYJu8w1rU64Z82ddF6LY=
>   =If2b
>   -END PGP SIGNATURE-
> 
> 
> 
> On (21/11/03 13:13), Jan Wagner wrote:
>
> > On Friday 21 November 2003 12:38, Thomas Sjögren wrote:
> >
> > > Anyone to shed some light over this?
> > >
> > > "Someone has cracked all the servers of the Debian Project. There has
> > > been a severe security mishap and guys should uninstall all stuff
> > > downloaded and installed in the past 2 days. Please do not apt-get
> > > anything right now! Please wait till an `official' release happens!"
> > > http://article.gmane.org/gmane.linux.debian.user/117910
> > >
> > > Server security mishap - you think?!
> >
> > 
> > http://luonnotar.infodrom.org/~joey/debian-announce.txt

Seems you didn´t read this.

Regard, Jan.

Re: Debian servers "hacked"?

2003-11-21 Thread Stephen Frost 
* Thomas Sj?gren ([EMAIL PROTECTED]) wrote:
> Anyone to shed some light over this?
> 
> "Someone has cracked all the servers of the Debian Project. There has
> been a severe security mishap and guys should uninstall all stuff
> downloaded and installed in the past 2 days. Please do not apt-get
> anything right now! Please wait till an `official' release happens!"
> http://article.gmane.org/gmane.linux.debian.user/117910
> 
> Server security mishap - you think?!

The other security folk are probably busy but, basically, the real
announcement is here:

http://cert.uni-stuttgart.de/files/fw/debian-security-20031121.txt

And the person you're quoting from is a misinformed idiot.

Stephen


signature.asc
Description: Digital signature

Re: Debian servers "hacked"?

2003-11-21 Thread Jens Mayer 
* On Fri, Nov 21, 2003 at 12:38:50 +0100, Thomas Sjögren wrote:

> Anyone to shed some light over this?

> "Someone has cracked all the servers of the Debian Project. There has
> been a severe security mishap and guys should uninstall all stuff
> downloaded and installed in the past 2 days. Please do not apt-get
> anything right now! Please wait till an `official' release happens!"
> http://article.gmane.org/gmane.linux.debian.user/117910

> Server security mishap - you think?!

http://cert.uni-stuttgart.de/files/fw/debian-security-20031121.txt

Regards,
Jens

-- 
It is better to be bow-legged than no-legged.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Debian servers "hacked"?

2003-11-21 Thread Nils Ulltveit-Moe 

Det går ubekreftede rykter om at Debian serverene skal ha blitt
hacket:

Vi vet ingenting om omfanget av dette.

Mvh.
Nils

Thomas Sjögren writes:
 > Anyone to shed some light over this?
 > 
 > "Someone has cracked all the servers of the Debian Project. There has
 > been a severe security mishap and guys should uninstall all stuff
 > downloaded and installed in the past 2 days. Please do not apt-get
 > anything right now! Please wait till an `official' release happens!"
 > http://article.gmane.org/gmane.linux.debian.user/117910
 > 
 > Server security mishap - you think?!
 > 
 > /Thomas
 > -- 
 > == [EMAIL PROTECTED] | [EMAIL PROTECTED]
 > == Encrypted e-mails preferred | GPG KeyID: 114AA85C
 > --


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Debian servers "hacked"?

2003-11-21 Thread Johann Spies 
On Fri, Nov 21, 2003 at 12:38:50PM +0100, Thomas Sjögren wrote:
> Anyone to shed some light over this?

There has been an announcement on the Debian-announce-list a few
minutes ago which clarifies the situation.  I have asked Martin to
publish the the announcement in this list also.

Regards
Johann
-- 
Johann Spies  Telefoon: 021-808 4036
Informasietegnologie, Universiteit van Stellenbosch

 "A new commandment I give unto you; That ye love one 
  another. As I have loved you, so ye also must love one
  another.  By this shall all men know that ye are my 
  disciples, if ye have love one to another."
 John 13:34,35 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Debian servers "hacked"?

2003-11-21 Thread Jan Wagner 
On Friday 21 November 2003 13:32, Thomas Sjögren wrote:
> On Fri, Nov 21, 2003 at 01:27:09PM +0100, Jan Wagner wrote:
> > Thats ATM unknown. It seems, that nobody (except the bad boys) has access
> > to the boxes. But there are ppl on the way to catch local access. Thats
> > all I heared.
>
> Ok, so there's no manual auditing on services, processes, etc (on a daily
> basis) while the servers are running?

Dunno.

Regards, Jan.


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Debian servers "hacked"?

2003-11-21 Thread Tomasz Papszun 
On Fri, 21 Nov 2003 at 12:38:50 +0100, Thomas Sjögren wrote:
> Anyone to shed some light over this?
> 
> "Someone has cracked all the servers of the Debian Project. There has
> been a severe security mishap and guys should uninstall all stuff
> downloaded and installed in the past 2 days. Please do not apt-get
> anything right now! Please wait till an `official' release happens!"
> http://article.gmane.org/gmane.linux.debian.user/117910
> 
> Server security mishap - you think?!
> 

This is exaggerated.
I'm forwarding the official announcement from debian-announce mailing
list:

=

Date: Fri, 21 Nov 2003 11:46:19 +0100
From: Martin Schulze <[EMAIL PROTECTED]>
To: Debian Announcements <[EMAIL PROTECTED]>
Subject: Some Debian Project machines have been compromised
Message-ID: <[EMAIL PROTECTED]>


The Debian Projecthttp://www.debian.org/
Some Debian Project machines compromised[EMAIL PROTECTED]
November 21st, 2003


Some Debian Project machines have been compromised

This is a very unfortunate incident to report about.  Some Debian
servers were found to have been compromised in the last 24 hours.

The archive is not affected by this compromise!

In particular the following machines have been affected:

  . master (Bug Tracking System)
  . murphy (mailing lists)
  . gluck (web, cvs)
  . klecker (security, non-us, web search, www-master)

Some of these services are currently not available as the machines
undergo close inspection.  Some services have been moved to other
machines (www.debian.org for example).

The security archive will be verified from trusted sources before it
will become available again.

Please note that we have recently prepared a new point release for
Debian GNU/Linux 3.0 (woody), release 3.0r2.  While it has not been
announced yet, it has been pushed to our mirrors already.  The
announcement was scheduled for this morning but had to be postponed.
This update has now been checked and it is not affected by the
compromise.

We apologise for the disruptions of some services over the next few
days.  We are working on restoring the services and verifying the
content of our archives.


Contact Information
---

For further information, please visit the Debian web pages at
 or contact <[EMAIL PROTECTED]>.

-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

=


-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 [EMAIL PROTECTED]   http://www.lodz.tpsa.pl/   | ones and zeros.
 [EMAIL PROTECTED]   http://www.ClamAV.net/   A GPL virus scanner


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Debian servers "hacked"?

2003-11-21 Thread Thomas Sjögren 
On Fri, Nov 21, 2003 at 01:27:09PM +0100, Jan Wagner wrote:
> Thats ATM unknown. It seems, that nobody (except the bad boys) has access to 
> the boxes. But there are ppl on the way to catch local access. Thats all I 
> heared.

Ok, so there's no manual auditing on services, processes, etc (on a daily
basis) while the servers are running?

/Thomas
-- 
== [EMAIL PROTECTED] | [EMAIL PROTECTED]
== Encrypted e-mails preferred | GPG KeyID: 114AA85C
--


signature.asc
Description: Digital signature

Re: Debian servers "hacked"?

2003-11-21 Thread Norbert Tretkowski 
* Thomas Sjögren wrote:
[...]
> Server security mishap - you think?!

http://luonnotar.infodrom.org/~joey/debian-announce.txt

-- 
 - nobse


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Debian servers "hacked"?

2003-11-21 Thread Jan Wagner 
On Friday 21 November 2003 13:18, Thomas Sjögren wrote:
> On Fri, Nov 21, 2003 at 01:13:35PM +0100, Jan Wagner wrote:
> > http://luonnotar.infodrom.org/~joey/debian-announce.txt
>
> Read that a minute ago, but what happended?

Thats ATM unknown. It seems, that nobody (except the bad boys) has access to 
the boxes. But there are ppl on the way to catch local access. Thats all I 
heared.

Regards, Jan.


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Debian servers "hacked"?

2003-11-21 Thread Michel Messerschmidt 
On Fri, Nov 21, 2003 at 12:38:50PM +0100, Thomas Sjögren wrote:
> Anyone to shed some light over this?

Seems like there has been a message to debian-announce:
http://cert.uni-stuttgart.de/ticker/article.php?mid=1167

I'm just wondering why I didn't received it ?

-- 
Michel Messerschmidt   [EMAIL PROTECTED]
antiVirusTestCenter, Computer Science, University of Hamburg

Re: Debian servers "hacked"?

2003-11-21 Thread Michele Baldessari 
* Thomas Sjögren ([EMAIL PROTECTED]) wrote:
> "Someone has cracked all the servers of the Debian Project. There has
> been a severe security mishap and guys should uninstall all stuff
> downloaded and installed in the past 2 days. Please do not apt-get
> anything right now! Please wait till an `official' release happens!"
> http://article.gmane.org/gmane.linux.debian.user/117910
 
http://cert.uni-stuttgart.de/files/fw/debian-security-20031121.txt

hth,
Michele
--
Poetry, the best of it, is lunar and is concerned with the essential insanities.
Journalism is solar (there are numerous newspapers named The Sun, none 
called The Moon) and is devoted to the inessential.


signature.asc
Description: Digital signature

Re: Debian servers "hacked"?

2003-11-21 Thread Stephen Frost 
* Thomas Sj?gren ([EMAIL PROTECTED]) wrote:
> Anyone to shed some light over this?
> 
> "Someone has cracked all the servers of the Debian Project. There has
> been a severe security mishap and guys should uninstall all stuff
> downloaded and installed in the past 2 days. Please do not apt-get
> anything right now! Please wait till an `official' release happens!"
> http://article.gmane.org/gmane.linux.debian.user/117910
> 
> Server security mishap - you think?!

The other security folk are probably busy but, basically, the real
announcement is here:

http://cert.uni-stuttgart.de/files/fw/debian-security-20031121.txt

And the person you're quoting from is a misinformed idiot.

Stephen


signature.asc
Description: Digital signature

Re: Debian servers "hacked"?

2003-11-21 Thread Jens Mayer 
* On Fri, Nov 21, 2003 at 12:38:50 +0100, Thomas Sjögren wrote:

> Anyone to shed some light over this?

> "Someone has cracked all the servers of the Debian Project. There has
> been a severe security mishap and guys should uninstall all stuff
> downloaded and installed in the past 2 days. Please do not apt-get
> anything right now! Please wait till an `official' release happens!"
> http://article.gmane.org/gmane.linux.debian.user/117910

> Server security mishap - you think?!

http://cert.uni-stuttgart.de/files/fw/debian-security-20031121.txt

Regards,
Jens

-- 
It is better to be bow-legged than no-legged.

Debian servers "hacked"?

2003-11-21 Thread Nils Ulltveit-Moe 

Det går ubekreftede rykter om at Debian serverene skal ha blitt
hacket:

Vi vet ingenting om omfanget av dette.

Mvh.
Nils

Thomas Sjögren writes:
 > Anyone to shed some light over this?
 > 
 > "Someone has cracked all the servers of the Debian Project. There has
 > been a severe security mishap and guys should uninstall all stuff
 > downloaded and installed in the past 2 days. Please do not apt-get
 > anything right now! Please wait till an `official' release happens!"
 > http://article.gmane.org/gmane.linux.debian.user/117910
 > 
 > Server security mishap - you think?!
 > 
 > /Thomas
 > -- 
 > == [EMAIL PROTECTED] | [EMAIL PROTECTED]
 > == Encrypted e-mails preferred | GPG KeyID: 114AA85C
 > --

Re: Debian servers "hacked"?

2003-11-21 Thread Johann Spies 
On Fri, Nov 21, 2003 at 12:38:50PM +0100, Thomas Sjögren wrote:
> Anyone to shed some light over this?

There has been an announcement on the Debian-announce-list a few
minutes ago which clarifies the situation.  I have asked Martin to
publish the the announcement in this list also.

Regards
Johann
-- 
Johann Spies  Telefoon: 021-808 4036
Informasietegnologie, Universiteit van Stellenbosch

 "A new commandment I give unto you; That ye love one 
  another. As I have loved you, so ye also must love one
  another.  By this shall all men know that ye are my 
  disciples, if ye have love one to another."
 John 13:34,35

Re: Debian servers "hacked"?

2003-11-21 Thread Jan Wagner 
On Friday 21 November 2003 13:32, Thomas Sjögren wrote:
> On Fri, Nov 21, 2003 at 01:27:09PM +0100, Jan Wagner wrote:
> > Thats ATM unknown. It seems, that nobody (except the bad boys) has access
> > to the boxes. But there are ppl on the way to catch local access. Thats
> > all I heared.
>
> Ok, so there's no manual auditing on services, processes, etc (on a daily
> basis) while the servers are running?

Dunno.

Regards, Jan.

Re: Debian servers "hacked"?

2003-11-21 Thread Tomasz Papszun 
On Fri, 21 Nov 2003 at 12:38:50 +0100, Thomas Sjögren wrote:
> Anyone to shed some light over this?
> 
> "Someone has cracked all the servers of the Debian Project. There has
> been a severe security mishap and guys should uninstall all stuff
> downloaded and installed in the past 2 days. Please do not apt-get
> anything right now! Please wait till an `official' release happens!"
> http://article.gmane.org/gmane.linux.debian.user/117910
> 
> Server security mishap - you think?!
> 

This is exaggerated.
I'm forwarding the official announcement from debian-announce mailing
list:

=

Date: Fri, 21 Nov 2003 11:46:19 +0100
From: Martin Schulze <[EMAIL PROTECTED]>
To: Debian Announcements 
Subject: Some Debian Project machines have been compromised
Message-ID: <[EMAIL PROTECTED]>


The Debian Projecthttp://www.debian.org/
Some Debian Project machines compromised[EMAIL PROTECTED]
November 21st, 2003


Some Debian Project machines have been compromised

This is a very unfortunate incident to report about.  Some Debian
servers were found to have been compromised in the last 24 hours.

The archive is not affected by this compromise!

In particular the following machines have been affected:

  . master (Bug Tracking System)
  . murphy (mailing lists)
  . gluck (web, cvs)
  . klecker (security, non-us, web search, www-master)

Some of these services are currently not available as the machines
undergo close inspection.  Some services have been moved to other
machines (www.debian.org for example).

The security archive will be verified from trusted sources before it
will become available again.

Please note that we have recently prepared a new point release for
Debian GNU/Linux 3.0 (woody), release 3.0r2.  While it has not been
announced yet, it has been pushed to our mirrors already.  The
announcement was scheduled for this morning but had to be postponed.
This update has now been checked and it is not affected by the
compromise.

We apologise for the disruptions of some services over the next few
days.  We are working on restoring the services and verifying the
content of our archives.


Contact Information
---

For further information, please visit the Debian web pages at
 or contact <[EMAIL PROTECTED]>.

-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

=


-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 [EMAIL PROTECTED]   http://www.lodz.tpsa.pl/   | ones and zeros.
 [EMAIL PROTECTED]   http://www.ClamAV.net/   A GPL virus scanner

Re: Debian servers "hacked"?

2003-11-21 Thread Thomas Sjögren 
On Fri, Nov 21, 2003 at 01:27:09PM +0100, Jan Wagner wrote:
> Thats ATM unknown. It seems, that nobody (except the bad boys) has access to 
> the boxes. But there are ppl on the way to catch local access. Thats all I 
> heared.

Ok, so there's no manual auditing on services, processes, etc (on a daily
basis) while the servers are running?

/Thomas
-- 
== [EMAIL PROTECTED] | [EMAIL PROTECTED]
== Encrypted e-mails preferred | GPG KeyID: 114AA85C
--


signature.asc
Description: Digital signature

Re: Debian servers "hacked"?

2003-11-21 Thread Norbert Tretkowski 
* Thomas Sjögren wrote:
[...]
> Server security mishap - you think?!

http://luonnotar.infodrom.org/~joey/debian-announce.txt

-- 
 - nobse

Re: Debian servers "hacked"?

2003-11-21 Thread Jan Wagner 
On Friday 21 November 2003 13:18, Thomas Sjögren wrote:
> On Fri, Nov 21, 2003 at 01:13:35PM +0100, Jan Wagner wrote:
> > http://luonnotar.infodrom.org/~joey/debian-announce.txt
>
> Read that a minute ago, but what happended?

Thats ATM unknown. It seems, that nobody (except the bad boys) has access to 
the boxes. But there are ppl on the way to catch local access. Thats all I 
heared.

Regards, Jan.

Re: Debian servers "hacked"?

2003-11-21 Thread Thomas Sjögren 
On Fri, Nov 21, 2003 at 01:13:35PM +0100, Jan Wagner wrote:
> http://luonnotar.infodrom.org/~joey/debian-announce.txt

Read that a minute ago, but what happended?

/Thomas
-- 
== [EMAIL PROTECTED] | [EMAIL PROTECTED]
== Encrypted e-mails preferred | GPG KeyID: 114AA85C
--


signature.asc
Description: Digital signature

Re: Debian servers "hacked"?

2003-11-21 Thread Jan Wagner 
On Friday 21 November 2003 12:38, Thomas Sjögren wrote:
> Anyone to shed some light over this?
>
> "Someone has cracked all the servers of the Debian Project. There has
> been a severe security mishap and guys should uninstall all stuff
> downloaded and installed in the past 2 days. Please do not apt-get
> anything right now! Please wait till an `official' release happens!"
> http://article.gmane.org/gmane.linux.debian.user/117910
>
> Server security mishap - you think?!

http://luonnotar.infodrom.org/~joey/debian-announce.txt

Regards, Jan.

Re: Debian servers "hacked"?

2003-11-21 Thread Thomas Sjögren 
On Fri, Nov 21, 2003 at 01:13:35PM +0100, Jan Wagner wrote:
> http://luonnotar.infodrom.org/~joey/debian-announce.txt

Read that a minute ago, but what happended?

/Thomas
-- 
== [EMAIL PROTECTED] | [EMAIL PROTECTED]
== Encrypted e-mails preferred | GPG KeyID: 114AA85C
--


signature.asc
Description: Digital signature

Re: Debian servers "hacked"?

2003-11-21 Thread Jan Wagner 
On Friday 21 November 2003 12:38, Thomas Sjögren wrote:
> Anyone to shed some light over this?
>
> "Someone has cracked all the servers of the Debian Project. There has
> been a severe security mishap and guys should uninstall all stuff
> downloaded and installed in the past 2 days. Please do not apt-get
> anything right now! Please wait till an `official' release happens!"
> http://article.gmane.org/gmane.linux.debian.user/117910
>
> Server security mishap - you think?!

http://luonnotar.infodrom.org/~joey/debian-announce.txt

Regards, Jan.


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Debian servers "hacked"?

2003-11-21 Thread Thomas Sjögren 
Anyone to shed some light over this?

"Someone has cracked all the servers of the Debian Project. There has
been a severe security mishap and guys should uninstall all stuff
downloaded and installed in the past 2 days. Please do not apt-get
anything right now! Please wait till an `official' release happens!"
http://article.gmane.org/gmane.linux.debian.user/117910

Server security mishap - you think?!

/Thomas
-- 
== [EMAIL PROTECTED] | [EMAIL PROTECTED]
== Encrypted e-mails preferred | GPG KeyID: 114AA85C
--


signature.asc
Description: Digital signature

Debian servers "hacked"?

2003-11-21 Thread Thomas Sjögren 
Anyone to shed some light over this?

"Someone has cracked all the servers of the Debian Project. There has
been a severe security mishap and guys should uninstall all stuff
downloaded and installed in the past 2 days. Please do not apt-get
anything right now! Please wait till an `official' release happens!"
http://article.gmane.org/gmane.linux.debian.user/117910

Server security mishap - you think?!

/Thomas
-- 
== [EMAIL PROTECTED] | [EMAIL PROTECTED]
== Encrypted e-mails preferred | GPG KeyID: 114AA85C
--


signature.asc
Description: Digital signature