I suspect a bunch of people are going to jump into this thread, but to get in early, some stories:
- a Red Hat 5 box left to rot (this was some time ago now!), became a host for warez and ended up comprising something like half of its very substantial network's total traffic. - a sendmail install which was either set up as an open relay or compromised and turned into one, noticed almost immediately because of massive network usage - an up-to-date machine run by a competant hobbyist sysadmin of a skill level comprable to many people posting here, turned out to be an compromise through a WordPress install that wasn't up to date, took a while to track down apparently, it was participating in DDoS attacks And of course, in November 2003, debian.org itself was the victim of an attack by, I think, a still unknown vector: http://www.debian.org/News/2003/20031121 but that might not meet your criteria of having been used for a nefarious purpose as opposed to 'just' having been broken into. The (few) security consultants I know seem to have universally had their personal machines compromised at some point, this seems to partly be a result of being more likely to notice, and partly due to attending security conferences, where the networks are extremely hostile. I suspect attacks through web apps like WordPress are pretty common causes of comprise of machines run by essentially knowledgable people at the moment, because there doesn't seem yet to be a good set of best practices for packaging and updating them (upstream tends to aims their instructions at people who might not even have shell access, let alone root access, and there's the whole plugin universe too). -Mary -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
