[plug] [joey at infodrom.org: Some Debian Project machines have been compromised]

Chris Caston caston at arach.net.au
Fri Nov 21 21:19:02 WST 2003


No wonder it was down!
!?!?
So what all are boxes are owned now?

So why aren't the updates signed?

regards,

Chris

On Fri, 2003-11-21 at 20:31, Trent Lloyd wrote:
> ----- Forwarded message from Martin Schulze <joey at infodrom.org> -----
> 
> Delivered-To: trent at ucc.gu.uwa.edu.au
> Old-Return-Path: <joey at infodrom.org>
> Date: Fri, 21 Nov 2003 11:46:19 +0100
> From: Martin Schulze <joey at infodrom.org>
> To: Debian Announcements <debian-announce at lists.debian.org>
> Subject: Some Debian Project machines have been compromised
> User-Agent: Mutt/1.5.4i
> Resent-Message-ID: <M6ofX.A.GeE.nHfv_ at murphy>
> Resent-From: debian-announce at lists.debian.org
> X-Mailing-List: <debian-announce at lists.debian.org> archive/latest/81
> X-Loop: debian-announce at lists.debian.org
> List-Id: <debian-announce.lists.debian.org>
> List-Post: <mailto:debian-announce at lists.debian.org>
> List-Help: <mailto:debian-announce-request at lists.debian.org?subject=help>
> List-Subscribe: <mailto:debian-announce-request at lists.debian.org?subject=subscribe>
> List-Unsubscribe: <mailto:debian-announce-request at lists.debian.org?subject=unsubscribe>
> List-Archive: <http://lists.debian.org/debian-announce/>
> Precedence: list
> Resent-Sender: debian-announce-request at lists.debian.org
> Resent-Date: Fri, 21 Nov 2003 05:07:19 -0600 (CST)
> X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on 
> 	mooneye.ucc.gu.uwa.edu.au
> X-Spam-Level: 
> X-Spam-Status: No, hits=-4.9 required=5.0 tests=BAYES_00 autolearn=no 
> 	version=2.60
> 
> ------------------------------------------------------------------------
> The Debian Project                                http://www.debian.org/
> Some Debian Project machines compromised                press at debian.org
> November 21st, 2003
> ------------------------------------------------------------------------
> 
> Some Debian Project machines have been compromised
> 
> This is a very unfortunate incident to report about.  Some Debian
> servers were found to have been compromised in the last 24 hours.
> 
> The archive is not affected by this compromise!
> 
> In particular the following machines have been affected:
> 
>   . master (Bug Tracking System)
>   . murphy (mailing lists)
>   . gluck (web, cvs)
>   . klecker (security, non-us, web search, www-master)
> 
> Some of these services are currently not available as the machines
> undergo close inspection.  Some services have been moved to other
> machines (www.debian.org for example).
> 
> The security archive will be verified from trusted sources before it
> will become available again.
> 
> Please note that we have recently prepared a new point release for
> Debian GNU/Linux 3.0 (woody), release 3.0r2.  While it has not been
> announced yet, it has been pushed to our mirrors already.  The
> announcement was scheduled for this morning but had to be postponed.
> This update has now been checked and it is not affected by the
> compromise.
> 
> We apologise for the disruptions of some services over the next few
> days.  We are working on restoring the services and verifying the
> content of our archives.
> 
> 
> Contact Information
> -------------------
> 
> For further information, please visit the Debian web pages at
> <http://www.debian.org/> or contact <press at debian.org>.
> 

_______________________________________________
plug mailing list
plug at plug.linux.org.au
http://mail.plug.linux.org.au/cgi-bin/mailman/listinfo/plug


More information about the plug mailing list