Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Intrusion Cleanup Forces Delay For GNOME 2.6

timothy posted more than 10 years ago | from the checked-for-stupidity-and-found-malice dept.

GNOME 170

An anonymous reader writes "Looks like the GNOME site (both web and FTP) is back up and running again (from a replacement system). The restoration work is still going on, and dynamic content does not work yet. Bugzilla should be up by tomorrow (it is already in testing mode). More details are available in this announcement. Kudos to the GNOME sysadmin team for such a rapid recovery." However, blurzero writes "GNOME 2.6 was scheduled to be released sometime today, however after evidence of possible intrusion on the web server, the release has been delayed by one week, until March 31st." Update: 03/24 14:08 GMT by T : An anonymous reader points to this story on the delay at ZD Net Australia.

cancel ×

170 comments

I claim this FP on behalf of the UK (-1, Troll)

James A. M. Joyce (764379) | more than 10 years ago | (#8655394)

and the GNAA and Red Hat. By rolloffle, bare gets pwnt.

Goodbye all! *hugz* (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8655791)

What a wonderful and memory-filled experience my time here has been! As I look out at each and every one of you, I marvel at the process by which coworkers became colleagues, colleagues became acquaintances, acquaintances became PLEASE STOP I BEG OF YOU SPTHTLSHURHGLKGHLGHGHGH YOU ARE REALLY SLOSHING AND SPLOSHING MY HEAD IN THE CRAPPER HERE

Half-Life 2, anyone? (0, Funny)

Anonymous Coward | more than 10 years ago | (#8655406)

Perhaps I am the only person getting an odd sense of deja vu...

Must've been a real bugger (4, Interesting)

James A. M. Joyce (764379) | more than 10 years ago | (#8655412)

Intrustion cleanup is a real bastard to carry out with any degree of success. There's really no way to prove that there isn't just one more subtle little backdoor hiding in the system, in your repository or in your /home area. This is a case where an ounce of prevention is better than a pound of cure. It's too late, here, unfortunately, so they should probably have rolled back to a backup on another set of boxes. (Just my two cents.) How well would TripWire have worked in this kind of situation? Or is that ineffective against an all-out rooting?

Re:Must've been a real bugger (2, Insightful)

tobechar (678914) | more than 10 years ago | (#8655488)

I am personally disappointed in having to wait another week, however I completely respect the Gnome team on their tireless efforts. :)

I definatly agree with the idea of rolling back to a backed up copy of their site, but perhaps they do not know how long someone was able to access their systems?

Gnome team, take all the time you need. :)

Re:Must've been a real bugger (0, Redundant)

deathazre (761949) | more than 10 years ago | (#8655507)

Looks like the GNOME site (both web and FTP) is back up and running again (from a replacement system)

Re:Must've been a real bugger (3, Interesting)

Anonymous Coward | more than 10 years ago | (#8655510)

They have TireWire and it didn't work.
TripeWire never works.
I've seen TW failing and being exploited in several installations.
Since the release of wirecutter TripWire has become fucking useless.

Re:Must've been a real bugger (1, Redundant)

grub (11606) | more than 10 years ago | (#8655573)


Intrustion cleanup is a real bastard to carry out with any degree of success.

Reinstallation is the only tried and true method. Cleaning up to the point where you're satisfied will usually take a lot longer and will leave nagging doubt.

Re:Must've been a real bugger (2, Insightful)

ArsonSmith (13997) | more than 10 years ago | (#8656189)

Of course even a reinstall still leaves the original hole open that the attacker used in the first place.

Re:Must've been a real bugger (0)

Anonymous Coward | more than 10 years ago | (#8656212)


Update from a known good source. That was implied, sorry.

Re:Must've been a real bugger (5, Insightful)

Penguinisto (415985) | more than 10 years ago | (#8655589)

It takes some work, but there is one way to insure a completely clean system: Re-installation of the OS from media, or a backup from a time known before the break-in.

Either way, you only have to check the backup server data itself against (externally backed-up) MD5 checksums, and ask developers to re-commit any changes made during the suspect time.

Now try and do that to a mail server, and the fecal matter hits the air-handler. But, with data that is relatively static by comparison, it takes work, but isn't too much of a trial.

$0.98 in change, please :)

Re:Must've been a real bugger (1, Insightful)

Anonymous Coward | more than 10 years ago | (#8655813)


The caveat with that scenario is that you have to a) know exactly how the break-in occured in order to b) know that you can fix the system from the pre-break in state to remove the vulnrability before bringing the system back online.

Just re-imaging the server and putting it back online will result in the server being comprimised again.

Mod parent up, plz... (1)

Penguinisto (415985) | more than 10 years ago | (#8655893)

(re: knowing when the break-in occurred)This is true, but you can guess fairly well if going to backup (just look for the same things in the backup that alerted you to the compromise in the first place.)

You are absolutely right that the admin has to apply any missing patches and modifications to the system that may not have been in place on the compromised server. My thanks for bringing that up

(although, in some cases, no patch will save you... esp. if it was an inside job, or someone got hold of the passwords. but that's the bitch about security - the paranoia never stops digging deeper :) )

Re:Mod parent up, plz... (1)

maximilln (654768) | more than 10 years ago | (#8656273)

-----
but that's the bitch about security - the paranoia never stops digging deeper :)
-----
I started out college in '93 as a comp. eng. major. I switched to chemistry because I wanted to keep computers as a hobby and not pollute them with the need to make money. While I sadly watched the Amiga die and the world move to Microsoft I accepted it as a result of giving up computers as an academic pursuit. I never learned C, I never built any *nix/*bsd OS for my home PC, I wistfully used NeXT in the school labs.

In 1998, my Win95 was backdoored through an IRC exploit. I noticed that things were wrong but couldn't fix them. I had no Win95 install CD. The McAfee Vscan provided by the school couldn't finish a scan without crashing. Apps began crashing. My audio card would work and then not work and then work and then not work. The hard drive never quit grinding away. Bad blocks began to show up two or three at a time, then fifteen or twenty, and then I'd be on the road to get a new hard drive. Then my own Win98SE cd. Then a new motherboard. The new motherboard shipped with theral sensors and BIOS thermal monitoring. I haven't seen the thermal monitoring screen in the BIOS since the first Windows BsoD and I've tried nearly every BIOS rev. FIC provides for the PA-2013.

I'd finally had enough. I resolved to give up on Microsoft sometime in late '99 and dove into Linux. My first install was Debian 2.2. There was an rpc.statd remote root vuln. in Debian 2.2. The box was rooted within 2 weeks of being up and online.

I now have two systems. Both of them run Win98SE cleanly. Both of them run Debian Sid cleanly. Both of them run a modified LFS cvs from early this year cleanly.

The security paranoia may never quit digging deeper but once you hit the bottom you know where you stand.

Re:Must've been a real bugger (2, Insightful)

ArsonSmith (13997) | more than 10 years ago | (#8656145)

Re-installation of the OS from media

What if the OS has a vulnribility and the attacker can get back in without issues?

a backup from a time known before the break-in

What if the attacker had installed the back door months before hand? You may not have a valid backup.

Re:Must've been a real bugger (1)

WindBourne (631190) | more than 10 years ago | (#8656281)

That only prevents problems on this machine. The real problem is going to be coders using other less secure machine or insecure protocols (such as telnet or ftp to access Windows boxes which are now loaded with key stroke loggers).

Re:Must've been a real bugger (2, Informative)

Storm (2856) | more than 10 years ago | (#8655891)

Intrustion cleanup is a real bastard to carry out with any degree of success. There's really no way to prove that there isn't just one more subtle little backdoor hiding in the system, in your repository or in your /home area.

Basically, what you generally do is to rebuild from scratch, then carefully check and restore your repository.

How well would TripWire have worked in this kind of situation? Or is that ineffective against an all-out rooting?

This is why the authors of the host-based IDS recommend that you keep your database on media that is read-only or kept off of the machine. At that point, it becomes an administrative problem.

  • How do you write the updated database to read-only media on a remote box?
  • When on a shared box that is not your own, especially with a development box, what changes are valid?
  • Who/how many admins do you need or use for the boxes?

You could use something like Samhain [la-samhna.de] , which automates a lot of the detection of changes, and supports a management console.

Remember, if it were easy, anybody could do it. Microsoft has tried this approach to system administration, and look how successful its been. :)

Re:Must've been a real bugger (1)

JamesHenstridge (14875) | more than 10 years ago | (#8656038)

widget.gnome.org (the machine that was cracked) has been reinstalled. That's part of the reason why things aren't all up again yet.

Re:Must've been a real bugger (1)

maximilln (654768) | more than 10 years ago | (#8656064)

Cleaning up after a root compromise is about the most time-consuming and psychologically demanding thing that one can do. Let's face it: the guy who's a wizard at writing GUI apis isn't necessarily going to be a security hacker. The biggest issue to deal with when rebuilding a system after a root compromise is the paranoia. 99% of even diligent *nix/*bsd users skip the paranoia step and reinstall using the closest available media. The paranoid among us, however, consider much more than "how do I get the system back to a usable state".

How long has the system been compromised? What was the initial compromise vector? What additional compromise vectors have been added? Has critical boot binaries been infected? Has boot sector code been modified? When was the last time _KNOWN GOOD_ media was made? Is it possible that bootable CDs were created which contain compromised code or boot sector viruses? Is it possible that the compromised system has been compromised long enough that the BIOS has been compromised? Did any other intruders make use of the door left open by the initial intruder? Were any of the subsequent intruders knowledgeable enough to know the architecture of the compromised machine to a level which might allow them to introduce low-level code to connect priveleged areas of kernel memory to a back door similar to NetBus or Sub7?

It's not the teenage script-kiddie cracker that is the real concern. The concern is that a teenage script-kiddie opens a hole in the system and then a real Ada ace finds the hole and really makes the system his own. The real Ada ace is the guy who never talks about what he's cracked, anywhere. He never talks about that tunnel through the chipset.

But... *yawn* exploits are never exploitable until after Microsoft has published them.

Correlation? (-1, Offtopic)

Mdalek (702460) | more than 10 years ago | (#8655413)

Hmm slightly convienient, just like the Valve - HL2 delays.

Re:Correlation? (2, Informative)

BRSloth (578824) | more than 10 years ago | (#8655445)

Actually, if you check the GNOME-Announces list, you will see that every package was already updated to work with GNOME 2.6. They just want to double check everything.

Re:Correlation? (1)

Negatyfus (602326) | more than 10 years ago | (#8655452)

Yeah, sure, they're gonna make up an elaborate story to delay their release one week. Like it'd not be much easier to just tell the world how they're be a little late with this release.

I mean, let's face it. That would just completely destroy their reputation, contrary to word that their servers have been hacked.

Re:Correlation? (1)

Dreadlord (671979) | more than 10 years ago | (#8655540)

Hmm slightly convienient, just like the Valve - HL2 delays.

You mean, they'll delay GNOME 2.6 before March 31th to Summer, and before Summer they delay it again and so on?

No please! I want my GNOME!

Re:Correlation? (0)

Anonymous Coward | more than 10 years ago | (#8655996)

You know, you are absolutely right! After all, they gotta make them deadlines or make up stupid excuses so that they can keep people interested and make them buy their product... oh, err, never mind!

Seriously: this part of what I like about OSS - no forced deadlines that are driven by profit concerns. If it takes an extra wreek to make sure it's right, so what?

It's just a hoax (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8655426)

This is just a hoax. Internally in their IRC channels they said that they can't release in time and thus needed to find a believable excuse for this and thus created this 'Intrusion' thing. You people got seriously shitten.

There is and was no intrusion.

Re:It's just a hoax (2, Interesting)

marcello_dl (667940) | more than 10 years ago | (#8655490)

Your hypothesis would be conceivable for a closed source project where bosses get pissed off when the product is not delivered on schedule, I don't think that Gnome developers have this kind of pressure.

Also, this attack reminds me of the one to the Debian servers, because it occurred just before a Woody release. Let's wait and see what the Gnome team has to say about it.

Re:It's just a hoax (1)

smitty_one_each (243267) | more than 10 years ago | (#8655781)

I don't believe it true in this particular case, but we really require a term for the general case of attempting to use strange/illegal incidents for advertising.
I submit "Paris Hilton Device" as a candidate.

Re:It's just a hoax (1)

hitmark (640295) | more than 10 years ago | (#8656185)

as in someone is trying to at the very last moment before release to sneak some backdoor or trojan into the code? it would be a bit strange to find a part of gnome listening on a high port for traffic. most of that code does not need to work as a server...

Dammit... (3, Funny)

thames (558443) | more than 10 years ago | (#8655428)

now I have to go to two geek parties in one week

Confidence ? (0)

Anonymous Coward | more than 10 years ago | (#8655435)

Why is the MD5SUM for gtk-devel-2.0.1a.tar.gz broken ?

Re:Confidence ? (3, Insightful)

prisoner-of-enigma (535770) | more than 10 years ago | (#8656077)

How do you know the MD5 wasn't made after the intruder got in? It wouldn't be very valuable then, would it?

The point is, after a breakin you must determine when the breakin occured, because everything after that is suspect. The problem is it can sometimes be very difficult -- or impossible -- to determine when the breakin happened. Then you're really, really screwed.

Boy, that was a close call (4, Funny)

El Cubano (631386) | more than 10 years ago | (#8655449)

"GNOME 2.6 was scheduled to be released sometime today, however after evidence of possible intrusion on the web server, the release has been delayed by one week, until March 31st."

That could have been disasterous had they been forced to delay until April 1. Imagine all the jokes that would have ensued.

Re:Boy, that was a close call (0)

nadolph (661727) | more than 10 years ago | (#8655822)

There is nothing like a good old fasioned /. april fools joke.

Good times...

Re:Boy, that was a close call (1)

ShecoDu (447850) | more than 10 years ago | (#8656174)

I wouldn't doubt they cancel the march 31st release date and make a joke on april 1st saying the proyect can't recover and it'll shut down... then they'll release it on march 2nd or something.

Awwww man! (4, Informative)

chendo (678767) | more than 10 years ago | (#8655463)

Now we have to wait one WHOLE week?

Maybe the KDE team did this to slow Gnome down... :)

By the way, I've tried CVS metacity with FD.O's Xserver..... funky stuff. Translucency when you move windows! Although it chews a fair bit of CPU (when moving the window itself, that is, as just holding the window still doesn't chew CPU), it should be fixed when we finally get HW acceleration. I was able to get MPlayer to play a video in the background, hover a window over it and watch it through it. ub3r cool stuff.

Re:Awwww man! (2, Interesting)

bbuchs (551229) | more than 10 years ago | (#8655552)

Do you have any notes or tips you could post on the process? I'd like to give it a shot, but haven't had much luck as of yet.

Well, there is one difference I appreciate... (4, Insightful)

Penguinisto (415985) | more than 10 years ago | (#8655466)

With GNOME and most other F/OSS projects, at least you get honest, up-front answers and timely announcements of intrusion attempts and such.

If only MSFT (and more importantly, proprietary software companies that aren't so much in the spotlight) were as forthcoming about break-ins.

Re:Well, there is one difference I appreciate... (-1, Flamebait)

Hypocritical Guy (674824) | more than 10 years ago | (#8655560)

What does Microsoft have to do with this? You fucking dumb jackass.

Re:Well, there is one difference I appreciate... (4, Interesting)

Penguinisto (415985) | more than 10 years ago | (#8655668)

" What does Microsoft have to do with this? You fucking dumb jackass."

Well kiddo, it's not just MSFT truth be known (hence my mention of "more importantly, other proprietary companies..." )

Most proprietary companies are too worried about "customer confidence" to actually be honest with their customers. Back when a group of russians had 3 months' unlimited access to Windows' source code, it took outright proof in public before MSFT would admit to such a thing. ...and that's just MSFT; I wonder how many times Adobe's servers have been compromised? It would be nice to know that P-shop and Acrobat (or worse, the free reader?) wasn't quietly trojaned-up and sleeping on my 'dows boxen.

Now, what about the break-ins we don't know about? How were they handled? How can a proprietary software company, let alone its customers, be sure that there aren't any nasty suprises hidden in their products?

...and therein lies the crux of my argument - open-source companies are specific, honest, and, well, eopn about what goes on security-wise.

It's damned refreshing to be a customer who is treated like an adult, and not lied to, or kept in the dark about the products I use.

Does this answer your question?

Re:Well, there is one difference I appreciate... (1)

13Echo (209846) | more than 10 years ago | (#8656045)

For those that aren't familiar with the Microsoft security break-ins...

http://news.bbc.co.uk/1/hi/business/998449.stm

I'd imagine that it is possible that other people have gotten in as well. To my knowledge, this is the only one that was made public.

Re:Well, there is one difference I appreciate... (1)

dave420 (699308) | more than 10 years ago | (#8656292)

"open-source companies are specific, honest, and, well, eopn about what goes on security-wise."

err... didn't SCO dabble in open source, if my memory serves me correct? :-P

Don't look at the source! (1, Funny)

Anonymous Coward | more than 10 years ago | (#8655788)

If you look at the compromised source to GNOME, you may not be able to contribute to uh, well, hmm,

nevermind.

I suppose (3, Interesting)

AnonymousCowheart (646429) | more than 10 years ago | (#8655470)

I suppose this will get modded as a flame bit, but a lot of people were cheering when Bill Gate's credit card number got stolen [slashdot.org] just wondering how those people felt now? I know there was no "real" damage in that case, and in this case the server was offline, but still something to consider. Maybe these people were also "trying to help" by showing a server insecurity.

Re:I suppose (0, Flamebait)

tomstdenis (446163) | more than 10 years ago | (#8655628)

How about I try to help by breaking down your door and snooping through your house?

Asshat.

The real problem I have here is that GNOME is a free OSS organization. It's like stealing from charity!!!

Ack. Insightful? (2, Insightful)

adamofgreyskull (640712) | more than 10 years ago | (#8655629)

Something bad happens to someone we like. Bummer.
Something bad happens to someone we don't like. Haw Haw.

Why do people make such a big fucking deal out of double standards? Should I feel equally angry toward someone who kills a stranger as I would if they'd killed a relative? No.

Re:Ack. Insightful? (0)

Anonymous Coward | more than 10 years ago | (#8655686)

You speak a pragmatic truth: emotional_work = force / distance.
force in that equation is immutable, though, and not justified by a low emotional_work result.

Re:Ack. Insightful? (2, Insightful)

dasmegabyte (267018) | more than 10 years ago | (#8656375)

Well, it depends. Do you purport to be a moral and logical person? Do you believe in the protection of personal freedoms?

If so, then even if you don't KNOW or LIKE the victim, you should still support punishment of the criminal. Otherwise, you're encouraging elitism. Or do you want to live in a world where crimes against the unpopular are cheered and go unpunished?

I lived in a similar world called "Middle School," and I wouldn't want to go back.

Re:Ack. Insightful? (1)

maximilln (654768) | more than 10 years ago | (#8656559)

-----
Or do you want to live in a world where crimes against the unpopular are cheered and go unpunished?
-----
News Flash! Today's top headlines!

American Society Verified to Function as a Communist Pyramid Scheme
-----
Using complex statistical models, mathematicians at MIT, RIT, RHIT, and Harvey Mudd have confirmed that the flow of money and power in the United States seems to follow the exact same patterns as a systems (commonly known as "pyramid schemes") in former communist USSR.

"We're seeing a lot of favoritism and elitism. People with less intellectual capability and lower levels of honesty are routineley being allowed to use and abuse people with more intellectual capability and higher standards simply through the exercising of influence and power realized through purely social connections. If the victims ever realize the manipulation they're in then they are faced with a losing battle trying to recruit help to combat the corporate leech attached to their neck. We're also seeing many students from wealthy backgrounds, properly shielded from the pressures of everyday life, cruising easily through PhD programs and into high-profile positions while students of equal or even greater intellectual capability coming from less priveleged backgrounds are forced to take their Bachelor's degree and get into the working world."

Pointless Comparison (1)

panthro (552708) | more than 10 years ago | (#8655678)

Bill Gates' credit card number was just one out of thousands of numbers taken from several servers. There is nothing to compare here. You're just trying to stir up shit with Linux zealots by creating an apparent double standard where none exists (or at least if it does, you're giving a terrible example).

Side note: the vast majority of people who claim to be "trying to help", regardless of what security measure they have circumvented, are actually just messing around for kicks and would rather be seen as a friend than an enemy when the shit hits the fan. This "white hat" and "black hat" nonsense was concocted by corporate computer security consultants, who of course know nothing about computer security and need to do something to justify their salaries. Most of the general public and especially corporate executives are paranoid and have a hard time believing that hackers aren't after their precious profits.

Re:Pointless Comparison (0)

Anonymous Coward | more than 10 years ago | (#8655910)

You're just trying to stir up shit with Linux zealots...

Naw, it's a Microsoftie looking for a raise!

Dude - (1)

Penguinisto (415985) | more than 10 years ago | (#8655745)

...not to cheer on another man's misfortune or anything, but having the CC# of a guy who has more disposable income than the GDP of most countries?

"...yes, General? I'd like to buy that slightly used supersonic fighter you have idling in your hangar, please. Payment? No problem, dude; you take Amex, right?"

OTOH, you're right to a point, though wouldn't "trying to help" involve some sort of notice to the victim?

Ya know... (2, Insightful)

oldosadmin (759103) | more than 10 years ago | (#8655473)

It makes you nervous about the big megacorps -- when their website is compromised -- do they even know... or care? I've never seen M$ shut down for a day because of a website compromise, although it must have happened several times.

Re:Ya know... (1)

110010001000 (697113) | more than 10 years ago | (#8655498)

a) Quit it with the "M$" stuff. It is simply infantile.

b) Most professional commercial operations have redundant systems and don't go down when their single Althon gets hacked.

Re:Ya know... (0)

Anonymous Coward | more than 10 years ago | (#8655604)

As if the processor type affects whether or not the system get hacks. Fucking Troll.

Re:Ya know... (2)

HeghmoH (13204) | more than 10 years ago | (#8655557)

A megacorp that will be losing enormous amounts of money for every minute of web site downtime will not be running their site on a single server. They most likely have a physically distributed cluster which can't all be compromised in the same attack, and hot swaps ready to go in case they all somehow get compromised as well. They don't have to take their site down because of an attack, whereas a comparatively small nonprofit effort has no choice.

MOD PARENT DOWN (2, Insightful)

Anonymous Coward | more than 10 years ago | (#8655812)

No post with "M$" in the body contains anything of value.

Re:Ya know... (1)

JBMcB (73720) | more than 10 years ago | (#8655874)

I don't think M$'s website goes down much cause their administrators are probably MSCE certified, and those guys know *everything*.

I bet they have tripwire rigged up to a cluster server so when an intrusion is detected, it downs the affected server and brings another, fresh one online. They probably even auto-ghost the affected machine and bring it back online when reset. It's the Gatling Gun method of system security.

That MCSE line was a joke, right? (0)

Anonymous Coward | more than 10 years ago | (#8656114)

That MCSE line was a joke, right? Please! PLEASE tall me you were joking. I have 8 years of experiance, and have seen MCSE certs that couldnt install a floppy, install windows, adn had no idea what TCP/IP was used for.

Re:Ya know... (1)

dave420 (699308) | more than 10 years ago | (#8656315)

You do know it's possible to move a web server instantaneously, don't you? You can even switch locations instantly (across town/country/continent/world). Server break-ins and uptime are only a problem if you don't have the resources and equipment in place to facilitate a speedy transition to a redundant system.

Re:Ya know... (1)

maximilln (654768) | more than 10 years ago | (#8656376)

-----
Server break-ins and uptime are only a problem if you don't have the resources and equipment in place to facilitate a speedy transition to a redundant system
-----
A speedy and redundant transition of your web-server only proves one thing: it's just as speedy and redundant for the intruder to be on nearly every box on the network.

Maybe you have three rack systems for webspace and the intruder is only caught on that one PC that belongs to the secretary down the hall. What assurance do you have that that secretaries' PC wasn't running a brute force password cracker on your servers for the last nine months? Of course the rack system logs don't look suspicious. All of the logins are perfectly valid. If the intruder really knows what he's doing then it's not tough to have a script filter and regenerate the .log files.

Who's responsible (0, Interesting)

Anonymous Coward | more than 10 years ago | (#8655512)

If we ever find the jerks who keep breaking into free software servers, I hope they get full legislative punishment. Namely pound-in-the-ass prison. Stupid kiddiez.

Re:Who's responsible (0)

Anonymous Coward | more than 10 years ago | (#8655554)

Great, now some geek is going to write his sexual-abuse-in-prison-is-no-laughing-matter rant. He does it every time.

Re:Who's responsible (0)

Anonymous Coward | more than 10 years ago | (#8655646)

It's not! It's really painful, since you can't easily get KY jelly.

Running IIS? (2, Funny)

Peter_Pork (627313) | more than 10 years ago | (#8655544)

A rumor is circulating that Gnome was using an unpatched IIS... I wish they would run Linux, it is much more secure, believe me.

mod parent +1 Funny (0, Offtopic)

Dreadlord (671979) | more than 10 years ago | (#8655601)

hehe, before that someone mods you +1 Informative, gnome.org runs Linux/Apache. [netcraft.com]

Nice one though :)

Could it be?? (2, Insightful)

goldspider (445116) | more than 10 years ago | (#8655861)

Could it be that having competant, diligent system admistrators is more important than using the "right" server platform?

Re:Could it be?? (1)

arcanumas (646807) | more than 10 years ago | (#8656112)

Could it be that having competant, diligent system admistrators is more important than using the "right" server platform?

It could be, but only because you trust the competant administrators to choose the right platform.

Unless you believe that an administrator who is competent can make a patch against a binary IIS, when no official solution exists. (If he could , then he is an uber-hacker. Not an administrator)

Re:Running IIS? (0)

Anonymous Coward | more than 10 years ago | (#8655850)

Yes, because every time a system is broken into, it's the fault of Microsoft or IIS.

I run 8 differnet websites off a single Windows 2000 Server box using IIS. They each serve several gigabyes of traffic a day, and the box is on a public internet. Please tell me what I'm doing wrong, because I've never been broken into.

Fucking jackass.

Re:Running IIS? (1)

hendridm (302246) | more than 10 years ago | (#8656205)

> Please tell me what I'm doing wrong, because I've never been broken into.

What's your IP? ;)

Hopefully.. (0)

Anonymous Coward | more than 10 years ago | (#8655549)


...they're running the new system on OpenBSD [openbsd.org]

Re:Hopefully.. (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8655667)

Stupid BSD snobs. Always promoting their dying OS at ever opportunity. I won't be surprised if BSD kiddiez are behind this attack, just to prove how "superior" their insignificant little OS is.

Dumb Cracker? (4, Insightful)

gscott (187733) | more than 10 years ago | (#8655600)

According to Waugh, the GNOME Web servers that are hosted by Red Hat were compromised by "a dumb cracker who probably didn't realise what they got into".

Seems like he was smart enough to hack their system.

Re:Dumb Cracker? (3, Interesting)

stevey (64018) | more than 10 years ago | (#8655662)

It would be interesting to learn how the compromise had occurred.

I'm guessing that all the important services would have been up to date (ssh/rsync/apache/etc) - so that leaves a password/ssh keycompromise, or some scripting flaw..

I hope we find out once the cleanup has been completed.

Re:Dumb Cracker? (2, Funny)

Sgt_Jake (659140) | more than 10 years ago | (#8655759)

"a dumb cracker who probably didn't realise what they got into"


They meant a white guy from Alabama - he was looking for 'gnome-porn'. ?!

Re:Dumb Cracker? (1)

trick-knee (645386) | more than 10 years ago | (#8656274)

> They meant a white guy from Alabama

heh. I missed that connotation.

but this means they know who it was!

Re:Dumb Cracker? (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8655875)

Obviously, this "dumb cracker" remark means that GNOME developers are nothing but cold-hearted racists, and their desktop environment should be avoided at all costs.

This is unfortunate, because the other option, KDE, is unfortunately run by a Kommunist regime from straight from the heart of the former Soviet Union.

As a result, the only viable solution is Enlightenment [enlightenment.org] .

Re:Dumb Cracker? (0, Redundant)

goldspider (445116) | more than 10 years ago | (#8655889)

If what Waugh says is true, it speaks volumes of the competantce of Red Hat's webserver admins.

Re:Dumb Cracker? (3, Informative)

Fluffy the Cat (29157) | more than 10 years ago | (#8656010)

The machine in question isn't run by Red Hat admins.

Re:Dumb Cracker? (2, Informative)

JamesHenstridge (14875) | more than 10 years ago | (#8656130)

What Jeff meant is that the cracker didn't seem to be targetting Gnome specifically. They'd have just as likely broken into any other vulnerable box.

Re:Dumb Cracker? (2, Funny)

FU_Fish (140910) | more than 10 years ago | (#8656286)

According to Waugh, the GNOME Web servers that are hosted by Red Hat were compromised by "a dumb cracker who probably didn't realise what they got into".

Seems like he was smart enough to hack their system.

So the dumb cracker was really a smart cookie?

Kudos to the GNOME sysadmin team for getting owned (0, Insightful)

Anonymous Coward | more than 10 years ago | (#8655622)

Kudos to the GNOME sysadmin team for getting owned

Re:Kudos to the GNOME sysadmin team for getting ow (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8655713)

-1 flamebait? i think giving the sysadmin team of a recently fucked server "kudos" for anything is flamebait

Re:Kudos to the GNOME sysadmin team for getting ow (0)

Anonymous Coward | more than 10 years ago | (#8656460)

careful now, you`ll have to make another "LOL I AM TEH FUNNY BUT I NEVER GOT LAID" karmawhore post if you keep using up your wanky little "mod points"

Intrusion Method Same Of Gnu.org Intrusion? (3, Interesting)

Goo.cc (687626) | more than 10 years ago | (#8655644)

From what I have read, intrusion details have not been released yet but I wonder if the Gnome server was compromised the same way the gnu.org server was last year. If so, that would be disappointing.

Still, I am happy to see that this will not push the next version of Gnome back very much. It is really starting to look nice to me and I am a Mac OS X user.

Re:Intrusion Method Same Of Gnu.org Intrusion? (1)

lazy_arabica (750133) | more than 10 years ago | (#8655751)

I wonder if the Gnome server was compromised the same way the gnu.org server was last year. If so, that would be disappointing.


GNU website attack used a kernel local security flaw in do_brk() which allowed a normal user to get root privileges. This flaw was quickly fixed, and I think it is more than unlikely that the Gnome project website is still running an unpatched kernel.

Gnome being closely related to the GNU project, I wonder if there could be a relation between the two attacks ?

GNome = Valve (0)

Anonymous Coward | more than 10 years ago | (#8655694)

Maybe they did the same thing that Valve did and released a press release about the "intrusion" in order to push back release dates since they were falling back?

On the other hand. (2)

Rhesus Piece (764852) | more than 10 years ago | (#8655714)

As much as not being able to run Gnome 2.6 today makes me want to sit on my bed and weep, I am really grateful that the Gnome team is more concerned with releasing a secure product than with releasing when they said they would. This is one of those advantages of non-commerical software that we always cheer about in action. Rock on.

Re:On the other hand. (1)

dave420 (699308) | more than 10 years ago | (#8656345)

Do you remember the Half Life 2 source code leak? They pushed back their release for exactly the same reasons, and they're closed source.

Just because an open source company does something "nice" doesn't mean to say they did it because they're open source. It means absolutely nothing.

Deja Vu (5, Funny)

Anonymous Coward | more than 10 years ago | (#8655740)

This event immediately brought thoughts of Half-Life 2 to mind.

I bet in a week the source code for GNOME 2.6 will be all over the Internet, free for anyone to take, read, and use!

Goes to show, Open Source != always secure (1, Insightful)

Anonymous Coward | more than 10 years ago | (#8655747)

With all these break-ins on open source servers, it should finally let people see that just having open source software on a server does not make it more secure. The apache.org site was hacked because of an insecure default install of a web application and MySQL. Even the docs said not to leave it that way. If 1 in 100,000 people make such mistakes, popularity created more places to get in.

Gnome website hosted on IIS server? (1, Funny)

goldspider (445116) | more than 10 years ago | (#8655820)

"GNOME 2.6 was scheduled to be released sometime today, however after evidence of possible intrusion on the web server, the release has been delayed by one week, until March 31st."

Something's not right here. Does this mean that the Gnome website is hosted on an IIS webserver? I mean, we all know that only IIS servers are insecure.

Or could it be that system security depends more on diligent admins than software?

Re:Gnome website hosted on IIS server? (1)

soulhuntre (52742) | more than 10 years ago | (#8655992)

Or could it be that system security depends more on diligent admins than software?

Can't be. We all know that anyone who runs Linux has perfect security!

What's funny is the lame self delusion - if there were 5 Linux compromises a week to one IIS they woudl simply claim that the IIS ones are unreported :)

Re:Gnome website hosted on IIS server? (1)

hitmark (640295) | more than 10 years ago | (#8656137)

we may never know if they are right or not as the very act of investigating will break the investigation:)

no os or server package is 100% airtight, but some have more default leaks then others...

Linux on the desktop? Fair question, on topic. (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8655825)

Everyone is always complaining about vulnerable windows boxes connected to cable/dsl/whatever connections. Yet, you all seem to think the solution is Linux on the desktop that is connected to this. When groups like Gnome or (Debian?) -- certainly not the amateurs who would be installing linux on their desktop -- are compromised, how do you think the replacement of windows with Linux will be any more secure?

Note to self: Add to Favorite, in the... (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8655860)

KDE vs. Gnome folder.

Mod away, Flamebait -Sqrt[-1] modders.

who benefits? (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8655978)

--crime solving always (mostly) revolves around motive/opportunity/profit. Now the usual suspects have all been named in this discussion already, but how about .. governments?

Governments:

motive -> track record of wanting access to every bit of data they can find

opportunity -> plenty of leet hax0rs on the payroll, already doing similar tasks

profit -> trojaned systems, better ability to snoop/compromise/control, keyword control, subset = son of promis (something like that)

zogger

Intrusion? I thought linux was secure! (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#8656177)

How come we dont see 500 threads on a /. story where a linux server gets compromised?

Thanks to mainstream media oversimplifications... (0)

thepeete (189121) | more than 10 years ago | (#8656243)

This will all come out as

Gnome webserver security breach + gnome open source => open source insecure...

Another FUD is born

Oh no! (1, Redundant)

Throtex (708974) | more than 10 years ago | (#8656252)

They've hacked in and gotten the source code! For free!
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...