[GLLUG] Debian Server hacked
Adrian McMenamin
adrian at newgolddream.dyndns.info
Fri Jul 14 08:41:04 UTC 2006
On Thu, July 13, 2006 8:14 pm, Chris Bell wrote:
> On Thu 13 Jul, .myke lyons wrote:
http://lists.gllug.org.uk/mailman/listinfo/gllug
>>
>> I'm not so sure they are relying on a single server but rather
>> checking their code base and binaries across all services.
>>
>> I would say that they can no longer trust anything connected or on
>> that computer until they have done a full forensics and hash
>> conformation.
>>
>> .myke
>
> Probably nothing to do with it, but my apt-proxy machine started
> rejecting the security updates files for the current stable "Sarge" a few
> days ago. It just refused to pick up the list.
>
Given that we've not been inundated with reports of a spreading contagion,
the suspicion must be that the breach was down to some sort of human
security error/misconfiguration. Either that or the cracker concerned is
constructing some massive global attack.
Or is this a poor set of assumptions? Interested to know what the likely
pattern is - do crackers move immediately from poof-of-concept to attack,
or do they try something else?
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list