compromise of gluck.debian.org, lock down of other debian.org machines
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
Early this morning we discovered that someone had managed to
compromise gluck.debian.org. We've taken the machine offline and are
preparing to reinstall it. This means the following debian.org
services are currently offline:
cvs, ddtp, lintian, people, popcon, planet, ports, release
Based on the results of our initial investigation we've locked down
most other debian.org machines, limiting access to DSA only, until
they can be fixed for what we suspect is the exploit used to
compromise gluck.
We're still investigating exactly what happened and the extent of the
damage. We'll post more info as soon as we reasonably can.
- --
James
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/>
iQIVAwUBRLU1oNfD8TGrKpH1AQJxXw//SYz8qfJzavCtdq9uLidAXVZcfT8PW0PA
d1166XENr3TryTC10ZY5dAWjc1Q7gy1YLMPBgDnjj6LlvD7EMOnathddX5dUuU9x
UHOcBBka5BDguZCL/oV4zSNKaq9Ses9dP7n/Cw/kQdqMBKhtcAI0lpYlHt4JijmJ
eU+lgMq6/3EgGV8XF5rX1kzl65K4o8slb8ygpc7KlXoKfYxKNp0Tmd/lDOQbsiDx
EXHNcN5DWUPsfEKSF65LczH6Y9GFGkcYhO4FJQLOhCXExClYW8WSbVXoXnAnvuuW
nLMuhG/pDRJVBdzTaRFRjXUvsmDoUAzf/c6suToqMUhp1cVMBOcEuubqgfeZcn2E
6Z9nT/1L6iHk1G1Dfrqj1IgeU2lA9dZCESsuoGp9qkwiDf3XW4IbAtVija3vHQwn
LOqSk9AGJZnumAMewjUvzwrfoEtcTOZGgz6OtN6OkQXrKh0BNIjH/Jndy4CkZHgG
OPn6upPt4IpmyEYK6dZY+o3+ZvB/2aOLOV+6VVN98O0bPfLEQmOhEvrrNh+6vP22
evK2noa6iMmq7B0ZTkShdBjxKs7dGoLBk/yidk043M+8P+U4JmOTJSPylL7k3OQ+
Va2YHQ48AqPhTQAOffPW7mD1ZWpj4bEmvqJI1tDADmMN+9oIG94Cb6qhDMU/3t3u
+mMB9lsIJBs=
=0D08
-----END PGP SIGNATURE-----
Reply to: