[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: more details on the recent compromise of debian.org machines

On Fri, Nov 28, 2003 at 01:04:00AM +0000, James Troup wrote:
> On Wednesday 19th November (2003), at approximately 5pm GMT, a sniffed
> password was used to access an (unprivileged) account on
> klecker.debian.org.

Can we have details on how that password was sniffed, or is this unknown?
How do you know (if you do) which unpriveledged account was used?

> Since we now knew we had compromised accounts and sniffers on our
> hands we had to assume that that an unknown number of accounts were
> now compromised, so all accounts were locked, passwords invalidated
> and ssh authorised keys removed.

In the final announcement I would add also a statement about reducing the
number of trust relations between the machines and perhaps limiting shell
access. I'm thinking for example of limiting the powrs of a backup account
to do backups. Just want to be helpful here, the world will read our
announcements very close. And if we do not comment on obvious problems they
may think we dont learn from that.

  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!

Reply to: