Re: can you answer these questions?

To: Richard Cook <richard_cook@xtra.co.nz>
Cc: debian-project@lists.debian.org
Subject: Re: can you answer these questions?
From: Andrew Pollock <apollock@debian.org>
Date: Mon, 3 May 2004 14:43:26 +1000
Message-id: <[🔎] 20040503044326.GB18023@daedalus.andrew.net.au>
In-reply-to: <[🔎] 6.0.1.1.2.20040503132010.01b233e0@pop3.xtra.co.nz>
References: <[🔎] 6.0.1.1.2.20040503132010.01b233e0@pop3.xtra.co.nz>

On Mon, May 03, 2004 at 01:27:11PM +1200, Richard Cook wrote:
> Hi there,

Hi Richard,

> I am interested in installing debian again after not using it for a while 
> because I had problems with trying to use it.  I read on your news pages 
> about the break-in and this is a small concern to me as this could 
> potentially be used by anyone that wants to access the system and since my 
> knowledge of linux/debian is not that great I would like to know some 
> things that I can do in order to close off any ports etc to prevent this 
> happening.

A stock Debian installation is relatively minimalistic, and as such, in my
opinion, should be relatively secure, as long as you've applied all
outstanding security updates that address applicable Debian Security
Advisories.

> Can you provide any help in regards to this and trying to understand 
> how/what methods this person(s) used is not all that clear to me appart 
> from he used a pw sniffer but how did they sniff the pwds to begin with - 
> that is why I would appreciate any info in regards to what I can lock down 
> to prevent something like this happening or if there is monitoring software 
> that I can install that will at least inform me of something like this 
> happening.

I'm working from memory, (and I believe this is all on the public record)
but my understanding of what happened was that a Debian developer's personal
machine was compromised, and a password sniffer was used on it to gain
his/her Debian account password, and the from there they gained
non-privileged access to Debian machines. The cracker then used an
undiscovered local root exploit to gain root access to the machines he/she
gained access to, and then proceeded to compromise another couple of
machines.

I think you'll find a more official account of what happened linked from
somewhere like the News section of the Debian website.

Hope this helps clarify things for you and put your mind at rest, and I
hope you find your present Debian experience more satisfactory than
previously.

regards

Andrew

(Speaking for myself)

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- can you answer these questions?
  - From: Richard Cook <richard_cook@xtra.co.nz>

Prev by Date: can you answer these questions?
Next by Date: Ethernet Card Install Problems
Previous by thread: can you answer these questions?
Next by thread: Ethernet Card Install Problems
Index(es):
- Date
- Thread