Update, posteded to debian-devel-announce:
http://lists.debian.org/debian-devel-announce/2003/debian-devel-announce-200311/msg00012.html
To: debian-devel-announce@lists.debian.org
Subject: more details on the recent compromise of debian.org machines
From: James Troup <james@nocrew.org>
Date: Fri, 28 Nov 2003 01:04:00 +0000
Message-id: <8765h5wbgf.fsf@shiri.gloaming.local>
Sender: James Troup <james@ruari-quinn.demon.co.uk>
<...>
What happened?
--------------
On Wednesday 19th November (2003), at approximately 5pm GMT, a
sniffed password was used to access an (unprivileged) account on
klecker.debian.org. Somehow they got root on klecker and installed
suckit. The same account was then used to log into master and gain
root (and install suckit) there too. They then tried to get to
murphy with the same account. This failed because murphy is a
restricted box that only a small subset of developers can log into.
They then used their root access on master to access to an
administrative account used for backup purposes and used that to
gain access to Murphy. They got root on murphy and installed Suckit
there too. The next day they used a password sniffed on master to
login into gluck, got root there and installed suckit.
<...>
...for those wanting more information.
Peace.
--
Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
Bush/Cheney '04: The last vote you'll ever have to cast.
Attachment:
pgpR2hAvDPaZW.pgp
Description: PGP signature