Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Thread Tools Display Modes
  #1   (View Single Post)  
Old 17th November 2012
graudeejs's Avatar
graudeejs graudeejs is offline
Real Name: Aldis Berjoza
ISO Quartermaster
Join Date: Jul 2008
Location: Riga, Latvia
Posts: 588
Exclamation FreeBSD.org intrusion announced November 17th 2012

Security Incident on FreeBSD Infrastructure

From: FreeBSD Security Officer <security-officer@FreeBSD.org>
To: FreeBSD Security <FreeBSD-security@FreeBSD.org>
Bcc: freebsd-announce@freebsd.org, freebsd-security-notifications@FreeBSD.org
Reply-To: secteam@FreeBSD.org
Subject: Security Incident on FreeBSD Infrastructure
On Sunday 11th of November, an intrusion was detected on two machines within the FreeBSD.org cluster. The affected machines were taken offline for analysis. Additionally, a large portion of the remaining infrastructure machines were also taken offline as a precaution.
We have found no evidence of any modifications that would put any end user at risk. However, we do urge all users to read the report available at http://www.freebsd.org/news/2012-compromise.html and decide on any required actions themselves. We will continue to update that page as further information becomes known. We do not currently believe users have been affected given current forensic analysis, but we will provide updated information if this changes.
As a result of this event, a number of operational security changes are being made at the FreeBSD Project, in order to further improve our resilience to potential attacks. We plan, therefore, to more rapidly deprecate a number of legacy services, such as cvsup distribution of FreeBSD source, in favour of our more robust Subversion, freebsd-update, and portsnap models.
More information is available at http://www.freebsd.org/news/2012-compromise.html
Saturday November 17th, 2012

Last edited by graudeejs; 17th November 2012 at 11:20 AM.
Reply With Quote
  #2   (View Single Post)  
Old 17th November 2012
vermaden's Avatar
vermaden vermaden is offline
Join Date: Apr 2008
Location: pl_PL.lodz
Posts: 1,053

From that report:
Originally Posted by http://freebsd.org/news/2012-compromise.html
The compromise is believed to have occurred due to the leak of an SSH key from a developer who legitimately had access to the machines in question, and was not due to any vulnerability or code exploit within FreeBSD.
religions, worst damnation of mankind
"If 386BSD had been available when I started on Linux, Linux would probably never had happened." Linus Torvalds

Linux is not UNIX! Face it! It is not an insult. It is fact: GNU is a recursive acronym for “GNU's Not UNIX”.
vermaden's: links resources deviantart spreadbsd
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
FreeBSD FreeBSD Foundation Newsletter, July 31, 2012 J65nko News 0 2nd August 2012 03:29 PM
FreeBSD FreeBSD Quarterly Status Report January-March, 2012 J65nko News 0 14th May 2012 04:06 AM
Intrusion detector Snort now has improved HTTP inspection J65nko News 0 27th April 2010 11:29 PM
Official FreeBSD Forums announced tuck FreeBSD General 36 5th December 2008 04:16 PM

All times are GMT. The time now is 04:35 AM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick