Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
zdnet - Hacked Gentoo Linux server taken offline
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Gentoo Chat
View previous topic :: View next topic  

Gentoo in zdnet
good
25%
 25%  [ 19 ]
bad
22%
 22%  [ 17 ]
don't care
52%
 52%  [ 39 ]
Total Votes : 75

Author Message
1der
Tux's lil' helper
Tux's lil' helper


Joined: 06 Aug 2003
Posts: 99

PostPosted: Thu Dec 04, 2003 3:53 pm    Post subject: zdnet - Hacked Gentoo Linux server taken offline Reply with quote

Well it only took a few hours for it to be in the press!

If you keep up with latest IT news, I'm sure you've seen this.

http://zdnet.com.com/2100-1105_2-5113227.html?tag=zdfd.newsfeed

What do you think ? Is this good or bad for gentoo?

(They say bad-publicity is also good publicity :wink: )
Back to top
View user's profile Send private message
Sven Vermeulen
Retired Dev
Retired Dev


Joined: 29 Aug 2002
Posts: 1345
Location: Mechelen, Belgium

PostPosted: Thu Dec 04, 2003 4:02 pm    Post subject: Reply with quote

Bad publicity is bad publicity. I am however glad that the ZDNet article doesn't hold back the information that the server is not a Gentoo server, but a mirror. On the newsgroups and mailinglists where I see the "gentoo got owned" and related threads, people tend to forget that...
Back to top
View user's profile Send private message
earlNameless
n00b
n00b


Joined: 01 Apr 2003
Posts: 47

PostPosted: Thu Dec 04, 2003 4:12 pm    Post subject: Reply with quote

I do agree with Sven, but not to the whole extend.

Overall it is bad publicity, but in that specific article, it is, in my opinion, neutral, just gets the name out there. And since some articles are like the above one, it is not all bad.

I just wish more people would pay more attention to the details, and not jump to conclusions.
Back to top
View user's profile Send private message
Ben2040
Guru
Guru


Joined: 07 May 2003
Posts: 445
Location: UK

PostPosted: Thu Dec 04, 2003 5:02 pm    Post subject: Reply with quote

Hi

I definately think this is good publicity, as it basically regurgitated the infomation given in the GLSA. Just out of interest, has anyone seen this story presented differently elsewhere?

Ben
Back to top
View user's profile Send private message
ewan.paton
Veteran
Veteran


Joined: 29 Jul 2003
Posts: 1219
Location: glasgow, scotland

PostPosted: Fri Dec 05, 2003 8:46 am    Post subject: Reply with quote

im of the opinion that these sort of attacks are actually good for linux, tell a windows user that there was a problem but it was fixed detected within an hour and at most 20 people were affected and they'd be amazed, this is not to condone the sinister intent to distribute possibly malicious code though
_________________
Giay tay nam | Giay nam cao cap | Giay luoi
Back to top
View user's profile Send private message
Clete2
Guru
Guru


Joined: 09 Aug 2003
Posts: 530
Location: Bloomington, Illinois

PostPosted: Fri Dec 05, 2003 12:36 pm    Post subject: Reply with quote

Hopefully, people would be smart enough to know the recent 3 servers that were exploited (debian, zdnet, and the gentoo rsync server) were all because of a kernel exploit...
Back to top
View user's profile Send private message
1der
Tux's lil' helper
Tux's lil' helper


Joined: 06 Aug 2003
Posts: 99

PostPosted: Fri Dec 05, 2003 12:52 pm    Post subject: Reply with quote

Clete2,

I don't think the zdnet servers were actually hacked.

The were just reporting that the gentoo server ( a mirror) was hacked and taken off-line.
Back to top
View user's profile Send private message
Koon
Retired Dev
Retired Dev


Joined: 10 Dec 2002
Posts: 518

PostPosted: Fri Dec 05, 2003 1:00 pm    Post subject: Reply with quote

Bad publicity.

Just read the title : "Hacked Gentoo Linux server taken offline". For people just reading the headline, it might mean : "Server running Gentoo Linux has been hacked" or "a Gentoo Inc. server has been hacked", but not "A server, including a mirror of Gentoo repositories, run by a sponsor using whatever Linux, has been hacked". So what you get is either that Gentoo is not secure or that Gentoo Inc. doesn't know about security, while it's not really the case.

Two thoughts :
Since the problem of relying on third-party (sponsors) servers cannot be solved, adding some kind of tree-signing to portage should be number one priority. I heard it already is, but everyone comes in with a different implementation for this. Someone should decide... even if it means changing later the tree signing system once it has been proved wrong.

FSF, Debian, Gentoo... Do you think only community-based efforts have been targeted by the do_brk() attacks, or everyone was targeted but only community projects admit being hacked ?

-K
Back to top
View user's profile Send private message
Clete2
Guru
Guru


Joined: 09 Aug 2003
Posts: 530
Location: Bloomington, Illinois

PostPosted: Fri Dec 05, 2003 2:54 pm    Post subject: Reply with quote

1der wrote:
Clete2,

I don't think the zdnet servers were actually hacked.

The were just reporting that the gentoo server ( a mirror) was hacked and taken off-line.


Oh, sorry, that comes from not reading links provided... :oops:
Back to top
View user's profile Send private message
1der
Tux's lil' helper
Tux's lil' helper


Joined: 06 Aug 2003
Posts: 99

PostPosted: Wed Dec 10, 2003 7:37 am    Post subject: Reply with quote

In related news....

We have one of our own, Corey Shields, talking to news.com about the security issues that have hit linux in the last couple of month.

http://news.com.com/2100-7344-5117271.html?tag=nefd_lede

Linus Torvalds and Jeremy Allison (samba project) have also spoken in this article.
Back to top
View user's profile Send private message
T_73
n00b
n00b


Joined: 12 Dec 2003
Posts: 2
Location: FDL WI USA

PostPosted: Sat Dec 13, 2003 1:54 pm    Post subject: Hackers vs. Crackers Reply with quote

It was bound to happen. Why does it seem that the most popular distros get picked on? Because of the popularity. Think about it. When Windows "was" the big dog, everyone and thier brother wanted to crack Windows, mostly because of the widespread use. Now that Linux has become a more viable solution to the e-business world, crackers every where are trying to catch up with changing times as well. Let us not forget though, the cult classic (imho) "Hackers" movie with Angelina Jolie movie, in where they hack a Gibson, running some form of UNIX. (Which distro is never really disclosed)

Is this bad Press? No. It's just Press. Is it good Press? No. It's just Press.

Gentoo Linux will continue to change and meet the demands of linux users every where. Why?
Because Gentoo Linux is made up of Users for Users by Users. I am sure that even in the Gentoo community there are at least a handful(if not more) of crackers.

Are they bad people? Probably not when you meet them. They just make bad decisions.

That's my 2 cents

T_73
_________________
To error is human. To error consistantly is Windows.
Back to top
View user's profile Send private message
Yen
Tux's lil' helper
Tux's lil' helper


Joined: 19 Oct 2003
Posts: 107
Location: Lummen, Belgium

PostPosted: Sun Dec 14, 2003 7:01 pm    Post subject: Reply with quote

well, since that article is Gentoo my default OS...
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Gentoo Chat All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum