View previous topic :: View next topic |
Gentoo in zdnet |
good |
|
25% |
[ 19 ] |
bad |
|
22% |
[ 17 ] |
don't care |
|
52% |
[ 39 ] |
|
Total Votes : 75 |
|
Author |
Message |
1der Tux's lil' helper
Joined: 06 Aug 2003 Posts: 99
|
Posted: Thu Dec 04, 2003 3:53 pm Post subject: zdnet - Hacked Gentoo Linux server taken offline |
|
|
Well it only took a few hours for it to be in the press!
If you keep up with latest IT news, I'm sure you've seen this.
http://zdnet.com.com/2100-1105_2-5113227.html?tag=zdfd.newsfeed
What do you think ? Is this good or bad for gentoo?
(They say bad-publicity is also good publicity ) |
|
Back to top |
|
|
Sven Vermeulen Retired Dev
Joined: 29 Aug 2002 Posts: 1345 Location: Mechelen, Belgium
|
Posted: Thu Dec 04, 2003 4:02 pm Post subject: |
|
|
Bad publicity is bad publicity. I am however glad that the ZDNet article doesn't hold back the information that the server is not a Gentoo server, but a mirror. On the newsgroups and mailinglists where I see the "gentoo got owned" and related threads, people tend to forget that... |
|
Back to top |
|
|
earlNameless n00b
Joined: 01 Apr 2003 Posts: 47
|
Posted: Thu Dec 04, 2003 4:12 pm Post subject: |
|
|
I do agree with Sven, but not to the whole extend.
Overall it is bad publicity, but in that specific article, it is, in my opinion, neutral, just gets the name out there. And since some articles are like the above one, it is not all bad.
I just wish more people would pay more attention to the details, and not jump to conclusions. |
|
Back to top |
|
|
Ben2040 Guru
Joined: 07 May 2003 Posts: 445 Location: UK
|
Posted: Thu Dec 04, 2003 5:02 pm Post subject: |
|
|
Hi
I definately think this is good publicity, as it basically regurgitated the infomation given in the GLSA. Just out of interest, has anyone seen this story presented differently elsewhere?
Ben |
|
Back to top |
|
|
ewan.paton Veteran
Joined: 29 Jul 2003 Posts: 1219 Location: glasgow, scotland
|
Posted: Fri Dec 05, 2003 8:46 am Post subject: |
|
|
im of the opinion that these sort of attacks are actually good for linux, tell a windows user that there was a problem but it was fixed detected within an hour and at most 20 people were affected and they'd be amazed, this is not to condone the sinister intent to distribute possibly malicious code though _________________ Giay tay nam | Giay nam cao cap | Giay luoi |
|
Back to top |
|
|
Clete2 Guru
Joined: 09 Aug 2003 Posts: 530 Location: Bloomington, Illinois
|
Posted: Fri Dec 05, 2003 12:36 pm Post subject: |
|
|
Hopefully, people would be smart enough to know the recent 3 servers that were exploited (debian, zdnet, and the gentoo rsync server) were all because of a kernel exploit... |
|
Back to top |
|
|
1der Tux's lil' helper
Joined: 06 Aug 2003 Posts: 99
|
Posted: Fri Dec 05, 2003 12:52 pm Post subject: |
|
|
Clete2,
I don't think the zdnet servers were actually hacked.
The were just reporting that the gentoo server ( a mirror) was hacked and taken off-line. |
|
Back to top |
|
|
Koon Retired Dev
Joined: 10 Dec 2002 Posts: 518
|
Posted: Fri Dec 05, 2003 1:00 pm Post subject: |
|
|
Bad publicity.
Just read the title : "Hacked Gentoo Linux server taken offline". For people just reading the headline, it might mean : "Server running Gentoo Linux has been hacked" or "a Gentoo Inc. server has been hacked", but not "A server, including a mirror of Gentoo repositories, run by a sponsor using whatever Linux, has been hacked". So what you get is either that Gentoo is not secure or that Gentoo Inc. doesn't know about security, while it's not really the case.
Two thoughts :
Since the problem of relying on third-party (sponsors) servers cannot be solved, adding some kind of tree-signing to portage should be number one priority. I heard it already is, but everyone comes in with a different implementation for this. Someone should decide... even if it means changing later the tree signing system once it has been proved wrong.
FSF, Debian, Gentoo... Do you think only community-based efforts have been targeted by the do_brk() attacks, or everyone was targeted but only community projects admit being hacked ?
-K |
|
Back to top |
|
|
Clete2 Guru
Joined: 09 Aug 2003 Posts: 530 Location: Bloomington, Illinois
|
Posted: Fri Dec 05, 2003 2:54 pm Post subject: |
|
|
1der wrote: | Clete2,
I don't think the zdnet servers were actually hacked.
The were just reporting that the gentoo server ( a mirror) was hacked and taken off-line. |
Oh, sorry, that comes from not reading links provided... |
|
Back to top |
|
|
1der Tux's lil' helper
Joined: 06 Aug 2003 Posts: 99
|
Posted: Wed Dec 10, 2003 7:37 am Post subject: |
|
|
In related news....
We have one of our own, Corey Shields, talking to news.com about the security issues that have hit linux in the last couple of month.
http://news.com.com/2100-7344-5117271.html?tag=nefd_lede
Linus Torvalds and Jeremy Allison (samba project) have also spoken in this article. |
|
Back to top |
|
|
T_73 n00b
Joined: 12 Dec 2003 Posts: 2 Location: FDL WI USA
|
Posted: Sat Dec 13, 2003 1:54 pm Post subject: Hackers vs. Crackers |
|
|
It was bound to happen. Why does it seem that the most popular distros get picked on? Because of the popularity. Think about it. When Windows "was" the big dog, everyone and thier brother wanted to crack Windows, mostly because of the widespread use. Now that Linux has become a more viable solution to the e-business world, crackers every where are trying to catch up with changing times as well. Let us not forget though, the cult classic (imho) "Hackers" movie with Angelina Jolie movie, in where they hack a Gibson, running some form of UNIX. (Which distro is never really disclosed)
Is this bad Press? No. It's just Press. Is it good Press? No. It's just Press.
Gentoo Linux will continue to change and meet the demands of linux users every where. Why?
Because Gentoo Linux is made up of Users for Users by Users. I am sure that even in the Gentoo community there are at least a handful(if not more) of crackers.
Are they bad people? Probably not when you meet them. They just make bad decisions.
That's my 2 cents
T_73 _________________ To error is human. To error consistantly is Windows. |
|
Back to top |
|
|
Yen Tux's lil' helper
Joined: 19 Oct 2003 Posts: 107 Location: Lummen, Belgium
|
Posted: Sun Dec 14, 2003 7:01 pm Post subject: |
|
|
well, since that article is Gentoo my default OS... |
|
Back to top |
|
|
|