Ubuntu in the news: Suspected Weekend Hacker Attack on Ubuntu

James Troup james.troup at canonical.com
Sun Jul 23 23:21:38 BST 2006

Christian Jensen <cj2003 at debian-news.net> writes:

> http://supermikenews.blogspot.com/2006/07/suspected-weekend-hacker-attack-on.html
> "At first I noticed yesterday (July 22, 2006) that I couldn't properly
> download updates on my Ubuntu because us.archive.ubuntu.com was not
> going where it should and instead was going to Argonne National
> Laboratory when I did a whois check."

us.archive.ubuntu.com is going where it's meant to be[1].  Argonne
National Laboratory are kind enough to be the current US Ubuntu
archive mirror.

> If the hackers somehow manage to get Ubuntu to download updates from
> another, non-conspicuous place, and then somehow hack this other
> place, they could push updates to Ubuntu and these users would
> innocently install them.

This isn't correct: the Ubuntu archive is cryptographically signed.
Compromising a mirror (or even archive.ubuntu.com itself) wouldn't
allow an attacker to push out updates as they wouldn't be able to sign
them with the Ubuntu archive key and as a result the package
management software on your system would refuse to install them.

> Then, this Sunday morning (July 23, 2006), the hackers seemed to
> have knocked out traffic to ubuntu.com and ubuntuforums.org for some
> unknown reason.

I'm afraid the cause of the outage is far more mundane - the data
centre that the Canonical servers are hosted in (including
*.ubuntu.com and ubuntuforums.org) suffered a catastrophic power
failure and as a result we were offline from approximately 12:00 UTC
to 19:30 UTC.

Apologies for any inconvenience and concern that may have been caused.


[1] We have a system of $country-code.archive.ubuntu.com mirrors,
    where $country-code is a two letter country code.  

    Your locale on install determines your default mirror, so if you
    install in French, you will point at fr.archive.ubuntu.com by
    default.  In American, us.archive.ubuntu.com etc.

    If we have a fast, relibable mirror available in or near to any
    given country, we point $country-code.archive.ubuntu.com at that
    mirror.  If not, they fallback on the normal archive.ubuntu.com

More information about the sounder mailing list