[ubuntu-uk] Ubuntu servers hacked?
alan c
aeclist at candt.waitrose.com
Wed Aug 15 20:59:25 BST 2007
Jim Kissel wrote:
>
> alan c wrote:
>> Ubuntu Servers Hacked
>> http://it.slashdot.org/article.pl?sid=07/08/15/1341224
>>
>>
>> If this is true it is pretty sad. It will take some time for
>> confidence to be regained. What a gift (or a result?) for the opposition!
>
> It was a case of self inflected injuries. Using FTP instead of sFTP or
> SCP. Not keeping their machines up to date.
>
> The only redeeming aspect is non of the machines that were compromised
> were repositories!
>
>>
>> I was recently trying to reduce my ignorance about security by asking
>> questions about security, and on the ubuntu forums I had asked a
>> couple of questions about security which were apparently so tiresome
>> that they were immediately sidelined into a dead thread!
>
> What questions?
Very similar to the questions I floated past yourself last week. How
to come to terms with sudo compromise, or avoid or harden against it.
Or in fact how to discover it has happened. Logically the questions
would have led to an assessment of risk of 'trusted' software -
repositories etc, although it was cut short as 'flogging a dead horse'
:-)
The comments and answers you kindly offered (thanks!) were excellent
in addressing various actions for an increasing level of assurance of
security, should one wish it.
I am attracted to the idea of at some time, posting on the same forum
an edited version of your comments as an answer to my satisfied needs
fro knowledge, because it seemed to me that a number of others similar
uncertainties.
The standard answers of 'use only trusted software' is a good initial
answer but even novices know life is not so simple, and knowledge of
further courses of action helps, to set a perspective.
--
alan cocks
Kubuntu user#10391
More information about the ubuntu-uk
mailing list