Ubuntu Servers Hacked 330
An anonymous reader noted that "Ubuntu had to shutdown 5 of 8 production servers that are sponsored by Canonical, when they started attacking other systems. Canonical blames the community, saying they were community hosted, and were poorly maintained. However, kernel upgrades couldn't be done because of poor backwards compatibility with the very hardware that Canonical had sponsored! While people point fingers at each other it is pretty clear that both sides are equally to blame, the community administrators for practicing bad security practices, such as using unencrypted FTP transfers with accounts, not properly maintaining the system. However Canonical should have been well aware of what they are hosting. The question remains, if any of the files distributed to users have been compromised. A major blow for Canonical though who are attempting to enter the business market with Ubuntu Server."
Gentoo also recently disclosed security breach (Score:5, Informative)
http://bugs.gentoo.org/show_bug.cgi?id=187971 [gentoo.org]
Not like Debian (Score:5, Informative)
Bruce
Some clarification (Score:5, Informative)
Re:Driver issue (Score:3, Informative)
It happens (Score:5, Informative)
My site - http://screencasts.ubuntu.com [ubuntu.com] was one of them that was affected, so I was of course concerned that there might be some data loss. I only use SCP to copy files up to the site, and logon with my ssh key, so don't think that all Ubuntu community members are using FTP, weak passwords and really old software, it only takes _one_ though to naff it up for everyone else.
The Canonical system admins (on top of the work they already do) migrated the services from those servers to their own DC very quickly. My site went down on Tuesday and was back by Friday. For free hosting and oodles of bandwidth, I'm happy with that downtime - for a community site.
Re:how ironic (Score:3, Informative)
If you had bothered to read the originating mail ( https://lists.ubuntu.com/archives/loco-contacts/20 07-August/001510.html [ubuntu.com] ), you would have seen that these servers were hacked through unpatched 3rd party web-applications running on these servers - namely:
Your argument is whiny and offtopic.
Re:Constructively (Score:2, Informative)
Ten years ago Linux was barely 1.0. The problem wasn't fixed as long ago as you pretend it was.
Most Windows problems tend to be about what the system will do by default, not what sort of ways you can screw yourself up if you really try hard and insist on ignoring decades of other people's mistakes.
The defaults have not been an issue since before that flawed kernel was released. Why do zealots insist on making themselves look stupid by not even being familar with that which they critisize?
Re:I would like to read a report (Score:3, Informative)
Your server was poorly administered.
Re:Hacked... (Score:2, Informative)
Comment removed (Score:4, Informative)