After Kernel.org, FreeBSD.org faces a Security Breach
By on November 18th, 2012

The FreeBSD.org cluster saw a security breach on two of its machines on Sunday. Following the breach, FreeBSD.org was taken offline, and although most of it is back online now, some deprecated projects are being removed. The FreeBSD project has not been able to confirm the existence of trojans, but users are advised to be vigilant about the possibility.

Freebsd-logo

The breach was made possible by a leaked SSH key, which affected a few clusters. This is not a result of a hack, but a classic example of people being the weakest point in security. FreeBSD has stepped up in its efforts to mitigate this risk, and a part of its response reads,

As a result of this event, a number of operational security changes are being made at the FreeBSD Project, in order to improve our resilience to potential attacks. We plan, therefore, to rapidly deprecate a number of legacy services, such as cvsup distribution of FreeBSD source, in favor of our more robust Subversion, FreeBSD-update, and portsnap models.

Although the rogue developer had no access to the FreeBSD base systems, he did have access enough to compromise the third party packages. FreeBSD.org is conducting security audits and will come out with news of possible breaches if any. The full compromise report and safety precautions are available at this page.

Tags:
Author: Chinmoy Kanjilal Google Profile for Chinmoy Kanjilal
Chinmoy Kanjilal is a FOSS enthusiast and evangelist. He is passionate about Android. Security exploits turn him on and he loves to tinker with computer networks. He rants occasionally at Techarraz.com. You can connect with him on Twitter @ckandroid.

Chinmoy Kanjilal has written and can be contacted at chinmoy@techie-buzz.com.
 
Copyright 2006-2012 Techie Buzz. All Rights Reserved. Our content may not be reproduced on other websites. Content Delivery by MaxCDN