[LACNIC/Seguridad] FreeBSD.org intrusion announced November 17th 2012

Fernando Gont fgont en si6networks.com
Vie Nov 23 07:01:42 BRST 2012


Fuente: <http://www.freebsd.org/news/2012-compromise.html>

Security Incident on FreeBSD Infrastructure
From: FreeBSD Security Officer <security-officer en FreeBSD.org>
To: FreeBSD Security <FreeBSD-security en FreeBSD.org>
Bcc: freebsd-announce en freebsd.org,
freebsd-security-notifications en FreeBSD.org
Reply-To: secteam en FreeBSD.org
Subject: Security Incident on FreeBSD Infrastructure

On Sunday 11th of November, an intrusion was detected on two machines
within the FreeBSD.org cluster. The affected machines were taken offline
for analysis. Additionally, a large portion of the remaining
infrastructure machines were also taken offline as a precaution.

We have found no evidence of any modifications that would put any end
user at risk. However, we do urge all users to read the report available
at http://www.freebsd.org/news/2012-compromise.html and decide on any
required actions themselves. We will continue to update that page as
further information becomes known. We do not currently believe users
have been affected given current forensic analysis, but we will provide
updated information if this changes.

As a result of this event, a number of operational security changes are
being made at the FreeBSD Project, in order to further improve our
resilience to potential attacks. We plan, therefore, to more rapidly
deprecate a number of legacy services, such as cvsup distribution of
FreeBSD source, in favour of our more robust Subversion, freebsd-update,
and portsnap models.

More information is available at

Saturday November 17th, 2012

Fernando Gont
SI6 Networks
e-mail: fgont en si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

Más información sobre la lista de distribución Seguridad