Update on compromised Debian machines

From: Wichert Akkerman (wichert@wiggy.net)
Date: Fri Nov 21 2003 - 17:47:31 CET

After a long day and night we are getting a reasonable overview of
what happened to the various Debian servers and what we need to do
to get everything up and running again. This mail has an overview
of the current status and what will happen in the next few days.

Lets start with the current status: four machines (gluck, klecker, master
and murphy) are known to be compromised. All services on those machines
have been shut down or moved to different machines so we can take
the necessary time to determine what happened and restore the machines.
Shell access to quantz (which hosts alioth, arch and svn.debian.org) has
also been shut down for the moment as a preventive measure.

All accounts have been locked as a safety precaution. If you have or had
access to a Debian machine and were using the same password on other
machines you are strongly advised to change it as soon as possible.
When the cleanup is done all passwords will be invalidated and accounts
unlocked and people can request a new password through the email robot
on db.debian.org .

We expect to need until Wednesday and ask for your patience until then.
Afterwards when we have all the facts we will explain what exactly happened
and how we hope to prevent this from happening again in the future.


Wichert Akkerman <wichert@wiggy.net>    It is simple to make things.
http://www.wiggy.net/                   It is hard to make things simple.

To UNSUBSCRIBE, email to debian-devel-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

This archive was generated by hypermail 2.1.7 : Wed Nov 26 2003 - 10:39:25 CET