On Fri, 2003-08-15 at 09:50, Jeroen Massar wrote: > And no, this is not just yet again a microsoft thing > apparently even the FSF can't secure their FTP server. > Which took 3 months to be detected (jolly :) one has > to wonder how much trouble that is going to cost, > though fortunatly most unix admins are more proactive > in the security front and tend to update. The difference, though, is that they got rooted in the week between disclosure of the ptrace bug and publication of a patch. For that, you can't call them lazy. The interesting question here is, how could the attacker get an account on the box the first place? Disgruntled insider? Poor account/password management? Non-root remote exploit? I think that even after patching the Linux kernels on their servers, the FSF admins still have some catching up to do. Cheers Steffen.
This is a digitally signed message part