During the last four months, unknown intruders have breached the security around servers hosting programs and code published by the Linux kernel development team, the Debian Project, the Gentoo Linux Project and the GNU Project, which manages the development of many important programs used by Linux and other Unix-like systems. The attacks have convinced open-source project leaders to take another look at their security.

"It is a definite eyebrow raiser that there has been this targeting of open-source servers and core open-source development servers," said Corey Shields, a member of the infrastructure team that overseas the distribution system for Gentoo Linux's code. "The worry is that if someone wanted to be malicious, they could change core software and users could be using corrupted packages."

[ Read more ]

Related items

• Advisory: rsync.gentoo.org rotation server compromised (4 December 2003)
• News: Crackers strike Gentoo Linux server, code unharmed (4 December 2003)
• News: Linux users: are you at risk from kernel exploit? (3 December 2003)
• News: Kernel exploit cause of Debian compromise (2 December 2003)
• News: Debian attacker may have used new exploit (1 December 2003)
• News: Debian Project machines have been compromised (22 November 2003)
• Review: HackNotes Linux and Unix Security Portable Reference (24 October 2003)