FreeBSD.org is compromised
Today, the FreeBSD.org team posted a notice on the site stating that two machines from the cluster being used had been illegally accessed. The compromised machines, as well as most of the infrastructure, were disabled for a detailed analysis of the attack.
It is emphasized that there was negligence on the part of the developer who allowed his SSH key to leak for legitimate access to the cluster computers. Thus, the source of the problem is not the errors of the operating system or the FreeBSD.org infrastructure.
The invasion was discovered on November 11: a study of the consequences has not yet revealed any cause for concern. However, it was decided to notify users of the incident so that they could take the necessary steps. Details of the attack and its analysis will appear on the notification page.
')
Possible actions by system administrators to minimize the possible consequences of a problem are also given here .
[ Source ]
It is emphasized that there was negligence on the part of the developer who allowed his SSH key to leak for legitimate access to the cluster computers. Thus, the source of the problem is not the errors of the operating system or the FreeBSD.org infrastructure.
The invasion was discovered on November 11: a study of the consequences has not yet revealed any cause for concern. However, it was decided to notify users of the incident so that they could take the necessary steps. Details of the attack and its analysis will appear on the notification page.
')
Possible actions by system administrators to minimize the possible consequences of a problem are also given here .
[ Source ]
Source: https://habr.com/ru/post/159077/
All Articles