Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Debian development server compromised SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Debian development server compromised
Looks like the debian developement server (hosting the cvs amongst other services) has been compromised. The Debian folks are still investigating the incidents at this point. No words on whether the any source code were altered yet.

From stories like these, we can't stress the point of having a HIDS system. From experience, some server could be compromised over 6 months before someone even notice about it. Having some type of HIDS such as AIDE or Tripwire can hopefully reduce the detection time.
I will be teaching next: Leading Cloud Security Design and Implementation - SANS Stay Sharp Winter 2022

Jason

93 Posts
ISC Handler
Jul 12th 2006

Sign Up for Free or Log In to start participating in the conversation!