[FUG-BR] Security Incident on FreeBSD Infrastructure

[Marcelo Gondim]

É por isso que segurança nunca será 100%  :)  mas é admirável o trabalho 
feito para reparar isso.
Todos os grandes sistemas já tiveram falhas, problemas de invasão e tal.
O importante é que está sendo feito algo e melhor na mais pura clareza 
para com todos.

Parabéns à equipe de segurança por identificar e tomar as devidas ações.  :)

Em 17/11/12 19:50, Neerlan Amorim escreveu:
> Fiquei assustado!
>
> 2012/11/17 mantunes <mantunes.listas em gmail.com>
>
>> E ai pessoal.
>>
>> será que o lance foi serio ?
>>
>> 2012/11/17 FreeBSD Security Officer <security-officer em freebsd.org>:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> On Sunday 11th of November, an intrusion was detected on two machines
>>> within the FreeBSD.org cluster.  The affected machines were taken
>>> offline for analysis.  Additionally, a large portion of the remaining
>>> infrastructure machines were also taken offline as a precaution.
>>>
>>> We have found no evidence of any modifications that would put any end
>>> user at risk.  However, we do urge all users to read the report
>>> available at http://www.freebsd.org/news/2012-compromise.html and
>>> decide on any required actions themselves.  We will continue to
>>> update that page as further information becomes known.  We do not
>>> currently believe users have been affected given current forensic
>>> analysis, but we will provide updated information if this changes.
>>>
>>> As a result of this event, a number of operational security changes
>>> are being made at the FreeBSD Project, in order to further improve our
>>> resilience to potential attacks.  We plan, therefore, to more rapidly
>>> deprecate a number of legacy services, such as cvsup distribution of
>>> FreeBSD source, in favour of our more robust Subversion, freebsd-update,
>>> and portsnap models.
>>>
>>> More information is available at
>>> http://www.freebsd.org/news/2012-compromise.html
>>>
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v1.4.9
>>>
>>> iEYEARECAAYFAlCm0dAACgkQFdaIBMps37KrYgCfTEkJ/odP2XMrYQ1FIvD89AJb
>>> GUUAn2r4YLeDEfQriWZIIXR0Hj1/rSWT
>>> =cLZF
>>> -----END PGP SIGNATURE-----
>>> _______________________________________________
>>> freebsd-security-notifications em freebsd.org mailing list
>>> http://lists.freebsd.org/mailman/listinfo/freebsd-security-notifications
>>> To unsubscribe, send any mail to "
>> freebsd-security-notifications-unsubscribe em freebsd.org"
>>
>>
>>
>> --
>> Marcio Antunes
>> Powered by FreeBSD
>> ==================================
>> * Windows: "Where do you want to go tomorrow?"
>> * Linux: "Where do you want to go today?"
>> * FreeBSD: "Are you, guys, comming or what?"
>> -------------------------
>> Histórico: http://www.fug.com.br/historico/html/freebsd/
>> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>>
>
>