[FreeBSD-Ports-Announce] Security Incident on FreeBSD Infrastructure

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[FreeBSD-Ports-Announce] Security Incident on FreeBSD Infrastructure

FreeBSD Security Officer
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sunday 11th of November, an intrusion was detected on two machines
within the FreeBSD.org cluster.  The affected machines were taken
offline for analysis.  Additionally, a large portion of the remaining
infrastructure machines were also taken offline as a precaution.

We have found no evidence of any modifications that would put any end
user at risk.  However, we do urge all users to read the report
available at http://www.freebsd.org/news/2012-compromise.html and
decide on any required actions themselves.  We will continue to
update that page as further information becomes known.  We do not
currently believe users have been affected given current forensic
analysis, but we will provide updated information if this changes.

As a result of this event, a number of operational security changes
are being made at the FreeBSD Project, in order to further improve our
resilience to potential attacks.  We plan, therefore, to more rapidly
deprecate a number of legacy services, such as cvsup distribution of
FreeBSD source, in favour of our more robust Subversion, freebsd-update,
and portsnap models.

More information is available at
http://www.freebsd.org/news/2012-compromise.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9

iEYEARECAAYFAlCm0dAACgkQFdaIBMps37KrYgCfTEkJ/odP2XMrYQ1FIvD89AJb
GUUAn2r4YLeDEfQriWZIIXR0Hj1/rSWT
=cLZF
-----END PGP SIGNATURE-----
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports-announce
To unsubscribe, send any mail to "[hidden email]"