m.roth at 5-cent.us
2015-Apr-07 16:28 UTC
[CentOS] Linux Australia breached, personal details leaked
FYI, folks,
Excerpt:
Linux Australia discovered the breach on March 24 after it noticed
conference management software it uses called Zookeepr started sending a
large number of error reporting emails, Hesketh wrote. A server had been
attacked two days prior.
?It is the assessment of Linux Australia that the individual utilized a
currently unknown vulnerability to trigger a remote buffer overflow and
gain root level access to the server,? Hesketh wrote.
The attacker installed a remote access tool and then botnet command and
control software.
--- end excerpt ---
<http://www.cio.com/article/2906814/linux-australia-breached-personal-details-leaked.html>
mark
Always Learning
2015-Apr-07 22:20 UTC
[CentOS] Linux Australia breached, personal details leaked
On Tue, 2015-04-07 at 12:28 -0400, m.roth at 5-cent.us wrote:> ?It is the assessment of Linux Australia that the individual utilized a > currently unknown vulnerability to trigger a remote buffer overflow and > gain root level access to the server,? Hesketh wrote. > > The attacker installed a remote access tool and then botnet command and > control software. > --- end excerpt --- > > <http://www.cio.com/article/2906814/linux-australia-breached-personal-details-leaked.html>Its stupid and unprofessional to store personal data on a public accessible server when there is no current public requirement for that data. How do these people ever become 'konputar xperts' ? I would like to know what operating system was used and the method used to gain access. -- Regards, Paul. England, EU. Je suis Charlie.
John R Pierce
2015-Apr-07 22:36 UTC
[CentOS] Linux Australia breached, personal details leaked
On 4/7/2015 3:20 PM, Always Learning wrote:> Its stupid and unprofessional to store personal data on a public > accessible server when there is no current public requirement for that > data.um, this mail list server is a 'public accessible server' and it has our email addresses, and possibly full names, which are 'personal data'. a web forum often has more info that that, depending one what you filled in on your user profile. for instance, my registrations on several car-related forums include a list of the car year/models I own. -- john r pierce, recycling bits in santa cruz
Peter Lawler
2015-Apr-07 22:37 UTC
[CentOS] Linux Australia breached, personal details leaked
On 08/04/15 08:20, Always Learning wrote:> I would like to know what operating system was used and the method used > to gain access.Maybe if you joined Linux Australia you could help out in the diagnosis. Meanwhile, on the *centos* list... P.