By now many of you will have known that some of the servers at www.debian.org were compromised. This is just another case of hackers trying to unleash Trojan code by hacking into sites and modifying source code.

It is becoming more and more obvious that we need to use PGP or MD5 to verify the authenticity of all downloaded code.

Again, good intrusion detection techniques alerted the administrative staff. Can you imagine downloading and installing Debian with Trojan code included?

I was a bit concerned by the recent attack on the Jamaican websites. I have not heard reports of administrators shutting down sites, erasing hard disks and restoring from backup. If the Brazilian hackers had not defaced the sites, would anyone have known about the hack?

Intrusion detection, shutting down sites and restoring from backup seem to be international standards when dealing with compromised networks.

This was done with www.jabber.org and www.debian.org

Here are some links:

http://slashdot.org/articles/03/11/2...8.shtml?tid=90


http://lists.debian.org/debian-devel.../msg00012.html

My position is that any site can be hacked. Do what you can to make it difficult, but put in intrusion detection so you can know when (not if) it is hacked.