Hackers break into two FreeBSD Project servers using stolen SSH keys

November 19, 2012 – 9:24 AM

Intrusions on two machines within the FreeBSD.org cluster were detected on Nov. 11, the FreeBSD security team said Saturday. “The affected machines were taken offline for analysis. Additionally, a large portion of the remaining infrastructure machines were also taken offline as a precaution,” said a message on the project’s public announcements mailing list. The two compromised servers acted as nodes for the project’s legacy third-party package-building infrastructure, the FreeBSD Project said in an advisory posted on its website. The incident only affected the collection of third-party software packages distributed by the project and not the operating system’s “base” components, such as the kernel, system libraries, compiler or core command-line tools. The FreeBSD security team believes the intruders gained access to the servers using a legitimate SSH authentication key stolen from a developer, and not by exploiting a vulnerability in the operating system.

Source:
http://www.pcadvisor.co.uk/news/security/3411757/hackers-break-into-two-freebsd-project-servers-using-stolen-ssh-keys/?olo=rss

You must be logged in to post a comment.