Is Ubuntu Server safe?
Recently 5 out of 8 Ubuntu servers(LoCo) sponsored by Canonical were compromised. This can create a doubt in the community on the safety of Ubuntu Linux Server Editions. Are they really safe? Can we use them for production?
Here’s the explanation from James Troup, Canonical sysadmin team leader:
a) the servers, especially zambezi were running an incredible amount of web software (over 15 packages[1] that we recognised) and of all the ones where it’s trivial to determine a version, they were without exception out-of-date and missing security patches. An attacker could have gotten a shell through almost any of these sites.
b) FTP (not sftp, without SSL) was being used to access the machines, so an attacker (in the right place) could also have gotten access by sniffing the clear-text passwords.
c) The servers have not been upgraded past breezy due to problems with the network card and later kernels. This probably allowed the attacker to gain root.
So, based on this I can say that this has nothing to do with the Ubuntu Servers security. I think it was the poor management of the servers. The compromise has taken place because sysadmins were lazy(or may be too busy with other stuff) to install relevant patches and upgrades.
Well, anyways this thing happened, so let’s read what are they doing to prevent another hacking.
Move the servers to Canonical Data Centers or move the servers to managed/outsourced hosting companies.
This incident one more time proves that at some point, any OS(Operating System) or any software will be hacked. To be secure, you need to always watch out for patches/upgrades, advisories from the vendors, research and stay alert!
Things around Gentoo
Are you a Gentoo user? Do you follow up with Daniel’s blog? Personally sometimes I’m scared to see Gentoo degenerate. But following Daniel’s article and the comments I feel that there is still hope for Gentoo’s rise.
I liked wamukota’s comment. I’m quoting it here:
I am not at all interested in the political stuff at a higher level, nor the legal status of the project. But I acknowledge the point that such issues must be solved, and quickly, if the momentum of the project is to be maintained. But don’t play it out in the open.
So, do whatever you feel best for you Daniel but do not forget that Gentoo has been the starting point of many a GNU/Linux user and that newbies will still be trying to learn GNU/Linux through Gentoo because there is no decent alternative for us.
I think Daniel still wants to get hands on the project but can’t really do that now. May be if he is elected by users and sponsored to do his work in the project he might stay there for us?
Whois information for domain microsoft.com
Last week I made transfer from ABOUT DOMAIN DOT COM SOLUTIONS PVT. LTD. to Godaddy. Today I wanted to check if the transfer is complete. Doing a simple whois query I found out it still pending transfer.
I made some other queries, microsoft.com was one of them. I was surprised to see the outcome. Check out the whois information for Microsoft domain!
arstan@blacky:~$ whois microsoft.com
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information. Read more
About
Welcome to Arstan's personal blog. This blog includes tips on Linux, Apache, MySQL, Shell Scripts. Hardware/software and internet technologies reviews and updates.
