GNU server hacked - Server breach raises Linux code worries

[Gary Stoneburner <gary.stoneburner@nist.gov>]

re:
http://news.com.com/2100-1009-5063683.html

"The GNU Project, which develops many of the components in the Linux
operating system, said this week that the system housing its primary
download servers has been compromised by an attacker."

"The attacker compromised the project's servers to the root level,
gaining complete control over the system, according to the GNU Project.
The attack was carried out using an exploit that was revealed on March
17, and for which a patch only became available a week later. During that
week, the intruder compromised the system and installed a piece of
malicious code known as a Trojan horse, according to evidence found on
the machine."

Hacker the source and you've hacked everything that uses the
source.  See the classic "Reflections on Trusting Trust"
by Ken Thompson - ACM webpage with article attached.

Cheers,
Gary

**************************************************************************
* Opinions expressed are not intended to reflect an official position
**************************************************************************
* Gary Stoneburner
* Computer Security Division, National Institute of Standards & Technology
* 100 Bureau Drive, Stop 8930, Gaithersburg, MD 20899-8930         
* Phone: 301-975-5394, FAX: 301-948-0279, Email: Stoneburner@nist.gov
* http://csrc.nist.gov/staff/stoneburner/gshome.html
**************************************************************************

ACM webpage - Reflections on trusting trust.ZIP