FreeBSD servers compromised using stolen SSH key

Tools

A couple of servers used to build third-party software for the open source FreeBSD project have been compromised. The announcement was made by the project, which conducted an in-depth analysis and concluded that there was no evidence that the unidentified intruder modified any third-party packages.

Nevertheless, the organization recommends that administrators update third-party software packages installed between Sep. 19 and Nov. 11 as a precaution.

Details of the incident were laid out in a report online here, which also outlined a number of operational security changes to improve the organization's resilience to potential attacks. For now, the compromise was believed to have resulted from a stolen SSH key from a developer.

According to FreeBSD, "All suspect machines are being either reinstalled, retired, or thoroughly audited before being brought back online."

The organization also maintains that base code such as the kernel, system libraries, various compiler and command-line tools are maintained separately and are thus not impacted. Overall, the incident is a somber reminder that even the diligent use of strong encryption can be overcome by human mistakes.

Of course, an organization that is less security-conscious may not even have caught an unauthorized access. I think a blog on Sopho's Naked Security summed it up well here, "This is a hearty reminder that a chain is only as strong as its weakest link."

For more:
- check out this article at Threatpost

Related Articles:
Multiple virtualization products affected by guest-to-host escape vulnerability
Md5crypt password scrambler no longer secure