Server Hacked

Brian C brianwc at ocf.berkeley.edu
Fri Aug 19 17:02:23 UTC 2005


Hi Peter,

Peter Palfrader wrote:
> On Thu, 18 Aug 2005, Brian C wrote:
> 
>>I run Debian-testing and generally stay on top of updates.
> 
> That's a silly thing to do.
> 
> http://www.debian.org/security/faq#testing

Point taken. However,

from http://packages.debian.org

Package tor

    * testing (comm): anonymizing overlay network for TCP
      0.1.0.11-1: alpha amd64 arm hppa i386 ia64 m68k mips mipsel
powerpc s390 sparc
    * unstable (comm): anonymizing overlay network for TCP
      0.1.0.14-1: amd64 arm i386 mips powerpc s390 sparc
      0.1.0.13-1: alpha hppa ia64 mipsel
      0.1.0.12-1: m68k
      0.0.9.10-1: hurd-i386

If my server had been running stable, then, in my case at least, it
would not have been running tor. This is just one of many cases where
the availability of packages and recent versions of packages lags so far
behind in stable that I decided to opt for testing.

Anyway, this is getting even more off-topic.

I'm still sort of surprised that this group of what I thought was fairly
skilled developers hasn't provided one link or suggestion on how best to
1) identify the vulnerability exploited on a hacked server or 2)
identify the likely perpetrator of a defacement. Searching around I find
lots about how to prevent hacks in the first place but very little
that's helpful in dealing with it once it's happened.

Brian



More information about the tor-talk mailing list