The FreeBSD Project recently announced that a breach of two machines in the FreeBSD.org cluster was detected on November 11.
"The security team says that the two affected servers were taken offline immediately and that investigations show that the first unauthorised access probably took place on 19 September," The H Security reports.
"The FreeBSD security team believes the intruders gained access to the servers using a legitimate SSH authentication key stolen from a developer, and not by exploiting a vulnerability in the operating system," writes Computerworld's Lucian Constantin.
"FreeBSD said in its advisory that it will make a number of operational security changes," writes Threatpost's Michael Mimoso. "The most important could be the decision to forgo cvsup as a means of distributing updates in favor of Subversion, a more robust package according to the project."https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
"None of the so-called base repositories were touched -- that's where core components such as the kernel, system libraries, compiler, core command-line tools and daemons (server software) reside," writes Naked Security's Paul Ducklin. "Only servers hosting source code for third-party packages were affected."
"However, the FreeBSD Project is taking 'an extremely conservative view; and is assuming that third-party packages generated between September 19 and November 11 this year may have been modified, and therefore, their integrity cannot be guaranteed," writes iTnews' Juha Saarinen. "A security audit of systems using FreeBSD.org provided binary packages is recommended, as 'anything that may have been installed during the affected period should be considered suspect.'"