By Nancy Cohen LinuxInsider Part of the ECT News Network
08/20/07 1:05 PM PT
Ubuntu, a Debian-based Linux distribution, had to shut down more than half of its community servers recently because they appeared to have been commandeered by hackers, who could then launch attacks. According to Ubuntu community accounts, the members first learned that one of the machines had been compromised and was being used to try to hack other machines.
Crystal Reports - Discover the Latest Innovations. Download a free trial, view real-time 'behind the scenes' functionality, and learn about new Crystal Reports Server trade in options! Learn more.
Canonical, the commercial sponsor of the Linux distribution Ubuntu, asserted there has to be some decisive Ubuntu community action to make sure it doesn't suffer another outage.
Canonical had to shut down five of eight servers in order to avert potential hacker attacks earlier this month.
"Either their servers come into the Canonical Data Center and are managed with the same rigor as all other servers, or they opt out of the Canonical Data Center and are managed independently," Gerry Carr, Canonical's marketing manager, told LinuxInsider.
No More Ambiguity
"This removes any ambiguity in their status and will prevent this type of incident happening again," Carr said.
Ubuntu, a Debian-based Linux distribution, had to shut down more than half of its community servers recently because they appeared to have been commandeered by hackers, who could then launch attacks.
According to Ubuntu community accounts, the members first learned that one of the machines had been compromised and was being used to try to hack other machines. Then, it was discovered that five of the eight machines had been compromised. The machines were promptly shut down.
Missing Patches
There was no big surprise about their vulnerability, however. Servers in question were running out-of-date software and were missing security patches.
Canonical on Monday also commented on the server outage in a definitive way to quell any jitters among Ubuntu users. "Any work with our partners or customers was and is completely unaffected, as is anything core to the Ubuntu project, including all downloads of every flavor of Ubuntu," Carr told LinuxInsider.
The servers in question were for community functions such as blogs and local documentation, and not for downloadable software. Nonetheless, Canonical apparently was not amused.
A Lack of TLC
"The servers affected were local community servers, that is servers used by the Ubuntu community for individual projects, local Web sites, and, as we see, a number of their own software projects," Carr said. "These were managed by a combination of Canonical and community members, and frankly, this arrangement did not work."
Core production servers get the security TLC from Canonical. The incidents, said Carr, involved "a separate discrete set of servers housed in separate facility on a different network and managed differently."
To err is, well, Ubuntu. Roughly translated, it means humanness. Figuring out a well-managed construct for all Ubuntu servers, at least for Canonical, will be divine.
Big Blue, Sun Set Aside Rivalry to Team on Solaris August 17, 2007
In a partnership Sun Microsystems CEO Jonathan Schwartz described as a "tectonic shift," longstanding rivals Sun and IBM will partner on bringing the former's Solaris operating system to the latter's servers. Though Sun and IBM were at one point the fiercest of competitors, IBM already had a limited amount of support for Solaris on some of their Blade servers.
Related Stories
Nokia Siemens Networks Rings Up Carrier-Grade Linux Initiatives August 13, 2007
The Linux Foundation formed in February as a merger of The Free Standards Group and Open Source Development Labs. A major concern of the OSDL prior to the merger was the growth of Linux in telecommunications. Nokia Siemens Networks says it will contribute both financial and technical resources to the Linux ecosystem to help it remain state of the art.
Lenovo to Load Linux on Laptops August 07, 2007
Lenovo and Novell have partnered to deliver Suse Linux pre-installed on certain models of notebook PCs. The computer maker follows rival Dell in becoming another major manufacturer to offer some models with Linux out of the box. The move comes as many enterprises have begun to consider how, when and even if they're going to move to Microsoft's Windows Vista.
Related News Alerts
More by Nancy Cohen
Nokia Launches Feature-Packed, Linux-Based Internet Tablet October 19, 2007
In a move away from its core business of mobile phones, Nokia has launched the N810, a portable device that has a QWERTY keyboard wide screen, WiFi and Bluetooth connectivity, a GPS receiver and mapping software and a music player that can hold up to 7,500 songs. Built on a Linux-based platform, the device is a step forward for the Gnome mobile platform.
Ubuntu's Gutsy Gibbon Takes Over for Feisty Fawn October 18, 2007
People are prototyping and experimenting with new applications or virtualization, Canonical's marketing manager, Gerry Carr, told LinuxInsider. "This use of Ubuntu is extremely widespread across all industries, and we are starting to see that use move into production."
Eclipse Launches Ajax Programming Platform October 17, 2007
IBM first brought Eclipse to the development scene in November 2001 as a project supported by a software vendor consortium. Three years later, Eclipse Foundation became an independent entity with a stewardship role. IBM nonetheless remains a key cheerleader for the community.
Headline Feeds
manager, told LinuxInsider.
Talkback: 
