Recently, a number of attempts have been made to break into the servers and machines of high-profile companies and entities, including Linux kernel project. And now, FreeBSD Project is also a part of this list, as a fresh intrusion has been detected on two machines which are a part of the FreeBSD.org cluster.
Apparently, as a result of this intrusion, ftp.FreeBSD.org was temporarily unavailable, though restored within no time. However, FreeBSD Security Office has sent a detailed email to the users, letting them know of the security situation.
According to this email, no such evidence has been found which would put the users at danger. The intruder was able to access only the third-party packages used by FreeBSD Project, and not any of its native software. Security experts at the organization are still looking at the forensics to see if something comes up. Until then, whereas users are not in danger, it can’t be said whether or not the security is fool-proof.
The email also invites the users to visit this page and undertake the recommended actions to ensure their own safety. Meanwhile, FreeBSD Project has launched a number of fresh security measures and mechanisms to guard its cluster far more effectively and to secure its machines from similar incidents of intrusion in the future.
According to the email, “We plan, therefore, to more rapidly deprecate a number of legacy services, such as cvsup distribution of FreeBSD source, in favour of our more robust Subversion, freebsd-update, and portsnap models.”