From: CERT Advisory [mailto:cert-advisory@cert.org]
Sent: Wednesday, August 13, 2003 4:49 PM
To: cert-advisory@cert.org
Subject: CERT Advisory CA-2003-21 GNU Project FTP Server Compromise
...
The CERT/CC has received a report that the system housing the primary
FTP servers for the GNU software project was compromised.
...
The compromise is
reported to have occurred in March of 2003.
...
We encourage sites using the GNU software obtained from the
compromised system to verify the integrity of their distribution.

Sites that mirror the source code are encouraged to verify the
integrity of their sources. We also encourage users to inspect any and
all other software that may have been downloaded from the compromised
site. Note that it is not always sufficient to rely on the timestamps
or file sizes when trying to determine whether or not a copy of the
file has been modified.
...
This document is available from:
http://www.cert.org/advisories/CA-2003-21.html

I just got this notice the other day. Looks like even free software is becoming a target. :eek:

always has been always will

hackers were owning various distros/os' and putting their trojans directly into the source code since most people on these boards knew what linux was..

Actually it's claimed they did not comprimise any of the software on the FTP site.

Actually it's claimed they did not comprimise any of the software on the FTP site.
True, it just mentions that the server itself was believed to be compromised, whatever their definition of that is, but not the actual software.

Yeah, they said they were just using it to gain usernames and passwords of other things