Operating System security is as good as the admins

This last week, 5 of the 8 servers that are loco hosted but Canonical sponsored, had to be shut down due to reports that they were actively attacking other machines. These servers were found to have a variety of problems including, but not limited to, missing security patches, FTP (not sftp, without SSL) was being used to access the machines, and no upgrades past breezy due to problems with the network cards and later kernels. Loco teams will be given a choice to: a. migrate to the Canonical data center, or b. stay on the hosted/outsourced servers. Each option has its good and bad points. Jono Bacon has therefore called for a meeting to discuss these issues. The meeting will be in IRC #ubuntu-locoteams on Tuesday, August 14, 2007 at 2:00PM UTC.

Canonical blames the community, saying they were community hosted, and were poorly maintained. However, kernel upgrades couldn't be done because of poor backwards compatibility with the very hardware that Canonical had sponsored! While people point fingers at each other it is pretty clear that both sides are equally to blame, the community administrators for practicing bad security practices, such as using unencrypted FTP transfers with accounts, not properly maintaining the system. However Canonical should have been well aware of what they are hosting. The question remains, if any of the files distributed to users have been compromised. A major blow for Canonical though who are attempting to enter the business market with Ubuntu Server."

Tag(s):  linux  ubuntu