Slashdot Hacked, Test Server Used to Gain Access
Slashdot is reporting that it was hacked last night by people who claimed to have good intentions. According to Rob Malda, the exploit depended upon the existance of a freshly installed copy of the base Slashcode distribution, existing on the same subnet outside their firewall.
There are a lot of things that could be said about the problems that this exposes in the existing and previous Slashcode architectures, the system administration practices of the people running Slashdot.org. Read on if you are interested in this from a Slash operations perspective.
One of the interesting places to look for information about this problem is undoubtedly going to be the Slashcode mailing list. Here is the Web Page that represents the current week's activity on the mailing list. A good thread of discussion about the exploit has begun there.
For what it's worth, it is fairly safe to say that CTDATA customers using our version of Slash are not likely to be affected by the vulnerability that was used to temporarily gain control of Slashdot. Of course, it never pays to tempt fate....