Ronny Lam

about://tech Temporarily Compromised

This is bad news for the FreeBSD community. Although nothing to the code has been damaged, the secure image of FreeBSD has. Trust comes by foot and goes on a horse.

On Sunday 11th November 2012, two machines within the infrastructure were found to have been compromised. These machines were head nodes for the legacy third-party package building infrastructure. It is believed that the compromise may have occurred as early as the 19th September 2012.

The compromise is believed to have occurred due to the leak of an SSH key from a developer who legitimately had access to the machines in question, and was not due to any vulnerability or code exploit within FreeBSD.