Two FreeBSD Project Servers HackedHackers broke into two FreeBSD project servers using an SSH authentication key* and login credentials,Venerable BSD-based operating system FreeBSD has announced a smallish system compromise.
The FreeBSD administrators took a bunch of servers offline to investigate, and published a blow-by-blow account of what they know about the breach so far.
FreeBSD isn't the first open source operating system to suffer an intrusion on its core servers.
The Linux developers famously suffered both a malware attack and a server compromise last year that saw kernel.org vanish offline for over a month.
No Trojanised packages have been uncovered, at least as yet. But FreeBSD users have been urged to carefully check third-party packages installed or updated between 19 September and 11 November nonetheless, as a precaution.
The FreeBSD.org team has promised to tighten up security, in particular by phasing out legacy services such as the distribution of FreeBSD source via CVSup, in favour of the more robust Subversion, freebsd-update, and portsnap distribution methods". The hack was "not due to any vulnerability or code exploit within FreeBSD .