The release of Version 2.6 of the open-source Gnome desktop has been delayed until the end of the month after an...
apparent breach of a Gnome.org server by an unknown attacker.
Gnome developer Jeff Waugh said there were no signs of code being tampered with but that the delay was implemented to show "due caution by giving the sysadmin team plenty of time to finish their investigation and restore critical services".
The desktop was supposed to have been released yesterday.
The attack was disclosed on the Gnome bulletin board yesterday by developer Owen Taylor, who said evidence of an intrusion had been found on the server hosting www.gnome.org and other Gnome.org websites.
"No additional damage has been discovered; at the current time we are cautiously hopeful that the compromise was limited in scope."
Waugh said the attack was discovered by a Gnome developer who "found suspicious processes running on the machine", and reported it to the sysadmin team straight away. The machine was immediately taken off the network for analysis.
"The investigation so far seems to indicate that very little damage was done beyond the intrusion itself, and we are cautiously confident that none of our other systems were compromised," he added.
Asked if the group knew who staged the attack, Waugh said, "We have some leads, and we know that the machine was only compromised for a short period of time. However, it has only been 36 hours since the intrusion was discovered; we'll need a bit more time to do a thorough analysis."
Todd R Weiss writes for Computerworld