Novell opensuse server got hacked or something like that
The scans, which have been going on since Sept. 21, are targeted at TCP Port 22 -- the default port for Secure Shell (SSH) services. SSH programs are used to log into other computers over a network or to execute remote commands and move files between machines in a secure fashion. Scans against the port are often an indication that hackers are looking for vulnerable SSH systems that they can break into and take control of. Going by the large number of IP blocks scanned by the attacking server, it is safe to assume that "millions" of computers may have been probed for SSH-related weaknesses, he said.
http://www.mynetwatchman.com/LID.asp?IID=178119669 the incident got reported outside and inside "The OpenSuSE server has been sucking wind for weeks, and i know for a fact that trouble tickets have been submitted about it within Novell." http://linux.slashdot.org/comments.pl?sid=164039&cid=... (and why did it took so long)
why have they also turned off their wiki http://wiki.novell.com/ They also seem to have been hacked into http://forge.novell.com so the problemdescription at slashdot became worse as comments and facts kept coming in from different places. Remembering that it was not the first time they got hacked into at Novell http://www.linux.com/article.pl?sid=05/09/15/1655234 but that time it was because off a weak root password (password policy ?). Remembering the hacks into opensource development servers last year, this comment reflect the anguish and maybe fundamental question that stays on your mind
"The IHS guys aren't just script kiddies, their lead guy's blog is here [c0d3r.org]. He is apparently very active in writing exploits and gives code to all of them. He was just accepted into a university, but worse, one of his blog entries is about how he likes slackware and is trying to write some code to help the project out. Now I don't know about you, but I find that suspicious as hell. Unless someone goes over every line of code submitted with a magnifying glass than it can be fairly easy to sneak in a little area for a buffer overflow or something. (Preventive measures like SELinux and exec-shield are necessary and even they don't fully solve the problem). I can only hope that the slackware community does decent background checks on submitters, and also good code checking. The last thing we need is for Open Source to start being purposely made vulnerable and attacked from within" http://linux.slashdot.org/comments.pl?sid=164039&cid=...
and I let my case with the following quote by a 'believer' "The high standards that the open source community once enjoyed are being degraded on a daily basis by developers who cannot write secure code (ie. many PHP developers), by developers who blatantly insult and ridicule their users (ie. the KOffice example earlier in this post), or companies that provide insecure, open source-based products" http://linux.slashdot.org/comments.pl?sid=164039&cid=...
You have to earn trust.