The release of Version 2.6 of the open-source GNOME desktop has been delayed until March 31 because of an apparent breach of a GNOME.org server by an unknown attacker.
In a posting Wednesday on the group’s online bulletin board, GNOME developer Jeff Waugh said that apparently no code was tampered with by the intruder but that the delay was implemented to show “due caution by giving the sysadmin team plenty of time to finish their investigation and restore critical services.”
The desktop was supposed to be released Wednesday.
The attack was disclosed on the GNOME bulletin board Tuesday by developer Owen Taylor, who wrote that evidence of an intrusion had been found on the server hosting www.gnome.org and other GNOME.org Web sites.
“No additional damage has been discovered; at the current time we are cautiously hopeful that the compromise was limited in scope,” he wrote.
Taylor could not be reached for further comment. Waugh, in an e-mail response, said the attack was discovered by a Gnome developer who “found suspicious processes running on the machine, and reported it to the sysadmin team straight away. The machine was immediately taken off the network for analysis.
“The investigation so far seems to indicate that very little damage was done beyond the intrusion itself, and we are (cautiously) confident that none of our other systems were compromised,” he wrote.
Asked if the group knows who began the attack, Waugh said, “We have some leads, and we know that the machine was only compromised for a short period of time. However, it has only been 36 hours since the intrusion was discovered; we’ll need a bit more time to do a thorough analysis.”