[scripts-announce] scripts.mit.edu up again

[Jeff Arnold]

scripts.mit.edu and sql.mit.edu have been restored to service.  Around 
10:45 AM on Wednesday, an individual broke into scripts.mit.edu (using a 
PHP iCalendar exploit to gain local account access and a Linux kernel 
exploit to gain root access).  The attacker set off a silent alarm 
immediately after gaining root access and the machine was shut down. 
Since that time, we have been working to investigate what happened and to 
restore service without data loss or increased risk of future attack.

scripts.mit.edu and sql.mit.edu are now running on a new software system 
similar to the one that we were originally planning to put into service 
next week.  Everything should be working; please e-mail scripts at mit.edu if 
you notice any problems.

In addition to protecting against the Linux kernel exploit, we have 
temporarily disabled all vulnerable PHP iCalendar installations until we 
can fix the security problem with PHP iCalendar.

We apologize for the extended outage today; over the next few months, we 
will definitely be taking measures to try to ensure that this kind of 
outage does not occur again.

Jeff Arnold
jbarnold at mit.edu