Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Haskell Investigates Security Breach Affecting Debian Builds

The developers of the advanced purely-functional programming language Haskell are investigating a data breach identified by the organization’s hosting provider.

The developers of the advanced purely-functional programming language Haskell are investigating a data breach identified by the organization’s hosting provider.

Haskell informed users on Saturday via its status page that the domain for Debian packages, deb.haskell.org, had been taken offline following reports of suspicious activity. On Sunday, Haskell confirmed that deb.haskell.org was compromised on February 12, when anomalies were detected in outgoing traffic.Haskell hacked

“‘deb.haskell.org` was already offline and suspended shortly after these traffic changes were detected by the host monitoring system, meaning the window for package compromise was very very small. We’re continuing to investigate the breach and the extent to which it might have spread,” Haskell noted.

For the time being, it appears that only the Debian builds are affected. The Web server, the download server, the community infrastructure, mail, wiki, Git repositories, MySQL and other components are not affected, according to Haskell’s status page.

Haskell has several data centers across the world. However, it seems only the Rackspace ORD data center, located in Chicago, is impacted by the security breach.

So far, Haskell hasn’t provided too many details on the data breach and some users are wondering if the attackers might have gained access to package signing keys.

The programming language, which allows developers to rapidly create robust and concise software, was launched 25 years ago. Haskell comes with built-in concurrency and parallelism, profilers, debuggers, rich libraries, and it offers strong support for integration with other languages.

The project is sponsored by organizations such as Rackspace, Galois, DataDog, Fastly, and DreamHost.

Advertisement. Scroll to continue reading.
Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

SSH Communications Security has appointed Pauli Haikonen as the company’s Chief Information Security Officer (CISO).

Cloud and container security firm Sysdig has tapped William Welch as CEO on its path to an IPO.

Dave Scher has been promoted to Deputy Chief Information Officer at MITRE.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.