Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Haskell Investigates Security Breach Affecting Debian Builds

The developers of the advanced purely-functional programming language Haskell are investigating a data breach identified by the organization’s hosting provider.

The developers of the advanced purely-functional programming language Haskell are investigating a data breach identified by the organization’s hosting provider.

Haskell informed users on Saturday via its status page that the domain for Debian packages, deb.haskell.org, had been taken offline following reports of suspicious activity. On Sunday, Haskell confirmed that deb.haskell.org was compromised on February 12, when anomalies were detected in outgoing traffic.Haskell hacked

“‘deb.haskell.org` was already offline and suspended shortly after these traffic changes were detected by the host monitoring system, meaning the window for package compromise was very very small. We’re continuing to investigate the breach and the extent to which it might have spread,” Haskell noted.

For the time being, it appears that only the Debian builds are affected. The Web server, the download server, the community infrastructure, mail, wiki, Git repositories, MySQL and other components are not affected, according to Haskell’s status page.

Haskell has several data centers across the world. However, it seems only the Rackspace ORD data center, located in Chicago, is impacted by the security breach.

So far, Haskell hasn’t provided too many details on the data breach and some users are wondering if the attackers might have gained access to package signing keys.

The programming language, which allows developers to rapidly create robust and concise software, was launched 25 years ago. Haskell comes with built-in concurrency and parallelism, profilers, debuggers, rich libraries, and it offers strong support for integration with other languages.

The project is sponsored by organizations such as Rackspace, Galois, DataDog, Fastly, and DreamHost.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Network Security

Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Vulnerabilities identified in TP-Link and NetComm router models could be exploited to achieve remote code execution (RCE).