LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Security Breach at kernel.org (https://www.linuxquestions.org/questions/linux-security-4/security-breach-at-kernel-org-900485/)

floppywhopper 09-11-2011 06:39 AM

Quote:

That was posted about already
sorry about that
I did look in the news section, didn't think to look in security

floppy

unSpawn 09-11-2011 07:40 AM

Quote:

Originally Posted by floppywhopper (Post 4468800)
sorry about that

No, it's actually a good suggestion. Next time I'll symlink such news items to the News and General section.

Nylex 09-11-2011 11:25 AM

It has happened to the Linux Foundation website, too (and they think it's related).

H_TeXMeX_H 09-11-2011 01:48 PM

So, I guess I have to ask:

How do I get a clean latest version of the kernel ?

The answer might be: You don't, cuz everything is down for maintenance. Right ?

unSpawn 09-11-2011 02:10 PM

...and next to the message displayed on the web site here's a copy of the email that got sent out as a result: http://lwn.net/Articles/458414/

unSpawn 09-11-2011 03:20 PM

Right: http://lkml.org/lkml/2011/9/10/23

-cyrus- 09-11-2011 06:20 PM

Based on this security breach, I received the following note from linuxfoundation.org

Quote:

Attention Linux.com and LinuxFoundation.org users,

We are writing you because you have an account on Linux.com,
LinuxFoundation.org, or one of the subdomains associated with these domains.
On September 8, 2011, we discovered a security breach that may have
compromised your username, password, email address and other information you
have given to us. We believe this breach was connected to the intrusion on
kernel.org.

As with any intrusion and as a matter of caution, you should consider the
passwords and SSH keys that you have used on these sites compromised. If you
have reused these passwords on other sites, please change them immediately.
We are currently auditing all systems and will update public statements when
we have more information.

We have taken all Linux Foundation servers offline to do complete
re-installs. Linux Foundation services will be put back up as they become
available. We are working around the clock to expedite this process and are
working with authorities in the United States and in Europe to assist with
the investigation.

The Linux Foundation takes the security of its infrastructure and that of
its members extremely seriously and are pursuing all avenues to investigate
this attack and prevent future ones. We apologize for this inconvenience and
will communicate updates as we have them.

Please contact us at info@linuxfoundation.org with questions about this
matter.

The Linux Foundation

towheedm 09-11-2011 07:17 PM

Kernel.org is still down for maintenance.

The other question is: Did this breach reach their backup site in the air before it was caught?

towheedm 09-13-2011 08:18 PM

Is it just me or is kernel.org still down for maintenance?

jens 09-14-2011 11:17 AM

Quote:

Originally Posted by H_TeXMeX_H (Post 4469036)
So, I guess I have to ask:

How do I get a clean latest version of the kernel ?

The answer might be: You don't, cuz everything is down for maintenance. Right ?

You can still use the github mirrors.

H_TeXMeX_H 09-14-2011 11:52 AM

Quote:

Originally Posted by jens (Post 4471588)
You can still use the github mirrors.

Ah yes, here it is:
https://github.com/torvalds/linux

Now the question is: is it safe / clean / not compromised ?

jens 09-14-2011 11:59 AM

Quote:

Originally Posted by H_TeXMeX_H (Post 4471614)
Ah yes, here it is:
https://github.com/torvalds/linux

Now the question is: is it safe / clean / not compromised ?

Yes, it's as "clean" as ever...
You can't just change something in git without the the one pulling your request noticing it.

H_TeXMeX_H 09-14-2011 03:55 PM

Quote:

Originally Posted by jens (Post 4471618)
Yes, it's as "clean" as ever...
You can't just change something in git without the the one pulling your request noticing it.

That's good. Hopefully they didn't find a way to hack git.

Konphine 09-15-2011 11:25 AM

Is going to kernel.org safe? I tried to download a lib file I needed by using wget, and then I tried looking for it directly just by going to kernel.org, but I got the whole service is down message.

I'm wondering if it was safe to do this or not.

H_TeXMeX_H 09-15-2011 12:24 PM

I doubt anything from kernel.org is safe ATM.


All times are GMT -5. The time now is 02:47 AM.