LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 09-11-2011, 06:39 AM   #16
floppywhopper
Member
 
Registered: Aug 2004
Location: Albany, Western Australia
Distribution: Mageia 2, SME Server 8
Posts: 616
Blog Entries: 2

Rep: Reputation: 54

Quote:
That was posted about already
sorry about that
I did look in the news section, didn't think to look in security

floppy
 
Old 09-11-2011, 07:40 AM   #17
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,534
Blog Entries: 51

Rep: Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604
Quote:
Originally Posted by floppywhopper View Post
sorry about that
No, it's actually a good suggestion. Next time I'll symlink such news items to the News and General section.
 
Old 09-11-2011, 11:25 AM   #18
Nylex
LQ Addict
 
Registered: Jul 2003
Location: London, UK
Distribution: Slackware
Posts: 7,464

Rep: Reputation: Disabled
It has happened to the Linux Foundation website, too (and they think it's related).
 
1 members found this post helpful.
Old 09-11-2011, 01:48 PM   #19
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1266Reputation: 1266Reputation: 1266Reputation: 1266Reputation: 1266Reputation: 1266Reputation: 1266Reputation: 1266Reputation: 1266
So, I guess I have to ask:

How do I get a clean latest version of the kernel ?

The answer might be: You don't, cuz everything is down for maintenance. Right ?
 
Old 09-11-2011, 02:10 PM   #20
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,534
Blog Entries: 51

Rep: Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604
...and next to the message displayed on the web site here's a copy of the email that got sent out as a result: http://lwn.net/Articles/458414/
 
1 members found this post helpful.
Old 09-11-2011, 03:20 PM   #21
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,534
Blog Entries: 51

Rep: Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604
Right: http://lkml.org/lkml/2011/9/10/23
 
Old 09-11-2011, 06:20 PM   #22
-cyrus-
LQ Newbie
 
Registered: Mar 2008
Location: Auckland
Distribution: CentOS (Server), Ubuntu (Desktop), Arch (Laptop)
Posts: 19

Rep: Reputation: 1
Based on this security breach, I received the following note from linuxfoundation.org

Quote:
Attention Linux.com and LinuxFoundation.org users,

We are writing you because you have an account on Linux.com,
LinuxFoundation.org, or one of the subdomains associated with these domains.
On September 8, 2011, we discovered a security breach that may have
compromised your username, password, email address and other information you
have given to us. We believe this breach was connected to the intrusion on
kernel.org.

As with any intrusion and as a matter of caution, you should consider the
passwords and SSH keys that you have used on these sites compromised. If you
have reused these passwords on other sites, please change them immediately.
We are currently auditing all systems and will update public statements when
we have more information.

We have taken all Linux Foundation servers offline to do complete
re-installs. Linux Foundation services will be put back up as they become
available. We are working around the clock to expedite this process and are
working with authorities in the United States and in Europe to assist with
the investigation.

The Linux Foundation takes the security of its infrastructure and that of
its members extremely seriously and are pursuing all avenues to investigate
this attack and prevent future ones. We apologize for this inconvenience and
will communicate updates as we have them.

Please contact us at info@linuxfoundation.org with questions about this
matter.

The Linux Foundation
 
1 members found this post helpful.
Old 09-11-2011, 07:17 PM   #23
towheedm
Member
 
Registered: Sep 2011
Location: Trinidad & Tobago
Distribution: Debian Squeeze
Posts: 585

Rep: Reputation: 118Reputation: 118
Kernel.org is still down for maintenance.

The other question is: Did this breach reach their backup site in the air before it was caught?
 
Old 09-13-2011, 08:18 PM   #24
towheedm
Member
 
Registered: Sep 2011
Location: Trinidad & Tobago
Distribution: Debian Squeeze
Posts: 585

Rep: Reputation: 118Reputation: 118
Is it just me or is kernel.org still down for maintenance?
 
Old 09-14-2011, 11:17 AM   #25
jens
Senior Member
 
Registered: May 2004
Location: Belgium
Distribution: Debian, Slackware, Fedora
Posts: 1,181

Rep: Reputation: 158Reputation: 158
Quote:
Originally Posted by H_TeXMeX_H View Post
So, I guess I have to ask:

How do I get a clean latest version of the kernel ?

The answer might be: You don't, cuz everything is down for maintenance. Right ?
You can still use the github mirrors.
 
1 members found this post helpful.
Old 09-14-2011, 11:52 AM   #26
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1266Reputation: 1266Reputation: 1266Reputation: 1266Reputation: 1266Reputation: 1266Reputation: 1266Reputation: 1266Reputation: 1266
Quote:
Originally Posted by jens View Post
You can still use the github mirrors.
Ah yes, here it is:
https://github.com/torvalds/linux

Now the question is: is it safe / clean / not compromised ?
 
Old 09-14-2011, 11:59 AM   #27
jens
Senior Member
 
Registered: May 2004
Location: Belgium
Distribution: Debian, Slackware, Fedora
Posts: 1,181

Rep: Reputation: 158Reputation: 158
Quote:
Originally Posted by H_TeXMeX_H View Post
Ah yes, here it is:
https://github.com/torvalds/linux

Now the question is: is it safe / clean / not compromised ?
Yes, it's as "clean" as ever...
You can't just change something in git without the the one pulling your request noticing it.

Last edited by jens; 09-14-2011 at 02:13 PM.
 
Old 09-14-2011, 03:55 PM   #28
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1266Reputation: 1266Reputation: 1266Reputation: 1266Reputation: 1266Reputation: 1266Reputation: 1266Reputation: 1266Reputation: 1266
Quote:
Originally Posted by jens View Post
Yes, it's as "clean" as ever...
You can't just change something in git without the the one pulling your request noticing it.
That's good. Hopefully they didn't find a way to hack git.
 
Old 09-15-2011, 11:25 AM   #29
Konphine
Member
 
Registered: Jul 2011
Location: Phoenix, New York
Distribution: Slackware 13.37
Posts: 376

Rep: Reputation: 11
Is going to kernel.org safe? I tried to download a lib file I needed by using wget, and then I tried looking for it directly just by going to kernel.org, but I got the whole service is down message.

I'm wondering if it was safe to do this or not.
 
Old 09-15-2011, 12:24 PM   #30
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1266Reputation: 1266Reputation: 1266Reputation: 1266Reputation: 1266Reputation: 1266Reputation: 1266Reputation: 1266Reputation: 1266
I doubt anything from kernel.org is safe ATM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Yet another thread about a security breach Fredde87 Linux - Security 19 10-16-2009 08:12 AM
[SOLVED] possible security breach johnh10000 Linux - Security 18 10-13-2009 11:23 AM
Breach in Sendmail Security? bper Linux - Security 2 08-02-2005 05:40 PM
[Security Questions] Last Login, how good is this feature for security breach info? t3gah Linux - Security 2 06-14-2005 01:02 AM
Security breach? lhoff Linux - Security 5 02-15-2002 01:33 AM


All times are GMT -5. The time now is 11:40 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration