[OT] Hackers break into Linux kernel home
ggravier at fsfe.org
Fri Sep 2 08:40:12 UTC 2011
They stole source code so that they could search inside it for
Oh wait... No. Linux is open source. No point in STEALING the code, it's
there available for freeeeeeeeeeeeeee! :)
Serilously, nobody publicly knows yet. I suspect they need to do a full
audit of the systems affected.
Several scenarii are possible though:
1) They are dumb and stole source code (see jest above)
2) They are smarter and compromised the code (hopefully a comparison
with a backup, followed by a restore will fix)
3) They are even smarter, and didn't touch the code, but planted trojans
in the machines so that they can come back at a later date and mess up
with the code when nobody is thinking about this incident anymore
(that's harder, some trojans are really smart at hiding, and the typical
rule of replacing the compromised systems by new boxes with new
installations, and all clean content is critical - but keep the
compromised one for post-mortem analysis by experts so that holes can be
On 02/09/2011 10:21, reeyarn wrote:
> What does it mean? Is Ubuntu also affected? How to prevent being attacked?
> On Fri, Sep 2, 2011 at 2:08 PM, Basil Chupin <blchupin at iinet.net.au
> <mailto:blchupin at iinet.net.au>> wrote:
> *MULTIPLE SERVERS* that are part of the Linux kernel.org
> <http://kernel.org> infrastructure
> were affected during a recent intrusion where attackers managed to
> root access and plant Trojan scripts.
> According to an email sent out to the community
> <http://pastebin.com/i4LFsQPW> by kernel.org <http://kernel.org>
> chief administrator John
> Hawley, known as warthog9, the incident started with the
> compromise of a
> server referred to as Hera. The personal colocated machine of Linux
> developer H Peter Anvin (HPA) and additional kernel.org
> <http://kernel.org> systems were
> also affected.
> "Upon some investigation there are a couple of kernel.org
> <http://kernel.org> boxes,
> specifically hera and odin1, with potential pre-cursors on demeter2,
> zeus1 and zeus2, that have been hit by this," Hawley wrote.
> The intrusion was discovered on 28 August and according to preliminary
> findings attackers gained access by using a set of compromised
> credentials. They then elevated their privileges to root by
> exploiting a
> zero-day vulnerability that the kernel.org <http://kernel.org>
> administrators have yet to
> [Full story:]
> Bob Hope's wife: "Where would like to be buried when you die?"
> Bob Hope : "Why don't you surprise me!"
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com <mailto:ubuntu-users at lists.ubuntu.com>
> Modify settings or unsubscribe at:
More information about the ubuntu-users