[OT] Hackers break into Linux kernel home

Amedee Van Gasse amedee-ubuntu at amedee.be
Fri Sep 2 14:59:03 UTC 2011


On Fri, September 2, 2011 10:40, Gilles Gravier wrote:
> They stole source code so that they could search inside it for
> vulnerabilities.
>
> Oh wait... No. Linux is open source. No point in STEALING the code, it's
> there available for freeeeeeeeeeeeeee! :)
>
> Serilously, nobody publicly knows yet. I suspect they need to do a full
> audit of the systems affected.
>
> Several scenarii are possible though:

The plural of the Italian word scenario is scenari, making “scenarii”
etymologically inconsistent.

> 1) They are dumb and stole source code (see jest above)

No comment :)

> 2) They are smarter and compromised the code (hopefully a comparison
> with a backup, followed by a restore will fix)

Git prevents that. Thousands of people have an exact copy of the Linux
kernel, and if even one bit was changed after a commit, then this would be
noticed in a jiffy.

> 3) They are even smarter, and didn't touch the code, but planted trojans
> in the machines so that they can come back at a later date and mess up
> with the code when nobody is thinking about this incident anymore

As I understand it, the people from kernel.org are busy rebuilding all
machines from scratch (not only the compromised ones) and patching the
hole that caused the security issue.

> On 02/09/2011 10:21, reeyarn wrote:
>> What does it mean? Is Ubuntu also affected?

No. Your current Ubuntu installation is not affected, and the problem was
discovered before a new version of Ubuntu was released.

> How to prevent being attacked?

That's an entirely different question. Not running any public facing
services that you don't really need, would be the best place to start.







More information about the ubuntu-users mailing list