Announcement

**GreyGeek** · Sep 11, 2011, 08:03 AM

Re: Linux.com hacked

The email I received:

Important: Security Breach on Linux.com, LinuxFoundation.org
From: The Linux Foundation <info@linuxfoundation.org
To: greygeek77@gmail.com

Attention Linux.com and LinuxFoundation.org users,

We are writing you because you have an account on Linux.com, and/or LinuxFoundation.org, or one of the subdomains associated with these domains.

On September 8, 2011, we discovered a security breach that may have compromised your username, password, email address and other information you have given to us. We believe this breach was connected to the intrusion on kernel.org. As with any intrusion and as a matter of caution, you should consider the passwords and SSH keys that you have used on these sites compromised. If you have reused these passwords on other sites, please change them immediately. We are currently auditing all systems and will update public statements when we have more information. We have taken all Linux Foundation servers offline to do complete re-installs. Linux Foundation services will be put back up as they become available. We are working around the clock to expedite this process and are working with authorities in the United States and in Europe to assist with the investigation. The Linux Foundation takes the security of its infrastructure and that of its members extremely seriously and are pursuing all avenues to investigate this attack and prevent future ones. We apologize for this inconvenience and will communicate updates as we have them. Please contact us at info@linuxfoundation.org with questions about this matter.

The Linux Foundation

For Newbies:

If Linux were susceptible to an email attack, which it is not, one email could compromise untold numbers of Linux boxes. But, that is a threat Linux users do not have to worry about if they don't save an attachment, add an execute permission and then manually run it.

When a hacker breaks into a server that lots of Linux users visit the potential exists for that hacker to steal the names and passwords of all who have accounts on the compromised server. It still remains for the hacker to associate that name and password with other web sites around the globe. So, breaking into those other sites is still a time consuming manual operation. There is the risk that the hacker can make posts in your name at those other sites. Posts that would make it appear that you are a racist or loon or terrorist or what ever. So, even though you may not have any financial or personal information at risk on those sites it is still a good idea to change your password or cancel your account at those sites.

This also points out the need to keep the names and passwords on your financial accounts different from those you use at social and other less important sites.

Finally, for all those Linux bashers out there, this does NOT mean that Linux is a vulnerable as WindowsXXXX is. It only means that one site was compromised by a manual attack. To say it is a lack of vigilance or expertise of the sysadmin is also premature. While it could be that, the break-in could also be the result of a zero-day exploit. That is, an exploit which has never been seen in the wild before because of an un-detected security flaw in some piece of software or some system policy. But, now that it has appeared the weak-point will be discovered and fixed. Running Kubuntu, such security patches are part of the updates that flow automatically from the repository to your installation. So, when the patch arrives it will be installed on your Kubuntu if you have automatic updates enabled, which is the default setting. Until then, be sure you have changed your passwords on other accounts which are subdomains of Kernel.org and Linux.com.

**dibl** · Sep 11, 2011, 08:09 AM

Re: Linux.com hacked

The hacking of kernel.org is actually the one that could be more serious. Their site is still "down for maintenance" and I do not know whether we've heard a full accounting of what damage was done, although they did release a reasonable explanation as quoted on the other thread here. The Linux kernel source code development tree is there.

**GreyGeek** · Sep 11, 2011, 12:06 PM

Re: Linux.com hacked

An individual who was the Community Manager for the Linux Foundation in 2008-2009 for the LinuxFoundation website discusses the break-in in this article.

Linux.com is not connected with Linux kernel or software development in any way. It serves as a news, information, and community site for anyone interested in the Linux operating system. LinuxFoundation.org serves as a front door for the Linux Foundation, and hosts several subdomains, such as the Linux Developer Network and the Linux Foundation video site. Some working groups also are hosted on LinuxFoundation,org subdomains, thought it is not clear which, if any, of these subdomains were affected.
...
Given the content of the sites affected and their purpose, there is zero danger any Linux kernel development was affected in any way as a result of these breaches reported today. But it is clear that whoever orchestrated these attacked, whether they were script kiddies on a joyride or someone with more sinister motives, have created an embarrassing situation for the Linux Foundation at best.

**The Liquidator** · Sep 14, 2011, 02:12 AM

Re: Linux.com hacked

I have just checked and find I have an account at linux.org (which is down so I assume it's connected with this) albeit it hasn't been used for quite a while.

The login name for that site is shared with another website and the password with 2 other sites, neither of which hold any financial data about me, so I don't think I need to change bank passwords etc but I'd be interested to know what information the hackers could have about me.

Announcement

Linux.com hacked

Linux.com hacked

Comment

Comment

Comment

Comment