Hackers Break Into Linux Source Code Site

conram · September 1, 2011, 4:59am

Hackers Break Into Linux Source Code Site | PCWorld Business Center

JoergJaeger · September 1, 2011, 5:21am

On 8/31/2011 8:06 PM, conram wrote:
>
> ‘Hackers Break Into Linux Source Code Site | PCWorld Business Center’
> (http://tinyurl.com/3n9wv2f)
>
>

So now the world is pretty doomed. Really.

They think that the hackers may have stolen a user’s login
credentials to break into the system, and the site is making each of its
448 users change their passwords and SSH (Secure Shell) keys.

This is called social engineering which good hackers are masters in. All
your security traps don’t help if the user is the compromising factor in
this equation.

–
Euer Komputerfriek Joerg
using LXDE on 11.4 x64 and happy with a cup of real hot coffee…
http://mzl.la/o4n9Yw

jdmcdaniel3 · September 2, 2011, 4:49am

So this is pretty low of people to break into the kernel.org site. One can only wonder just what their intent was. You can often not separate malicious intent with just the desire to just break into things for no good reason. It is doubtful any code could be placed into the kernel you would think. Hopefully the security will be better there now after this episode and the kernel will be looked at from head to toe for any signs of tampering. One can never say never but when there is will and enough desire (to do bad things), there can sometimes be a way to do so.

Thank You,

RichardET · September 2, 2011, 5:08am

Surely there are tape backups which are locked offsite?

Wrath5000 · September 2, 2011, 6:03am

Curious-er and curious-er…The imagination can run away with all sorts of conspiracy theories on this one if it’s allowed.

This is called social engineering which good hackers are masters in. All your security traps don’t help if the user is the compromising factor in
this equation.

Always a good point. Even the most vigilant can have a face-palm moment, though.

hendersj · September 2, 2011, 6:21am

On Fri, 02 Sep 2011 03:16:02 +0000, RichardET wrote:

> Surely there are tape backups which are locked offsite?

http://kernel.org

See what the announcement says they’ve discovered so far and what steps
they’ve taken.

Jim

Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

LewsTherinTelemon · September 2, 2011, 2:48pm

From the Site News at The Linux Kernel Archives which Jim pointed out:

However, it’s also useful to note that the potential damage of cracking kernel.org is far less than typical software repositories. That’s because kernel development takes place using the git distributed revision control system, designed by Linus Torvalds. For each of the nearly 40,000 files in the Linux kernel, a cryptographically secure SHA-1 hash is calculated to uniquely define the exact contents of that file. Git is designed so that the name of each version of the kernel depends upon the complete development history leading up to that version. Once it is published, it is not possible to change the old versions without it being noticed.

Those files and the corresponding hashes exist not just on the kernel.org machine and its mirrors, but on the hard drives of each several thousand kernel developers, distribution maintainers, and other users of kernel.org. Any tampering with any file in the kernel.org repository would immediately be noticed by each developer as they updated their personal repository, which most do daily.

Git is such a benefit, for the distributed nature as well as many other reasons. While I’m certain the kernel.org admins will be taking all appropriate measures to address the compromise of the servers, the above information is good to forward to clarify the difference between a kernl.org server being compromised and the actual kernel source code being changed, etc.