linuxsecurity

Linux Community Websites Hacked

Sites including Linux.com and LinuxFoundation.org have been taken offline, following a fresh attack

On by Matthew Broersma 7

Several of the Linux community’s key websites have been unavailable since late last week following a security breach discovered on Thursday, according to the Linux Foundation.

The Foundation, a non-profit group created to help fuel the growth of Linux, has taken down LinuxFoundation.org, Linux.com and their subdomains for maintenance following the breach, which it believes to be connected to an attack on kernel.org in August.

‘Extreme caution’

“The Linux Foundation made this decision in the interest of extreme caution and security best practices,” the Foundation said in a statement on linux.com.

The Foundation said it was in the process of restoring services as quickly as possible, and advised users to regard passwords and SSH keys used on its sites as having been compromised.

“If you have reused these passwords on other sites, please change them immediately,” the Foundation stated.

The Linux Foundation infrastructure powers various services but doesn’t include the Linux kernel or its code repositories.

The Linux kernel site, linux.org, was hacked around the time the popular operating system celebrated its 20th anniversary on 25 August. In a post on the site at the time, the organisation admitted that “a number of servers in the kernel.org infrastructure were compromised”.

Re-install

The kernel team took the affected systems offline, backed them up and started to re-install them. It was also planning to re-install all of the kernel.org servers just to be sure that there was nothing unknown lurking on any other parts of the infrastructure.

There is a check being made of all the code within Git, a revision control system devised by Linus Torvalds who created Linux. The team is also testing the tarballs, composites of archived files, to affirm that nothing has been modified. European and US authorities were notified of the breach.

The recent attacks may actually mean positive publicity for Linux, according to Sophos security researcher Paul Ducklin.

“The ‘Linux is a nothing more than a hobby product’ naysayers will be compelled to admit that the operating system really is part of the Big Time. Why else would kernel.org be in the sights of cybercrooks?” he wrote on a Sophos blog. “And Linux itself will emerge almost entirely unscathed because if any dodgy changes are found in the codebase, there will be a public record of them getting rolled back and order restored.”

Matthew Broersma

Author: Matthew Broersma

TechWeek Freelance
Matthew Broersma
Techweekeurope for mobile devices
Android-App Google Currents App for iOS

Last comment




7 replies to Linux Community Websites Hacked

  • On September 12, 2011 at 2:32 pm by Mike

    The Linux community have spent years berating the rest of the world for using unsecure systems, with a particular boast that the Linux apache web software is far more secure than anything else.

    Still got hacked though, just like the rest of the real world !!

    • On September 12, 2011 at 3:24 pm by Charles Kozler

      @ Mike – the security concerns for Linux is significantly less prevalent than that of Microsoft and Windows desktop and server platforms hacking’s. Where there is a will there is a way and no system is perfect- also, details are still emerging as to how these websites became compromised and it could have been the result of an application and not the actual kernel itself (whereas Windows is generally insecure from ring0 up). Linux and its kernel, as a whole, is exponentially more secure than Windows and its entire platform combined.

  • On September 12, 2011 at 4:08 pm by LiveEnsure

    Agree with Mike, you would have expected Linux to follow their own preachings, they can download the free version of our Authentication security http://www.liveensure.com just one of the layers they seem to have overlooked.

    LiveEnsure.

  • On September 12, 2011 at 7:45 pm by HateSpammers

    I agree with you LiveEnsure,

    I think your software is ridden with bugs and should be taken as an example.

    Sincerely,
    Hate Spammers

  • On September 13, 2011 at 9:14 am by Hun

    OMG, the linux.org html code is a beauty! :)
    “”
    They really use a windows only HTML editor?

    • On September 13, 2011 at 5:06 pm by Dan Smith

      Hun, didn’t you realise that the correct way of adding a margin above some text is to errrr insert four empty paragraphs….

      lol

  • On October 7, 2011 at 6:40 am by llort a ma i

    Haha! This proves that Linux systems have no better security than any other operating system!

Leave a Reply

  • Required fields are marked *,
    Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>