Linux.com pwned in fresh round of cyber break-ins

Penguin brigade in a flap after latest compromise

Just a month after kernel.org - the nerve centre of Linux kernel development - fell victim to a malware attack, the Penguinista community is reeling from another bout of security breaches.

"Linux Foundation infrastructure including LinuxFoundation.org, Linux.com and their subdomains are down for maintenance due to a security breach that was discovered on September 8, 2011," the holding page on the sites says. "We believe this breach was connected to the intrusion on kernel.org."

Last month, a trojan was discovered on the PC of one of the kernel's developers and was later spotted lurking on kernel.org servers. The malware had gained root access, modified system software and logged passwords and transactions of the servers' users. The attack started on August 12th but wasn't discovered until the 28th, and the kernel.org site is still "down for maintenance".

The Linux Foundation is checking over its systems, and it remains cautious about how much information the hackers may have got their hands on, advising people that their passwords and SSH keys might be compromised.

"If you have reused these passwords on other sites, please change them immediately," the holding page urges.

The official Linux Foundation Twitter feed says that it is "working around the clock to investigate and resolve" the issue and that it will issue updates when it has them. ®

Sponsored: Designing and building an open ITOA architecture