Linux.com pwned in fresh round of cyber break-ins
Penguin brigade in a flap after latest compromise
Just a month after kernel.org - the nerve centre of Linux kernel development - fell victim to a malware attack, the Penguinista community is reeling from another bout of security breaches.
"Linux Foundation infrastructure including LinuxFoundation.org, Linux.com and their subdomains are down for maintenance due to a security breach that was discovered on September 8, 2011," the holding page on the sites says. "We believe this breach was connected to the intrusion on kernel.org."
Last month, a trojan was discovered on the PC of one of the kernel's developers and was later spotted lurking on kernel.org servers. The malware had gained root access, modified system software and logged passwords and transactions of the servers' users. The attack started on August 12th but wasn't discovered until the 28th, and the kernel.org site is still "down for maintenance".
The Linux Foundation is checking over its systems, and it remains cautious about how much information the hackers may have got their hands on, advising people that their passwords and SSH keys might be compromised.
"If you have reused these passwords on other sites, please change them immediately," the holding page urges.
The official Linux Foundation Twitter feed says that it is "working around the clock to investigate and resolve" the issue and that it will issue updates when it has them. ®
I think AC101's point was that whenever there is a security problem with a Windows based system, a certain subset of the FOSS brigade whoop and holler about MS being rubbish at security, despite the problem usually being with the configuration of the compromised system. They also tend to suggest that while MS is the worst thing ever, Linux is the best thing ever.
Clearly this problem is with configuration/implementation of the security on the Linux systems involved, probably with a little user complacency thrown in for good measure and not a fundamental problem with the quality of Linux. I hope that everyone remembers that when commenting...
That's what happens when you use Micro$oft