Feeds

Check your machines for malware, Linux developers told

Kernel.org reopens under hacking pall

Choosing a cloud hosting partner with confidence

Following a series of embarrassing intrusions that hit the servers used to maintain and distribute the Linux operating system, project elders have advised all developers to check their Linux machines for signs of compromise.

Emails sent Friday by Linux kernel lead developers Greg Kroah-Hartman and H Peter Anvin arrived as volunteers with the open-source project worked to bring LinuxFoundation.org, Linux.com, and Kernel.org back online following attacks that gained root access to the multiple servers that host the sites.

Among other things, project leaders are requiring all developers to regenerate the cryptographic keys used to upload source code to the site, and to ensure their systems are free of rootkits and other types of malware.

"The compromise of kernel.org and related machines has made it clear that some developers, at least, have had their systems penetrated," Kroah-Hartman wrote in one message. "As we seek to secure our infrastructure, it is imperative that nobody falls victim to the belief that it cannot happen to them. We all need to check our systems for intrusion."

He went on to advise developers follow seven steps to see if their systems have been targeted, including running chkrootkit, a rootkit detection application for Linux machines. A separate email sent by Anvin laid out the process for regenerating a new set of RSA keys after the old ones were compromised in the attacks.

This hygiene lesson comes as kernel.org and linuxfoundation.org came back online on Monday after an outage that lasted at least three weeks. The homepage of the related linux.com said the website remained down for maintenance and would be restored soon.

Kernel.org was shuttered following the discovery in late August that the personal machine used by Anvin and kernel.org servers known as Hera and Odin1 were infected by malware that gained root access. The trojan sat undetected for at least 17 days before it was discovered on August 28.

A week later, project leaders took linux.com and linuxfoundation.org offline after detecting those systems had also been compromised.

It's fair to say the mass infection and subsequent clean up of Linux developers' machines and servers don't stand as the project's finest hour. The platform is held up by its most ardent fans as a paragon of security that's largely immune to the types of compromises that routinely hit systems running Microsoft's Windows operating system. At time of writing, more than five weeks after the hacks first came to light, the SSL certificate used to authenticate https://www.kernel.org was configured incorrectly and git.kernel.org remained unavailable.

Project leaders have yet to say how they were penetrated, so it's hard for an outsider to know whether they've plugged the holes that allowed them to be compromised. If they hope to regain the trust of users, they'd do well to provide the kind of detailed postmortem that followed the rooting of Apache.org last year. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
prev story

Whitepapers

Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.