Feeds

Check your machines for malware, Linux developers told

Kernel.org reopens under hacking pall

Intelligent flash storage arrays

Following a series of embarrassing intrusions that hit the servers used to maintain and distribute the Linux operating system, project elders have advised all developers to check their Linux machines for signs of compromise.

Emails sent Friday by Linux kernel lead developers Greg Kroah-Hartman and H Peter Anvin arrived as volunteers with the open-source project worked to bring LinuxFoundation.org, Linux.com, and Kernel.org back online following attacks that gained root access to the multiple servers that host the sites.

Among other things, project leaders are requiring all developers to regenerate the cryptographic keys used to upload source code to the site, and to ensure their systems are free of rootkits and other types of malware.

"The compromise of kernel.org and related machines has made it clear that some developers, at least, have had their systems penetrated," Kroah-Hartman wrote in one message. "As we seek to secure our infrastructure, it is imperative that nobody falls victim to the belief that it cannot happen to them. We all need to check our systems for intrusion."

He went on to advise developers follow seven steps to see if their systems have been targeted, including running chkrootkit, a rootkit detection application for Linux machines. A separate email sent by Anvin laid out the process for regenerating a new set of RSA keys after the old ones were compromised in the attacks.

This hygiene lesson comes as kernel.org and linuxfoundation.org came back online on Monday after an outage that lasted at least three weeks. The homepage of the related linux.com said the website remained down for maintenance and would be restored soon.

Kernel.org was shuttered following the discovery in late August that the personal machine used by Anvin and kernel.org servers known as Hera and Odin1 were infected by malware that gained root access. The trojan sat undetected for at least 17 days before it was discovered on August 28.

A week later, project leaders took linux.com and linuxfoundation.org offline after detecting those systems had also been compromised.

It's fair to say the mass infection and subsequent clean up of Linux developers' machines and servers don't stand as the project's finest hour. The platform is held up by its most ardent fans as a paragon of security that's largely immune to the types of compromises that routinely hit systems running Microsoft's Windows operating system. At time of writing, more than five weeks after the hacks first came to light, the SSL certificate used to authenticate https://www.kernel.org was configured incorrectly and git.kernel.org remained unavailable.

Project leaders have yet to say how they were penetrated, so it's hard for an outsider to know whether they've plugged the holes that allowed them to be compromised. If they hope to regain the trust of users, they'd do well to provide the kind of detailed postmortem that followed the rooting of Apache.org last year. ®

Remote control for virtualized desktops

More from The Register

next story
DRUPAL-OPCALYPSE! Devs say best assume your CMS is owned
SQLi hole was hit hard, fast, and before most admins knew it needed patching
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
BlackEnergy crimeware coursing through US control systems
US CERT says three flavours of control kit are under attack
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
Simplify SSL certificate management across the enterprise
Simple steps to take control of SSL across the enterprise, and recommendations for a management platform for full visibility and single-point of control for these Certificates.