Feeds

Check your machines for malware, Linux developers told

Kernel.org reopens under hacking pall

Build a business case: developing custom apps

Following a series of embarrassing intrusions that hit the servers used to maintain and distribute the Linux operating system, project elders have advised all developers to check their Linux machines for signs of compromise.

Emails sent Friday by Linux kernel lead developers Greg Kroah-Hartman and H Peter Anvin arrived as volunteers with the open-source project worked to bring LinuxFoundation.org, Linux.com, and Kernel.org back online following attacks that gained root access to the multiple servers that host the sites.

Among other things, project leaders are requiring all developers to regenerate the cryptographic keys used to upload source code to the site, and to ensure their systems are free of rootkits and other types of malware.

"The compromise of kernel.org and related machines has made it clear that some developers, at least, have had their systems penetrated," Kroah-Hartman wrote in one message. "As we seek to secure our infrastructure, it is imperative that nobody falls victim to the belief that it cannot happen to them. We all need to check our systems for intrusion."

He went on to advise developers follow seven steps to see if their systems have been targeted, including running chkrootkit, a rootkit detection application for Linux machines. A separate email sent by Anvin laid out the process for regenerating a new set of RSA keys after the old ones were compromised in the attacks.

This hygiene lesson comes as kernel.org and linuxfoundation.org came back online on Monday after an outage that lasted at least three weeks. The homepage of the related linux.com said the website remained down for maintenance and would be restored soon.

Kernel.org was shuttered following the discovery in late August that the personal machine used by Anvin and kernel.org servers known as Hera and Odin1 were infected by malware that gained root access. The trojan sat undetected for at least 17 days before it was discovered on August 28.

A week later, project leaders took linux.com and linuxfoundation.org offline after detecting those systems had also been compromised.

It's fair to say the mass infection and subsequent clean up of Linux developers' machines and servers don't stand as the project's finest hour. The platform is held up by its most ardent fans as a paragon of security that's largely immune to the types of compromises that routinely hit systems running Microsoft's Windows operating system. At time of writing, more than five weeks after the hacks first came to light, the SSL certificate used to authenticate https://www.kernel.org was configured incorrectly and git.kernel.org remained unavailable.

Project leaders have yet to say how they were penetrated, so it's hard for an outsider to know whether they've plugged the holes that allowed them to be compromised. If they hope to regain the trust of users, they'd do well to provide the kind of detailed postmortem that followed the rooting of Apache.org last year. ®

Next gen security for virtualised datacentres

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Linux kernel devs made to finger their dongles before contributing code
Two-factor auth enabled for Kernel.org repositories
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Scale data protection with your virtual environment
To scale at the rate of virtualization growth, data protection solutions need to adopt new capabilities and simplify current features.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?