Filtered By: Scitech
SciTech

Hackers attack Linux Foundation site anew


Hackers broke anew into the online home of the Linux operating system last week, prompting administrators of the Linux Foundation to temporarily take their websites offline. The Linux Foundation said its infrastructure, including Linux.com and LinuxFoundation.org, were taken "down for maintenance" following the security breach discovered Sept. 8. "Linux Foundation infrastructure including LinuxFoundation.org, Linux.com, and their subdomains are down for maintenance due to a security breach that was discovered on September 8, 2011. The Linux Foundation made this decision in the interest of extreme caution and security best practices. We believe this breach was connected to the intrusion on kernel.org," it said in a message on its website. Last August 28, a security breach was discovered at the Linux Kernel Archives (www.kernel.org), although administrators said the breach may have occurred weeks before. The site administrators said intruders gained root access on the server Hera, possible via a compromised user credential. Files belonging to ssh (openssh, openssh-server and openssh-clients) were modified and running live while a trojan startup file was added to the system start up scripts. The administrators also said they are working with the 448 users of kernel.org to change their credentials and change their SSH keys. A separate article on PC World said the hack is worrying because Kernel.org is where Linux distributors download the source code for Linux’s kernel. Restoring services On the latest security breach, the Linux Foundation said it is now trying to restore services “in a secure manner as quickly as possible." It advised its users to “consider the passwords and SSH keys that (they) have used on these sites compromised" and change them soonest. “We apologize for the inconvenience. We are taking this matter seriously and appreciate your patience. The Linux Foundation infrastructure houses a variety of services and programs including Linux.com, Open Printing, Linux Mark, Linux Foundation events and others, but does not include the Linux kernel or its code repositories," it said. A separate report on The Hacker news said the latest security breach may have affected multiple servers that are part of the Linux Foundation and Linux.com infrastructure. It noted the kernel.org site is still offline after that compromise which was discovered on August 28. — RSJ, GMA News

LOADING CONTENT