LinuxFoundation.org Breached

“Linux Foundation infrastructure including LinuxFoundation.org, Linux.com, and their subdomains are down for maintenance due to a security breach that was discovered on September 8, 2011. The Linux Foundation made this decision in the interest of extreme caution and security best practices. We believe this breach was connected to the intrusion on kernel.org.”

If it was connected this could supply more data to determine the vulnerabilities exploited and who was involved. I would bet they were on high alert after kernel.org was breached.

About Robert Pogson

I am a retired teacher in Canada. I taught in the subject areas where I have worked for almost forty years: maths, physics, chemistry and computers. I love hunting, fishing, picking berries and mushrooms, too.
This entry was posted in technology. Bookmark the permalink.

15 Responses to LinuxFoundation.org Breached

  1. oiaohm says:

    Ivan simple fact is I have done code submits to the Linux kernel. Failed to be included idea reworked.

    So I am not pulling stuff out but on that. You said kernel developers. User land developers the 25 percent might be true and I don’t know.

    Ivan kernel is very particular about secuirty. There is a nice git script to dump the percentages of who did what. There is nice way to get there ids to who knows the personally as well. Every kernel release infact is a short report of who did what published on lwm

  2. D-G wrote, “The official statement from kernel.org read that a compromised user credential was the point of entry for the hacker. This user wasn’t root.”

    kernel.org: “Intruders gained root access on the server Hera,” kernel.org maintainers wrote in a statement posted to the site’s homepage shortly after Hawley’s email was leaked. “We believe they may have gained this access via a compromised user credential; how they managed to exploit that to root access is currently unknown and is being investigated.”

    I gain root access to my own servers using an openSSH public key. The information made public so far does not exclude that possibility. We know Debian GNU/Linux had some weak SSH keys as well.

  3. D-G says:

    “Your assumption is that there was a flaw in the code. There may be flaws in Linux but you don’t know if they were exploited. It is much more likely that a weak password or a key for root was left laying around somehow.”

    Pog, you really want to believe, don’t you? The official statement from kernel.org read that a compromised user credential was the point of entry for the hacker. This user wasn’t root. The hackers had to work their way up from there to gain root access. And the wise men don’t know yet how they did that. Well, how would they have done it? Perhaps through SECURITY FLAWS they exploited? And the very same is most likely true for Linux.com.

    Linux has been HACKED. For once, Pog, take it like a Canadian man. You’re just ridiculing yourself by making lame excuses.

  4. Ivan says:

    So these aren’t the droids I was looking for, ok Mr. Ham. You can move along now.

    For the record, you have no idea how many lines of code I’ve submitted and to which projects I’ve submitted them to. You’re just assuming things and pulling figures out of your nonsensical butt to support your poor argument that the code is perfect.

    Here’s a tip, if the code were perfect, I wouldn’t have to submit patches.

  5. oiaohm says:

    Ivan talk about FUD.

    “25% of all kernel developers are Anonymous”

    You have never tried to submit code to the Linux kernel. Less than 20 percent are 100 percent ID. 100 percent ID is who they are, where they are and where they work.

    Out of the under 20 percent left zero are in fact Anonymous. The under 20 percent are who they are and where they are.

    Here is the thing if you are highly active and no one from the Linux kernel team can ID in person you will get a free invite with free accommodation and free travel to one of the kernel plumbers confs. Failure to attend your code most likely will be removed.

    This is how come Linus at one time found out one highly active coders who was doing a good job was only 16 years old this also explained why he had not declared a company. Linux foundation they had to pay for is mother as well so he could attended but they did not tell Linus. Yes Linus does get pranked from time to time. So of course Linus did not believe it at first.

    D-G saying Linux is equal to everything else is wrong in secuirty. In fact claiming equal shows a step up. For a long time MS people use to try to claim it was weaker because the source code was exposed.

    Linux has advantages over the closed source OS. Number 1 you don’t have 100 of different drivers for the same device. So you have less surface area for possible attacks.

    Also there has been particular features of Linux/Unix before it that the Linux Kernel developers have been very worried about.

    These relate to /dev/kmem and /dev/mem Please note X11 server is the user of /dev/mem to raw talk to video cards with DRI1 drivers. Does this not explain the open source world desperation to get to DRI 2 drivers that don’t have this weakness. Also why for the past 8 years the Linux world have been on the closed source drivers back to release better drivers.

    Kernel.org at least attacks were directed against /dev/mem that Kernel.org servers don’t have that is what raised the alarm. Of course you have to presume root of the server was lost because attacker might have used a different path that worked. Attempted one privilege exploit presume tried others.

    The /dev/mem issue effects all Unix, BSD and Linux OS’s. Result of a historic mistake. X11 was done at first as fully user-space OS neutral. This is a complete error predates Linux. Linux kernel having it is a case of being software compatible.

    Interesting enough a percent secuirty faults in windows relate to the same thing. Items like X11 DRI1 and lots of visual basic applications can be a complete prick to making a Secure OS due to them requiring security faults to work. So Linux faults are mostly not poor coding but poor applications forcing bad things to be done at kernel level. With a part lack of will higher up to respond.

    Results from these attacks has been earlier than expected termination of the DRI1 driver section in x.org. I feel sorry for people with old hardware but its time to move on and close this secuirty hole.

    The /dev/mem weaknesses you must have got past the front door to exploit them.

    Yes peace from attack is a bad thing. Many eyes plus attacks Linux will harden many times faster. Since in fact most of the flaws the attackers are going to hit are going to be like /dev/mem work under way to fix but to avoid disruption has not been fixed. Pressure applied disruption in the weak areas will happen.

  6. D-G wrote, “Linux is just as secure or insecure as any other operating system”.

    Nope. Read Cyberinsecurity: The Cost of Monopoly. Feature-bloat in that other OS makes it much less secure by design. M$ cared nothing about security when it built that other OS.

  7. Your assumption is that there was a flaw in the code. There may be flaws in Linux but you don’t know if they were exploited. It is much more likely that a weak password or a key for root was left laying around somehow.

  8. D-G says:

    By the way, Pog: why were there SECURITY FLAWS in the first place? Isn’t one of the BIG advantages of Linux that EVERYONE can see the code? If that’s so, if the many, many eyes of the many, many CODERS are tirelessly scouring every piece of code, day and night, why were there SECURITY FLAWS? Isn’t it odd that Linux is advertised as being so much more secure because everyone can look at the code and security flaws are therefore fixed so much sooner? Because everyone can help? Isn’t it odd that this equation is totally off? Because, you know, to fix bugs you need to be a programmer. And programmers are by and large a scarcity in the world of open source. And therefore the claim of “security through many eyes” is utter crap.

  9. D-G says:

    Pog, you can spin it any way you want, it has been hacked. If the point of intrusion was a compromised user account … so what? The hackers gained access and worked their way up by means of SECURITY FLAWS. Linux is just as secure or insecure as any other operating system. Accept this simple truth, Pog, or it’ll come back to haunt you. You would’ve been all over such an incident, had it happened to “that other OS”. But hey! It’s Linux. Linux can’t be hacked. We all know it. Get real. Get a clue.

  10. Ivan says:

    FUD? Pfft, 25% of all kernel developers are Anonymous and you want to talk about FUD against a project that doesn’t audit itself?

    Ya’ll need to get over your persecution complex and hold the ‘developers’ responsible for their screw ups.

  11. It does seem the point is to embarrass FLOSS with FUD about security. I am hoping The Linux Foundation had logged sufficient information to trace things back. The kernel.org and the Linux Foundation sites seem to be geographically separate so this is unlikely to be that kind of inside job. It must be an attack over the network and the SSH keys are suspect. I hope the Foundation set itself up to be a honeypot for this intrusion. It is strange that they are taking down all services if that were the case but perhaps the FBI has secured data for prosecutions.

  12. We don’t know that “Linux was hacked”. Providing an intruder with a key is quite different than “hacking in”. If there was escalation of privilege outside the keys, that’s another matter but no one but the intruders and The Linux Foundation have the details so far.

  13. D-G says:

    The truth is … The Linux Foundation has decided to switch to Windows Server 2008 R2. They had to come up with this lame “Hey! We were hacked!” to justify it. Because we all know that nobody hacks Linux. Except Chuck Norris.

  14. oiaohm says:

    These attacks are getting interesting.

    Reason why. Neither kernel.org or Linuxfoundation site store money. So why attack them.

    There has been a list of attacks against open source sites. It does fly against normal logic for this to be going on.

Leave a Reply