Itanic strikes iceberg, iceberg sinks
|
|
|
Hackers break into Linux kernel home
MULTIPLE SERVERS that are part of the Linux kernel.org infrastructure were affected during a recent intrusion where attackers managed to gain root access and plant Trojan scripts.
According to an email sent out to the community by kernel.org chief administrator John Hawley, known as warthog9, the incident started with the compromise of a server referred to as Hera. The personal colocated machine of Linux developer H Peter Anvin (HPA) and additional kernel.org systems were also affected.
"Upon some investigation there are a couple of kernel.org boxes, specifically hera and odin1, with potential pre-cursors on demeter2, zeus1 and zeus2, that have been hit by this," Hawley wrote.
The intrusion was discovered on 28 August and according to preliminary findings attackers gained access by using a set of compromised credentials. They then elevated their privileges to root by exploiting a zero-day vulnerability that the kernel.org administrators have yet to identify.
Fortunately, logs and parts of the exploit code were retained and will help the investigation. A Trojan was added to the startup scripts of affected systems, but gave itself away through Xnest /dev/mem error messages.
According to the kernel.org admins, these error messages have been seen on other systems as well, but it's not clear if those machines are vulnerable or compromised. "If developers see this, and you don't have Xnest installed, please investigate," the administrators advised.
The good news is that the exploit failed on systems running the latest Linux kernel version, 3.1-rc2, which was released two weeks ago. This is possibly the fortunate consequence of one of the bugfixes it contains.
All of the affected boxes were taken offline following the incident and will be reinstalled. The official Linux kernel source code is also being analysed for unauthorised changes, however, these should be very easy to spot thanks to the security measures built into the git repository.
Furthermore, over four hundred kernel.org users will be forced to change their credentials and SSH keys as a precaution. The project's security policies will also be reviewed and improved.
This is not the first time that a major open source project has had to deal with such an intrusion.
Last December, Savannah, the collaborative development platform maintained by the Free Software Foundation was taken offline after hackers managed to break in through an SQL injection vulnerability. And in September 2009 the infrastructure team of the Apache Software Foundation took several mirrors offline after the main staging server was compromised using a stolen SSH key. µ
Tags: Security
Share this:
Share
Hardly surprising - ~Yet another Linux system hacked.
lol @ "by exploiting a zero-day vulnerability that the kernel.org administrators have yet to identify." - so its broken and insecure and they cant even fix it and dont know how they were hacked.
Its about time Linux put in a proper Microkernel security model like Microsoft Windows. I note that Widnwos Server 2008 R2 has less thasn a 10th of the security vulnerabilties of a simiilar age enterprise Linux distribution.
I use it for all my own version control. It’s probably the world’s most popular VCS by now.
They didn't break the security. They gained access to SSH first.
If SSH wasn't there it could never have been done.
This doesn't mean Linux is unsecure, it just means somebody had a poor name/password combination.
SSH is a weak spot of any system.
Unlike Windows where one needs to send a PDF and the system is under control to name a simple hack.
What these hackers did is not the same as the kids-play people do to compromise Windows.
Any system can be hacked, the difference is that Linux is real touch to crack, where windows is a bank with heavy locks but all doors wide open :-)
If somebody steals a security key or name/password then that's not a flaw of the OS but obviously human error I would say.
But go ahead, pretend, it's the internet after all, the place of kinky nonsense.
So now we finally know the truth. Linux is "secure" only as long as nobody bothers to attack it. Amateurs. I wouldn't store anything valuable or private on it.
Hackers have managed to break the security of Linux.
But it has been reported quickly and repairs effected. That's what matters unlike some OSes (no names, no packdrill) who leave ports open by default, make patches available at rare intervals, and create a vast market for unnecessary security software.
Linus shows us the way it should be done, A bouqet to them.
Hackers have managed to break the security of Linux.
But it has been reported quickly and repairs effected. That's what matters unlike some OSes (no names, no packdrill) who leave ports open by default, make patches available at rare intervals, and create a vast market for unnecessary security software.
Linus shows us the way it should be done, A bouqet to them.