TechSpot

Hackers gain root access to Linux repository Kernel.org

By Matthew
Sep 1, 2011
Post New Reply
  1. Kernel.org, a site that distributes Linux source kernels, has suffered a breach of security according to a leaked email by Chief Administrator John Hawley. First noticed on August 28, it's…

    Read the whole story
     
  2. NTAPRO

    NTAPRO TS Evangelist Posts: 810   +102

    What would the main reason for doing something like this? A motive probably isn't needed anyway...
     
  3. But... But... But Linux is unhackable!!! amirite?
     
  4. Cota

    Cota TS Enthusiast Posts: 513   +8

    Sadly no because if you know how it works you can just hack it, and if you make your servers really hardcore closed whit verification's and really secure encryptions it will slow them down (rite SONY?).
     
  5. it's mostly hackable when dumb shits get floppy with their credentials.

    "reportedly gained access to the server with compromised user credentials,"
     
  6. Archean

    Archean TechSpot Paladin Posts: 5,682   +86

    @RH00D & Cota
    It is more like that many Linux lovers don't want to accept that 'nothing is secured, and that nothing also includes Linux'.
     
  7. Damn Chinese...
     
  8. Or... you could actually read the article and the original news article here - rather than venting your own silly prejudices?

    I saw this yesterday and knew it would have some of the typical windows fanboys masturbating with glee - I expected more of you though - pity.

    That is actually what occurred - the server wasn't "hacked"...

    Nothing is unhackable and no one has ever made such a claim. But there is a reason that most of the world's web servers are running some kind of *nix rather than windows...
     
  9. Archean

    Archean TechSpot Paladin Posts: 5,682   +86

    Well you contradicted yourself after replying to my comment haven't you? By the way I said exactly the same thing but differently. Slight pause will always help understand what is being said and what actually it means, usually something which many people lacks anyway.

    Very true, and something which I don't remember I negated in any way ever.
     
  10. As far as I can tell, the intruder(s) gained root access via compromised user credential (i.e. someone guessed or discovered a username and password) and then proceeded to inject their own exploit into the kernel source git tree...

    3.1-r2 has blocked the exploit injector for reasons unknown - so the exploit won't be in kernels newer than that...

    It does however all reflect quite badly on the kernel.org server admins who apparently took 17 days to detect this and have so far not been forthcoming enough with information... In short - some arses need to get kicked there.

    My point is it's hardly "OMFGWTF 1!NUX W4Z H4X0RD!!!!11111"...

    :rolleyes:
     
  11. MrAnderson

    MrAnderson TS Maniac Posts: 488   +10

    Did they do any harm or are they eager to get the latest kernel before it is even placed into the latest build CVS??

    Or is this a way to make the security to guard Linux the best by exposing the weaknesses??
     
  12. TorturedChaos

    TorturedChaos TechSpot Chancellor Posts: 831   +18

    It would be scary if they could inject a trojan into the Linux kernel, an no one catches it. With the number of servers that run off of some short on Linux, and a compromised kernel updated to them that could wreck untold havoc.
    Very scary to think about.....
     
  13. The kernel uses Git rather than CVS or SVN - Torvalds would never use CVS...

    They did "harm" yes - they rooted the server, and injected code... as the article at kernel.org states.

    It will certainly be a (hugely embarrassing) virtual kick up the **** for the server admins yes. Hopefully lessons will be learned here...
     
  14. I like the part where you think I'm a Windows fanboy. For all you know I could be running 3 Linux machines and no other OS.
     
  15. Well... I do apologise for making such an assumption... based on my taking that comment as a purely sarcastic one, from someone running windows... silly me... next time I see such a comment from someone running Windows 7 x64 - I will assume they are running OpenBSD or Solaris just to be on the safe side...

    :rolleyes:
     
  16. The funny thing is that I actually do run a Linux machine. I enjoy Linux just as much as I enjoy Windows. Because I can acknowledge and accept that they both have pros and cons. Obviously that's something you're still having difficulty with.
     
  17. Ah... so now you're making assumptions... how do you know I'm not running three windows 7 x64 boxes?

    :rolleyes:
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...