Two more key Linux websites hacked

C

caravel

"Git, its package management system"

Correction: It's a version control system, not a package management system.

Linux is increasingly facing attacks from hackers in response to what some will consider the rise in popularity of its operating system. In January, reports that the Fedora Project had been the victim of a hacker surfaced and these latest events are doing little to calm concerns made by its users.
Linux has always been a target for hackers, Linux based servers included, so this is nothing new. Let's not confuse the typical windows malware problems with the hacking of *nix boxes. What does seem new is the apparent negligence and complacency which caused the kernel.org breach.


Update at a linux.com:

*** UPDATE***

We want to thank you for your questions and your support. We hope this FAQ can help address some of your inquiries.

Q: When will Linux Foundation services, such as events, training and Linux.com be back online?

Our team is working around the clock to restore these important services. We are working with authorities and exercising both extreme caution and diligence. Services will begin coming back online in the coming days and will keep you informed every step of the way.

Q: Were passwords stored in plaintext?

The Linux Foundation does not store passwords in plaintext. However an attacker with access to stored password would have direct access to conduct a brute force attack. An in-depth analysis of direct-access brute forcing, as it relates to password strength, can be read at http://www.schneier.com/blog/archives/2007/01/choosing_secure.html. We encourage you to use extreme caution, as is the case in any security breach, and discontinue the use of that password if you re-use it across other sites.

Q: Does my Linux.com email address work?

Yes, Linux.com email addresses are working and safe to use.

Q: What do you know about the source of the attack?

We are aggressively investigating the source of the attack. Unfortunately, we can't elaborate on this for the time being.

Q: Is there anything I can do to help?

We want to thank everyone who has expressed their support while we address this breach. We ask you to be patient as we do everything possible to restore services as quickly as possible.
 
G

Guest

Ohh system hardening does not work on website, This means any one who downloaded, anything from that webiste or visted him, is INFECTES!!!
 

jobeard

TS Ambassador
Ohh system hardening does not work on website, This means any one who downloaded, anything from that webiste or visted him, is INFECTES!!!
Sorry - - just not true. Hardening a system is a concept applicable to every system on the planet and has nothing to do with what is installed or how it is used.

[edit] Of course it's over engineered to block inbound ftp if there is no ftpd (server) on that system, but harden it anyway and you can forget it.[/edit]