Security

Linux source code site hacked

But Linux geeks say that the kernel source code is secure

By Robert McMillan | IDG News Service | Published 07:40, 01 September 11

Hackers have broken into the Kernel.org website that is home to the Linux project. They gained root access to a server known as Hera and ultimately compromised "a number of servers in the kernel.org infrastructure," according to a note on the kernel.org website.

Administrators of the website learned of the problem Sunday and soon discovered a number of bad things were happening on their servers. Files were modified, a malicious program was added to the server's startup scripts and some user data was logged.

Also in this channel

Hack brings down Linux websitesLinuxFoundation.org and Linux.com taken down >>
Fedora offers glimpse of future Linux'Sulphur' available to early adopters >>
Are top Linux developers losing the will to code?Core developers find themselves managing and checking as kernel gets more complex >>
IT managers urged to dip toes into community-based supportFor traditional businesses, navigating the world of open source software development is very different from working with a vendor. >>

Virtualisation, Big Data and BYOD

Check out our Business IT Hub for opinions and briefings. Read more

Kernel.org's owners have contacted law enforcement in the U.S. and Europe and are in the process of reinstalling the site's infrastructure and figuring out what happened.

They think that the hackers may have stolen a user's login credentials to break into the system, and the site is making each of its 448 users change their passwords and SSH (Secure Shell) keys.

The hack is worrying because Kernel.org is the place where Linux distributors download the source code for the widely used operating system's kernel. But Kernel.org's note says that, even with root access, it would be difficult for a hacker to slip malicious source code into the Linux kernel without it being noticed. That's because Linux's change-tracking system takes a cryptographic hash of each file at the time it is published.

So once a component of the Linux kernel has been written and published to Kernel.org, "it is not possible to change the old versions without it being noticed," the Kernel.org note said.

This kind of compromise has become disturbingly common. In January, servers used by the Fedora project -- the community version of Red Hat Enterprise Linux -- were hacked. And around the same time another open-source software development site called SourceForge was also broken into.

Slideshows: Security threat data advisory tools

Also in slideshows :

Access Computerworld on your mobile

Get the latest news & updates from Computerworld UK on the move. Find out more

Windows 8

Check out our latest articles on Microsoft's next-generation operating system.

Accelerate Your IT Efficiency

View the latest capacity management resources including whitepapers, videos and news.

Latest Slideshows

Click here to view all our slideshows.

Cross-browser click-fraud worm spreading via Facebook

Kaspersky warns malware writers are using Crossrider browser extension development framework to build LilyJade Facebook worm

13 IT security myths

Security experts hammer on security ideas they say are just myths

Inside the US government's cyber security headquarters

Take a tour of ICS-CERT facilities at Idaho National Labs

EU data protection regulation and cookie law - Are you ready?

Big changes are coming with the European Union's E-Privacy Directive

How to hack an iPad

Prevent access with a four-digit PIN code or beware - your device can be hacked!

Anonymous hacks a DOJ site and releases data on The Pirate Bay

The department said it was looking into the unauthorised access

Wikileaks: Freedom of information versus information privacy

Forget the rhetoric, there are fundamental questions at stake

How to keep your mobile devices safe and secure on the road

Prevent hacking and data theft when travelling

UK Facebook hacker jailed for 8 months

IBM Watson mastermind says future computers will be constant learners

Mobile network 3 calls on government to lower Europe data roaming charges

Blogs

Where is GRC headed?

Yet another top GRC software vendor has been acquired, following in the footsteps of Paisley, Archer, OpenPages, among others. BWise has always been an impressive vendor in the GRC space, so first off I think congratulations are in order for...read more »

A new venn of access control for the API economy

Cloud providers and many federated IAM practitioners are excited about OAuth, a new(ish) security technology on the scene. I’ve written about OAuth in Protecting Enterprise APIs With A Light Touch. The cheat-sheet list I keep of major OAuth product support announcements already...read more »

CISOs must act as glue between BC, DR and security

During the past three years, you may have noticed that security and risk professionals have added a new term to their lexicon - business resiliency. Is this just an attempt by vendors to rebrand business continuity (BC) and IT disaster...read more »

Business continuity standards don't matter

The current state of business continuity management (BCM) standards? Abysmal. According to a joint Forrester/DRJ study, 69% of respondents said that British Standard (BS) 25999 did not influence or only somewhat influenced BCM at their company. It’s not much better...read more »

more blogs ..

Cumbrians lose broadband after public subsidy cut

Infrastructure >>

Burberry points to benefits of tech in strong annual results

Applications >>

Cheap tablets sees Lenovo shipments grow in China

IT Business >>

EU data protection regulation and cookie law - Are you ready?

Security >>

De Vere hotels consolidate online brands through private cloud

Cloud Computing >>

Windows 8 touchscreen devices to be priced higher, Dell says

Operating Systems >>

Slideshows
White Papers
Videos
Newsletters

Login

Please login to ComputerworldUK.com

Forgot password?

Not a member yet?

Register for a Computerworld UK Account and enjoy unlimited access to our extensive white paper library and exclusive Enterprise multi-user software trials. Account members can also comment on articles and access best practices guides.
Register

HP Business Answers

Join the discussion today

The HP Business Answers group is a vibrant community of small and medium sized business owners and employees. HP provides independent and expert advice in fields such as design, branding, taxation, technology, marketing or manufacturing so join today to network with over 6500 like-minded professionals.

Linux source code site hacked

But Linux geeks say that the kernel source code is secure

Also in this channel

Related Articles

Most Popular in Security

Editor's Pick

Blogs

Login

Not a member yet?

HP Business Answers

Join the discussion today

Read the most recent discussions

Sponsored Links »

Popular Topics »