Security breach at Linux Foundation

ronjor · #1 September 11th, 2011, 02:16 PM

Quote:

The Linux Foundation has mailed users of the Linux.com and LinuxFoundation.org sites informing them that they discovered a security breach on 8 September which "may have compromised your username, password, email address and other information". The Foundation says that it believes the breach is connected to the security breach at kernel.org at the start of September.

http://www.h-online.com/security/new...n-1340733.html

J_L · #2 September 11th, 2011, 03:30 PM

Wow, does that affect the admins as well?

GrailVanGogh · #3 September 11th, 2011, 03:39 PM

Quote:

Originally Posted by J_L

Wow, does that affect the admins as well?

It would IMO be a smart move for everyone on that site to change their passwords.

fsr · #4 September 12th, 2011, 02:25 PM

Linux Foundation Confirms Malware Attack

dw426 · #5 September 12th, 2011, 02:28 PM

Quote:

Originally Posted by fsr

Linux Foundation Confirms Malware Attack

What the heck is up with that link? Using Firefox 8, I go to the site and am immediately redirected to the mobile version of it, which doesn't contain the article.

fsr · #6 September 12th, 2011, 02:39 PM

Works fine for me. Anyway please don't shoot the messenger.

dw426 · #7 September 12th, 2011, 02:42 PM

Quote:

Originally Posted by fsr

Works fine for me. Anyway please don't shoot the messenger.

Lol, not shooting at you. I've just not seen that happen on FF before

fsr · #8 September 12th, 2011, 03:45 PM

Linux Foundation has just issued an update,

Quote:

*** UPDATE***

We want to thank you for your questions and your support. We hope this FAQ can help address some of your inquiries.

Q: When will Linux Foundation services, such as events, training and Linux.com be back online?

Our team is working around the clock to restore these important services. We are working with authorities and exercising both extreme caution and diligence. Services will begin coming back online in the coming days and will keep you informed every step of the way.

Q: Were passwords stored in plaintext?

The Linux Foundation does not store passwords in plaintext. However an attacker with access to stored password would have direct access to conduct a brute force attack. An in-depth analysis of direct-access brute forcing, as it relates to password strength, can be read at http://www.schneier.com/blog/archive...ng_secure.html. We encourage you to use extreme caution, as is the case in any security breach, and discontinue the use of that password if you re-use it across other sites.

Q: Does my Linux.com email address work?

Yes, Linux.com email addresses are working and safe to use.

Q: What do you know about the source of the attack?

We are aggressively investigating the source of the attack. Unfortunately, we can't elaborate on this for the time being.

Q: Is there anything I can do to help?

We want to thank everyone who has expressed their support while we address this breach. We ask you to be patient as we do everything possible to restore services as quickly as possible.

http://www.linux.com/

PJC · #9 September 13th, 2011, 03:22 AM

Linux world in security spinout as Linux Foundation and Kernel.org remain "temporarily unavailable"

#10 September 15th, 2011, 11:50 PM

Just FWIW, Linux kernel development has moved to GitHub, so the source code still flows: https://github.com/torvalds/linux

tlu · #11 September 19th, 2011, 09:22 AM

And here is why one should not worry about the integrity of the kernel source after this incident.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search